Help

Disabling/Erasing Find My Mac

user-toqGCATSsE
New Contributor

2 weeks ago

Hi

We are facing an issue where ex-employees have signed in with personal accounts on icloud on corporate devices. Its been a pain while re-purposing the device where find my mac cannot be removed . I know we can restrict signing in to personal accounds via configuration policy but management dont want to take that route at this point of time . 

1. is there a way other than contacting apple support to remove find my mac from the computer while wiping it ?

2. if we enable activation lock , will that help to erase or disable find my mac for users 

 

Any help would be appreciated, Thanks,

0 Kudos
5 REPLIES 5

AJPinto
Honored Contributor II

2 weeks ago

Set "Prevent user from enabling Activation Lock" in your prestage. The MDM also records an Activation Lock bypass that can be checked out and given to users.

Using Activation Lock Bypass - Jamf Now Documentation | Jamf

Leveraging Apple’s Activation Lock Feature with Jamf Pro - Technical Articles | Jamf

howie_isaacks
Valued Contributor II

2 weeks ago

If your Macs enroll through PreStage you can prevent activation lock from being enabled. Jamf Pro will store an activation lock by-pass key for each Mac. Otherwise you will need to contact Apple to get help. Management needs to wake up and let you put the restriction in place if you don't want anyone logging in with a personal account. iCloud Drive is awesome but if it's not using a managed Apple ID, it can be a huge security risk. Even Apple IDs that were created with your company's domain name are still considered by Apple to be consumer Apple IDs. If you use Apple Business Manager, and you federate your domain with ABM, it will stop users from creating Apple IDs with your company's domain name.

0 Kudos

jconte
Contributor II

2 weeks ago

You can also try deploying a configuration profile using this information

<key>DisableFMMiCloudSetting</key>

<true/>

In the Preference Domain : com.apple.icloud.managed

I would recommend deploying it to users without the setting already enabled as it will lock the current setting.

 

K_K_
New Contributor II

2 weeks ago

If a Mac is supervised and managed via Jamf Pro, an Activation Lock bypass code is automatically generated and stored as part of the computer’s inventory. It’s available in the computer’s inventory listing, under the Management section.  

To use the Activation Lock bypass code, please use the following procedure

  1. Get the bypass code from Jamf Pro.
  2. Boot to macOS Recovery or Internet Recovery 
  3. Make sure your Mac is able to communicate with the Internet.
  4. At the Activation Lock screen, go to the Recovery Assistant menu and select Activate with MDM key…
  5. Enter the bypass code and click the Next button.
  6. Once the bypass code has been accepted, the Mac should clear the activation lock and activate.
0 Kudos

A_Collins
Contributor

2 weeks ago

If you are asking what is the best approach for users that already activated find my mac, i am using this script to ask users to disable find my mac -> https://github.com/bvanpeski/unActivationLock

0 Kudos