So--we have 'Prevent user from enabling Activation Lock' checked in our enrollment and it seems to be working since we've stopped having issues with our users "claiming" their Macs and having to contact Apple to get them removed.
But it seems like they can still turn on Find My. We just got some back and reinstalled OS and right after going through the Remote Management screens we get the Find My pop saying that XXX Apple id can track it in Find My, etc. But we can just click Continue and finish setup. It is very possible I'm blind and my Google-fu is failing but I can't find any way to 1.) Prevent this from happening in the first place and 2.) Removing the computer from Find My short of contacting Apple or asking the previous user to remove it from the web.
Anyone else experienced this and/or have a fix?
There is an option in Pre-Stage enrollments under General to "Prevent user from enabling Activation Lock"
That being said I have a stack of computers that I keep putting off calling apple about to see what that process looks like.
My issue is that we can't wipe them to set them up for another user, recovery mode disk utility prevents the erase.
@strayer it's not a hard process at all 🙂 you might need to go through a couple of phone trees, but they'll give you a spreadsheet to add the serial numbers to, you send it back, and as long as they can see that the devices belong to your organization, they'll remove activation lock. If they don't mention it, I think you have to make sure the devices are powered off when they send the command.
Had this issue as well. The solution is to put the Mac in DFU mode and restore the firmware:
You can skip Step #3 "Revive the firmware"