2 weeks ago
Hi
We are facing an issue where ex-employees have signed in with personal accounts on icloud on corporate devices. Its been a pain while re-purposing the device where find my mac cannot be removed . I know we can restrict signing in to personal accounds via configuration policy but management dont want to take that route at this point of time .
1. is there a way other than contacting apple support to remove find my mac from the computer while wiping it ?
2. if we enable activation lock , will that help to erase or disable find my mac for users
Any help would be appreciated, Thanks,
2 weeks ago
Set "Prevent user from enabling Activation Lock" in your prestage. The MDM also records an Activation Lock bypass that can be checked out and given to users.
Using Activation Lock Bypass - Jamf Now Documentation | Jamf
Leveraging Apple’s Activation Lock Feature with Jamf Pro - Technical Articles | Jamf
2 weeks ago
If your Macs enroll through PreStage you can prevent activation lock from being enabled. Jamf Pro will store an activation lock by-pass key for each Mac. Otherwise you will need to contact Apple to get help. Management needs to wake up and let you put the restriction in place if you don't want anyone logging in with a personal account. iCloud Drive is awesome but if it's not using a managed Apple ID, it can be a huge security risk. Even Apple IDs that were created with your company's domain name are still considered by Apple to be consumer Apple IDs. If you use Apple Business Manager, and you federate your domain with ABM, it will stop users from creating Apple IDs with your company's domain name.
2 weeks ago
You can also try deploying a configuration profile using this information
<key>DisableFMMiCloudSetting</key>
<true/>
In the Preference Domain : com.apple.icloud.managed
I would recommend deploying it to users without the setting already enabled as it will lock the current setting.
2 weeks ago
If a Mac is supervised and managed via Jamf Pro, an Activation Lock bypass code is automatically generated and stored as part of the computer’s inventory. It’s available in the computer’s inventory listing, under the Management section.
To use the Activation Lock bypass code, please use the following procedure
2 weeks ago
If you are asking what is the best approach for users that already activated find my mac, i am using this script to ask users to disable find my mac -> https://github.com/bvanpeski/unActivationLock