Ok I have been looking for a bit now and I cannot for the life of me find out how to properly use the activation lock bypass. I do not see proper instruction anywhere on Jamf nation or in the administrators guide. I have the device supervised and now sitting at the activation lock screen but entering the bypass code I received from the device in the JSS does not work. I have tried this with 5 different devices so far and have had zero success. Is there a step by step walkthrough that shows how this actually works from beginning to end?
EDIT: I have followed the steps as laid out in the JAMF webinar without success. I have tried entering the code with and without dashes, I have connected to iTunes and tried the copy/paste method, I have triple checked proper capitalization and entries and it just does not work.
There is...if it is "stale" it doesn't work. To make sure I don't make a typo, I copy/paste into iTunes because iTunes presents the same window on an activation locked device. I've also seen it work with no dashes.
In short it's not foolproof...it works about 70% of the time. More effective is wiping through JSS while checking "clear activation lock" and training users to check that prior to hand in. Combining all those methods I'm able to deal with it 90% of the time.
There are some every year that I have to file a case with Apple and go through the rigmarole To get them to clear.
My honest druthers would be some command to neuter activation lock from ever getting turned on to start with on DEP-based managed corporate devices.
I've improved my odds this year simply by closing the App Store, not using iCloud and assigning apps to devices for students. We still do user-based VPP for staff though so it's always a few per year to contend with.
UPDATE: I finally got it. I took your advice and went after it before it could get stale and it finally took hold. So the trick is to get everything to the ready and then get the code and immediately enter it. Which once again would be nice if there was documentation stating this. Thank you for your help.
And I fully agree, in a managed environment removing activation lock should be an option.
It's not terribly well documented but after dealing with 4000+ 1 to 1 devices for 3 years, it's a road I've been down plenty of times.
It's one of those issues that are so big to me that I have devised hand in procedures to principals for departing staff. The aren't universally followed but they help in the real world. The only exceptions are hostile departures and the very rare case that nothing works.
I had one time on a graceful departure where I had the principal track down the former staff member and get them to cooperate. I hate that but better than filing a case with Apple and having to prove ownership, wait a week or two and be told that "we should consider using an MDM solution with DEP". I hate that lecture most of all .
If anyone is interested in having control over this feature, there is a feature request here.
The mdm has to enable the ability for devices to enable activation lock. JSS automatically turns this on for all devices and, unfortunately, does not give the ability to control it.