How does one send 'Allow Activation Lock' command?

jcarr
Contributor III

I have not been able to find a way to send the 'Allow Activation Lock' command to supervised devices. Supervised devices are reporting the bypass code with inventory, but Activation Lock is not enabled if these devices are restored using Recovery Mode.

Here are the relevant commands from Profile Manager:

external image link

external image link

1 ACCEPTED SOLUTION

jcarr
Contributor III
8 REPLIES 8

wakco
Contributor

Personally, I'm more interested in the "Clear Activation Lock" option there.

kevinmwhite
New Contributor III
New Contributor III

Unfortunately, this new feature of CasperSuite 9.3 isn't well documented yet (sigh).

However, in my testing it appears that the JSS (v9.3+) automatically collects the Activation Lock Bypass Code. You can view the Activation Lock Bypass code in the Management Tab of the mobile device's inventory record.

Further, I also discovered in my testing that I can enable activation lock on Supervised devices. (The default for Supervised devices is that they cannot enable Activation Lock without being allowed by the MDM.) Thus, the JSS must also automatically pass down the Allow Activation Lock command to the iOS device if the Bypass Code was successfully collected.

What I haven't tested is the last bit of this puzzle, wherein you would use the Activation Lock Bypass Code. The idea of this whole system is that when you need to wipe and reactivate an iOS device, you can enter the Bypass Code instead of the user's Apple ID credentials to clear the Activation Lock during Setup Assistant.

It would seem that the Profile Manager implementation of this allows you to decide if you want to send Activation Lock optionally instead of automatically sending it. On the other hand, I can't seem to find the ability to Clear Activation Lock in CasperSuite 9.3, so perhaps that feature is missing. Though I'd argue it's largely unnecessary given that the inventory should contain the Activation Lock Bypass Code.

jcarr
Contributor III

For Supervised devices, "Clear Activation Lock" isn't required until after the "Allow Activation Lock" command has been sent. Activation Lock is not enabled on a Supervised device until that command has been received.

This is also a moot point for non-Supervised devices, as non-Supervised devices do not generate an Activation Lock bypass code.

jcarr
Contributor III

I think this is what I was looking for:

https://jamfnation.jamfsoftware.com/article.html?id=366

wakco
Contributor

And this post describes what to do with the Activation Lock Code, once you have it:

https://jamfnation.jamfsoftware.com/discussion.html?id=10096#responseChild59361

theelysium
New Contributor III
  1. Generate Code in MDM
  2. At the white screens of the setup leave the Apple ID Email blank use the bypass code in the password section. All capitals no dashes.

It will work, I just did it!

ant89
Contributor

@theelysium is right! This method works, i just did it also.

Thanks!

theelysium
New Contributor III

I do it all the time!