Managing Find My Mac/Activation Lockon Catalina

davidjess
New Contributor III

Hi folks,

We are currently looking to release Catalina into our prod environment, and I've been looking into Find My Mac. We have Prey so have no real business reason to keep Find My Mac turned on, but if it was possible to keep it turned on without activation locking our machines - that would be fine.

For newly issued machines, we'll probably just disable Find My Mac in the prestage.

But I'm trying to nail down a good process for upgrades from Mojave. All of our Macs are DEP'd, MDM enforced, supervised, T2 machines. Some of which will already be signed into personal Apple IDs with Find My Mac Turned on.

When these machines are upgraded to Catalina, they are obviously going to have activation lock enabled, which will mean that we need to prompt users to sign out of iCloud and disable Find My Mac before handing their machines back. Which is our current policy for iOS devices... But going by the pile of bricked iPads in my storage cupboard, this is not particularly scalable in a global organisation.

So my question to you - how to deal with upgrading Mojave machines with Find My Mac already turned on? Is there a good script anywhere to turn it off? Is there something in Jamf Pro 10.16 that I'm not seeing to deal with it?

Many thanks

3 REPLIES 3

MikeF
Contributor II

We have been looking at this as what we have found is the profile to disable this on Mojave works fine but on Catalina there does not seem to be any way to actually disable Find My Mac. Jamf Support told us that there is an issue with Catalina and Apple is working on it. Right now we are seeing activation lock being disabled when enrolled into jamf but we can't get a fix for Find My Mac. We are holding off any upgrade until this issue is resolved

maurits
Contributor

feature request status : Planned. (not 10.18 ;-( )
https://www.jamf.com/jamf-nation/feature-requests/8673/macos-10-15-activation-lock-bypass

PaulHazelden
Valued Contributor

On Catalina, you can effectively kill Find my by killing the sign in to Apple ID Preferences Pane.

defaults write /Library/Preferences/com.apple.systempreferences.plist DisabledPreferencePanes -array-add "com.apple.preferences.AppleIDPrefPane"

If you are not signed in to an Apple ID, and this has been run on the Mac, then accessing Find My will attempt to open the Pref Pane for you to sign in. And the pane is greyed out, preventing access.
Not perfect, but it is working on my test builds of Catalina.