Posted on 11-17-2023 01:53 AM
We're wanting to roll out activation lock to our devices so that if any devices are stolen and wiped the laptop is useless unless returned to IT and the bypass code entered.
The documentation (https://learn.jamf.com/bundle/technical-articles/page/Leveraging_Apples_Activation_Lock_Feature_with...) states that:
"The Set Activation Lock command allows you to enable Activation Lock on a currently enrolled device. This command can be sent to a single device using a remote command or to multiple devices using a mass action.".
However upon reviewing the mass action commands available for a test device, it only allows the user to enable activation lock?
We've been able to add this to our pre-stage profile so any newly enrolled devices are covered.
Is anyone able to advise on this?
Posted on 11-17-2023 07:53 AM
For the behavior you are expecting, I believe this can only be set for devices at initial enrollment into jamf.
Posted on 11-21-2023 11:10 AM
On Computers the only option is to either disable and prevent activation lock or allow a user to enable it when they sign into an Apple ID and turn on Find My. When activation lock is enabled this way, Jamf Pro will populate an activation lock bypass code for the device on the next inventory update after activation.
You can enable activation lock on mobile devices (iPhones, iPads, etc...) without using an Apple ID via a mass action command.
Do you use Apple Business Manager to enroll Macs into Jamf? If you do, there are ways to make a Mac useless if stolen and wiped without activation lock. Something like requiring LDAP/SSO sign in to complete enrollment.