Hi there,
Last year we introduced Google Workspace Federated Managed Apple IDs into our environment to negate the use of personal Apple IDs. Dealing with activation locks were particularly tedious on those personal Apple ID linked devices so we opted for making use of Managed Apple IDs since they do not have Find My functionality associated with them. Logically this should resolve the activation lock issue and also allow users to make use of some iCloud related functions.
The behaviour we saw as a result was a 70% uptick of devices triggering activation lock that when formatted both through Jamf Pro or directly in-OS using the erase or format functions. The difference with these activation locks is that they ask for the last iCloud signin used but do not have the hint i.e "s*****z@icloud.com" and since Managed Apple IDs don't support Find My the devices cannot be unlocked even if we use the Managed Apple ID credentials.
Most logical response then would be to use the activation lock bypass code. Problem is our environment was migrated from Meraki using the Jamf migration toolset so majority of devices in the environment are UIE devices so activation lock bypass is not possible.
Currently the wiping process is entirely RNG on whether or not it triggers activation lock. Yes, we've signed out of the Managed Apple IDs before wipes, it doesn't make a difference. We have thought of signing into an I.T controlled personal Apple ID and intentionally triggering the activation lock and making this our process for all future wipes that is obviously not the most elegant solution so I was hoping anyone else is able to give input on this matter.
