JSS Version 9.9 and Lost mode

cortday
New Contributor III

For those of you that have used the beta JSS. I'm curious about the new Lost Mode function from the JSS. Does the act of putting a device in Lost Mode still require an apple ID logged into iCloud? At CETPA (California Educational Technology Professionals Association) event this year Filewave mentioned they would have this ability soon, without needed an Apple ID logged into the device or iCloud account. The casper reps at the same event said that Filewave was full of it haha. However, that intrigued me because that would save my district a LOT of time. We rely heavily on still using Find-My-iPad. It would be awesome to be able to have some of that functionality without needing the iCloud account logged int.

1 ACCEPTED SOLUTION

tobiaslinder
Contributor II
Contributor II

Actually the new Lost Mode function from the JSS really works without any Apple ID active. It is using the a new MDM function that comes with iOS 9.3.

It works like this:

  1. You click on the activate lost mode button in JSS
  2. You set a lost mode message with phone number
  3. The device gets looked with a lost mode message
  4. You can access the geo location information of the device and also update it with a button
  5. When the device is found again you can deactivate lost mode
  6. The user gets a push message that the MDM server accessed the geo location

View solution in original post

31 REPLIES 31

Kaltsas
Contributor III

Many MDM providers (like Airwatch) sell their product as having "find my iPhone" functionality but the only "bare metal" solution is from Apple with an Apple ID, one which Apple considers a consumer technology.

As far as I know, there is no DEP/Enterprise mechanism for this. Anyone selling as such is slinging a little bit of snake oil. If there is new functionality like this our organization would be pleased as punch.

cortday
New Contributor III

I was afraid of that :( Thanks for your reply!

Kaltsas
Contributor III

That said I think orgs get too hung up on I want to track these devices when nobody else offers this kind of functionality. Dell doesn't let us track our dell devices through some dell service. IF you've got the devices properly configured if they go missing someone has a brick. Deters theft somewhat. I appreciate what organizations are wanting to do (ours included) but I tend to err on Apples side of this. Tracking iOS assets really becomes tracking people and that's a business they don't want to be in.

cortday
New Contributor III

I agree completely. It seems my organization uses it as a crutch at this point. The discipline is very very light at most of the schools, so the students don't really fear my when they forget their iPad somewhere. They know we can track them and they know they won't get in trouble. That nonchalant attitude basically adds up to us getting ~1-2 calls a day for missing iPads. With ~4k devices we have only had 1-3 stolen a year. It's the fact the we can say...it's in building $. I won't see us moving away anytime soon :( Administration loves it too much.

tobiaslinder
Contributor II
Contributor II

Actually the new Lost Mode function from the JSS really works without any Apple ID active. It is using the a new MDM function that comes with iOS 9.3.

It works like this:

  1. You click on the activate lost mode button in JSS
  2. You set a lost mode message with phone number
  3. The device gets looked with a lost mode message
  4. You can access the geo location information of the device and also update it with a button
  5. When the device is found again you can deactivate lost mode
  6. The user gets a push message that the MDM server accessed the geo location

Simmo
Contributor II
Contributor II

@tobiaslinder Very interesting.
Looking forward to testing this.

St0rMl0rD
Contributor III

@tobiaslinder that sounds interesting, can't wait to see it

CairoJXP
Contributor

This link was very helpful with a short video tutorial for using the new lost mode feature: JSS Lost Mode Video

cdenesha
Valued Contributor II

And if the iPad is restarted so there is no more WiFi to receive the Unlock command?

St0rMl0rD
Contributor III

@cdenesha just tried it, if the device has passcode lock enabled and is restarted, it will not connect to Wi-Fi, therefore not receiving any commands. I enabled the lost mode, restarted the iPad, disabled the lost mode, but the disable command didn't come through. It does come through if you use the ethernet connection, though.

St0rMl0rD
Contributor III

Also, because the Lost mode doesn't allow user to unlock the device with their unlock code anymore, you actually HAVE to use the ethernet way in these cases.

cdenesha
Valued Contributor II

Yeah that's what I thought. I wonder.. since Apple actually mentioned Ethernet for iPads with their new powered Camera Connector in the last Event, I wonder if it will now always work?? Have to order some..

[edit] forgot two words

Simmo
Contributor II
Contributor II

I was told that the new powered camera connector will only work with the new 9.7 inch pro.
Which means if you aren't using the hacky way of getting ethernet working then you have a glaring hole in the lost mode process.

cdenesha
Valued Contributor II

The store page shows it being compatible with all lightning iPads. It will only be USB 3 with the 12.9" iPad Pro.

Simmo
Contributor II
Contributor II

Compatibility doesn't mean it will provide power to the usb port though.
Is anyone able to verify if it definitely works without the addition of a powered usb hub for non-ipad pro models?

cdenesha
Valued Contributor II

I contacted my Apple SE and his colleague confirmed ethernet with several models including the Air 2.

LarryH
New Contributor III

I have tested the powered camera connector on an iPhone 6, iPhone 6s, and an iPad Air2. But the devices need to have iOS 9.3 installed or you get a message saying the connected adaptor is not supported.

cdenesha
Valued Contributor II

Ahh, interesting, ty

snourse
New Contributor II

Great info. It makes me wish Apple had provided an option for a "Lost Mode" override pin, separate from any code on the device.

mradams
Contributor

I have used "Lost Mode" several times already. I send "Clear Passcode" first and verify it has completed then send "Lost Mode" this way if the iPad is restarted there is no passcode so it will connect to wi-fi. It remains in "Lost Mode" which prevents the user from accessing the iPad.

So far no problems.....

cdenesha
Valued Contributor II

St0rMl0rD
Contributor III

Too bad they didn't include the option to make the device make a ping sound, like on iCloud - that's how we locate all of our missing iPads, and we've found them all with this so far.

cgalik
Contributor
Too bad they didn't include the option to make the device make a ping sound, like on iCloud - that's how we locate all of our missing iPads, and we've found them all with this so far.

I concur. We had a lost iPad today that we were able to more or less drill down the location of, based on what access point it was connected to, but it would be grand if we could play the sonar tone (like Find My iPhone) to locate it in said room. Feature request, perhaps?

RLR
Valued Contributor

Currently got an iPad pro 9.7" in lost mode. Not getting ethernet connection but another iPad pro 9.7" is (which isn't in lost mode and had the passcode entered). Seems odd. Wish there was an easier way to bypass this lost mode. Only way round this now is to wipe the device and see if they have a backup.

I think clearing the passcode before enabling lost mode is the best way to go about this.

mradams
Contributor

Have you tried using an Apple Lightning to USB Camera adapter and a USB Nic adapter to connect the iPad to a LAN cable?

RLR
Valued Contributor

Yep, it works on one ipad but not the iPad that is in lost mode. I've set my iPad into lost mode, turned off wifi, restarted the device and plugged in the lan cable and it still got internet connection but this other device doesn't. Same iPad model.

lwomack
New Contributor

While testing the "Lost Mode" feature, I enabled it on an iPad that was enrolled using DEP. Then, pretending the iPad was stolen, I wiped it. Of course, when the iPad was restored I was able to enroll it again using DEP. But the "Lost Mode" feature was no longer functioning on the iPad. On a stolen iPad, I would want the iPad to still be unusable by being locked. Am I missing something?

Kaltsas
Contributor III

It is up to the MDM vendor to implement in that way. Currently JAMF doesn't. I'm not sure if any of the other major MDM vendors do either. Lost Mode is an MDM command sent to the device. After re-enrollment (after say a DFU reset) the MDM would need to say "oh this device was in Lost Mode, put it back in Lost Mode, send another Lost Mode MDM command".

I don't think there is an FR on this. I was just thinking about this workflow yesterday and was thinking about making an FR.

cdenesha
Valued Contributor II

We just set an Extension Attribute and based on that being Yes lock it down if and every time it is enrolled by DEP. If the Smart Group emails you then you can send another Lost Command and try to locate.. Or don't lock it down but get notified by email, because they think they've gotten away with it, and then get the location.

skinford
Contributor

@tobiaslinder Good afternoon, where exactly is the GPS information accessible? I put an iPad into Lost Mode today and I cannot seem to find that information.

Thank you.

tobiaslinder
Contributor II
Contributor II

@skinford it’s under Security

2aead6bd1a3843449f36720f1216f824