ARM based Mac Monterey Activation lock recovery utility

dugnl
Contributor

How are folks handling activation lock on ARM based macs with Monterey?

I turn on Activation lock and find my mac.  It asks me "Enter your Mac password".  So, I enter my account password.  It works and I'm n ow activation locked with find my mac.

I then boot the ARM computer into Options.

I go into Disk Utility and I erase the Volume.

Before the computer is activated, it finds my icloud information and tells me my icloud email address with the astericks (which I've removed from the attached screenshot).   It then wants me to enter my email Apple ID and password. 

But in this case, I'm testing that hey, I don't know this information.  Say the Mac has been handed back to the department and the person who turned this activation lock isn't available.

So, I click Use Device Password.

From there, I'm told to Enter the Password that was previously used to unlock this Mac.

The only password it will take will be the initial password I entered earlier when setting it up back when it initially wanted my account password.   It won't take any other administrative accounts on the computer.  And yes they have secure tokens and all that.  It's a one to one correlation to Enter the password that was previously used to unlock this mac is exactly the account used when setting up the icloud.

What if we don't know that?

JAMF caches an Activation lock code, but for Macs, I find this absolutely useless.  Where am I supposed to enter that?  If I enter it, I get told the activation server can't be found.  I opened a ticket with Apple Enterprise support and was clearly told it wasn't the JAMF Activation Lock code.  

On an iPad, I can just enter the activation lock code right in the password section.  My experience, this works fine on iPads.   On a mac, it want's that email address first and won't show a password field until you actually enter something in that block.   

It's been my experience the JAMF Activation Lock code cannot be used in any manual way to unlock ARM based Monterey macs.

I am aware that JAMF can send a MDM command and remove this.  This works if the volume hasn't already been deleted.

I am also aware that some erase and install commands can be manually entered in terminal but I'm going off the word of Apple that these erase and install commands actually remove the activation lock.

It's quite possible the only way to remove the activation lock is to either send a wipe command via JAMF  which supposedly removes activation lock and then erases the machine or send the activation lock command removal via JAMF

 

It seems like Apple is getting away from being able to remove the volumes on ARM based macs.  We do have an enterprise agreement and if we ever were to get a mac we couldn't unlock, with DEP, we can open a ticket directly with Apple.

So, what's the best practice method to erase these ARM macs that may or may not be activation locked?  

We have technicians in a lot of places so many different people handle these macs when they are returned.  What am I supposed to tell them?

I'm actually seriously considering just disabling activation lock in the prestage.  I did think it was okay for a professor to use activation lock just in case the device is left somewhere.  I figured it wouldn't hurt the professor to log into their icloud and just find it.   But it hurts IT when the device comes back activation locked and a tech does what they normally do with macs which is a recovery utility volume deletion and reinstall of the OS and only then discover the device was activation locked.

 

Dougactivation lock, enter the icloud apple id and password from the user who enabled activation lockactivation lock, enter the icloud apple id and password from the user who enabled activation lockpassword prompt when originally setting up icloud within system preferencespassword prompt when originally setting up icloud within system preferencespassword prompt for the device which is the same password in the previous screenshot of Enter your Mac password.  No others work, no matter how many admin accounts or secure tokens. password whichpassword prompt for the device which is the same password in the previous screenshot of Enter your Mac password. No others work, no matter how many admin accounts or secure tokens. password which

 

 

 

 

 

 

 

 

 

 

3 REPLIES 3

jonna1006
Contributor

I had similar issue like this, and fortunately the employee is able to provide me with the Apple ID credentials.

I have heard there is a way to remove the activation code via Jamf, but I checked all documentation and could not find it anywhere.

It's via mass action or through management commands.

But if in Jamf Activation code was not retrieved by Jamf, we still have no way to unlock the MacBook, any suggestion for that?