Jamf Nation Community

user-toqGCATSsE · ‎06-12-2024

Hi

We are facing an issue where ex-employees have signed in with personal accounts on icloud on corporate devices. Its been a pain while re-purposing the device where find my mac cannot be removed . I know we can restrict signing in to personal accounds via configuration policy but management dont want to take that route at this point of time .

1. is there a way other than contacting apple support to remove find my mac from the computer while wiping it ?

2. if we enable activation lock , will that help to erase or disable find my mac for users

Any help would be appreciated, Thanks,

A_Collins · ‎06-13-2024

If you are asking what is the best approach for users that already activated find my mac, i am using this script to ask users to disable find my mac -> https://github.com/bvanpeski/unActivationLock

View solution in original post

AJPinto · ‎06-12-2024

Set "Prevent user from enabling Activation Lock" in your prestage. The MDM also records an Activation Lock bypass that can be checked out and given to users.

Using Activation Lock Bypass - Jamf Now Documentation | Jamf

Leveraging Apple’s Activation Lock Feature with Jamf Pro - Technical Articles | Jamf

kbreed-27 · ‎10-08-2024

This may end up being a case for Apple Support, but we have a MacBook Pro that still has the flag for Find My enabled, but we disabled the activation lock through the option on Apple School Manager. Have you seen this before? Like the mac is functioning, but things like Erase all Contents and settings are locked out until the previous user relinquishes control or puts in their password.

howie_isaacks · ‎06-12-2024

If your Macs enroll through PreStage you can prevent activation lock from being enabled. Jamf Pro will store an activation lock by-pass key for each Mac. Otherwise you will need to contact Apple to get help. Management needs to wake up and let you put the restriction in place if you don't want anyone logging in with a personal account. iCloud Drive is awesome but if it's not using a managed Apple ID, it can be a huge security risk. Even Apple IDs that were created with your company's domain name are still considered by Apple to be consumer Apple IDs. If you use Apple Business Manager, and you federate your domain with ABM, it will stop users from creating Apple IDs with your company's domain name.

jconte · ‎06-12-2024

You can also try deploying a configuration profile using this information

<key>DisableFMMiCloudSetting</key>

<true/>

In the Preference Domain : com.apple.icloud.managed

I would recommend deploying it to users without the setting already enabled as it will lock the current setting.

K_K_ · ‎06-12-2024

If a Mac is supervised and managed via Jamf Pro, an Activation Lock bypass code is automatically generated and stored as part of the computer’s inventory. It’s available in the computer’s inventory listing, under the Management section.

To use the Activation Lock bypass code, please use the following procedure

Get the bypass code from Jamf Pro.
Boot to macOS Recovery or Internet Recovery
Make sure your Mac is able to communicate with the Internet.
At the Activation Lock screen, go to the Recovery Assistant menu and select Activate with MDM key…
Enter the bypass code and click the Next button.
Once the bypass code has been accepted, the Mac should clear the activation lock and activate.

A_Collins · ‎06-13-2024

If you are asking what is the best approach for users that already activated find my mac, i am using this script to ask users to disable find my mac -> https://github.com/bvanpeski/unActivationLock

Jamf Nation Community

Disabling/Erasing Find My Mac