Here's an interesting issue that we just stumbled upon this morning. I'm actually quite surprised it hasn't come up before. As Apple moves more and more services and tools under the Apple ID and iCloud umbrella, this will likely become an even more prevalent.
- In our environment, we allow our users to be Admins
- Almost every user has a personal Apple ID
- we encourage them to use their personal Apple ID, and they do. They buy software from MAS and media from iTunes.
- We've known, of course, for some time about teaching our users to de-authorize their computer from their iTunes account when it's being returned to us. Until today, we hadn't considered that each end-user will have to also disassociate their company-owned computer from their Apple ID and from connected iCloud services like "Find my Computer" and "Find my iPhone.". If they don't, this can happen:
That's a freshly-imaged machine that was being used by a 12th grader who graduated in June 2014. He clearly has associated this computer with his Apple ID, and then at some point, lost his phone. When I pulled it out of storage to re-assign it, Apple's push server dutifully sent a message to this still-associated machine.
The solution to this is going to be some user-education along with modifying our turn-in procedures. Just as we ask every user to de-authorize iTunes, we're also going to have to ask them to log into iCloud.com, and remove their company-owned computer from the list of associated devices.
Not the end of the world, but I found this interesting enough that I thought I'd share with the community.
I know which student this machine belonged to and will email him to ask him to remove this machine from his iCloud account, and hope that he complies. Who knows how many other of my former students are out there with their school-issued computers still associated with their iCloud accounts.
