Help

Jamf personal Apple Id blocking admin account.

YekinKebo
New Contributor

Posted on ‎09-06-2021 12:53 PM

We have chance set up to add an admin account to all of our machines. When we have someone that's No longer with the company if they've logged in with their personal Apple ID we've been locked out of the computer. Has anybody found a solution to this?

routerlogin
0 Kudos
3 REPLIES 3

Pickyvegan
New Contributor II

Posted on ‎09-06-2021 11:39 PM

Simple solution - I'm not aware of. If you have proof of purchase - you can contact AppleCare support, send the PoP and they'll release your machine from users' AppleID.

Yogi
0 Kudos

AJPinto
Honored Contributor II

Posted on ‎09-07-2021 01:47 PM

Picky is right. You need the proof of purchase and "take" the device to Apple. Our support staff actually had to do this last week. It can be done in an Apple Store by the manager on duty. We have not had any luck getting Apple to do it over the phone though. This is the only option if your JAMF instance does not have the bypass code escrowed. 

 

If you are still on good terms with the former associate you can ask them to log in to their iCloud account and remove the device. They may also need to send the erase device command to be allowed to remove it.

0 Kudos

Tribruin
Valued Contributor II

Posted on ‎09-07-2021 02:07 PM

I assume you are talking about Computers and not iOS Devices and that, when you say you are "locked out of the computer", you mean you can't re-install the O/S because it is asking for the user's AppleID and password.  (

If you are already locked out, you need to contact Apple Support and provide a proof of purchase. Once the POP is verified, they can give you an unlock code that can be entered instead of the password to remove the Activation Lock. Also, if you computers are enrolled in Apple Business Manager/Apple School Manager, Apple accepts that as POP as well. 

I would make a couple of suggestions to prevent this from happening in the future. 

Use a restriction profile and disallow a user from turning on "Find My Mac" (Restriction -> Functionality -> Turn off "Allow iCloud Find My Mac" (FYI, this will not change any existing user that has already enabled it, but it will prevent users from turning this on in the future.)

If you use ADE for deployment, enable "Prevent user from enabling Activation Lock" in your Prestage Enrollment. 

 

0 Kudos