Home > Jamf Pro, macOS, macOS Recovery, Mobile Device Management > Using an Activation Lock bypass code from Jamf Pro to clear Activation Lock on a Mac

Using an Activation Lock bypass code from Jamf Pro to clear Activation Lock on a Mac

As part of macOS Catalina, Apple introduced Activation Lock for Macs. As on iOS, Activation Lock is an anti-theft feature designed to prevent activation of a Mac if it’s lost or stolen.

Activation Lock on Macs does have some requirements in order for it to work. The Mac must:

  • Run macOS Catalina or later
  • Use the Apple T2 Security chip
  • Two-factor authentication must be enabled on the Apple ID used for enable Activation Lock.
  • Secure Boot must be enabled with Full Security settings and Disallow booting from external media selected.

Screen Shot 2020 06 18 at 3 40 31 PM

 

Once these requirements are satisfied, Activation Lock is automatically enabled when Apple’s Find My service is enabled.

However, having Activation Lock turn on when Find My is enabled can lead to situations where it’s enabled by an employee on company-owned equipment. When this happens, companies, schools or institutions need a way to bypass Activation Lock without needing to know anything about the Apple ID used by the employee.

To provide this bypass, Apple has made it possible for companies, schools and institutions to use their MDM solution to clear Activation Lock. For more details, please see below the jump:

In order to clear Activation Lock using a MDM, the Mac in question needs to be supervised, which has the following requirements. The Mac must:

If a Mac is supervised and managed via Jamf Pro 10.20.0 or later, an Activation Lock bypass code is automatically generated and stored as part of the computer’s inventory. It’s available in the computer’s inventory listing, under the Management section.

Screen Shot 2020 06 19 at 5 21 39 PM

 

Note: This Activation Lock bypass code capability is not exclusive to Jamf Pro; it’s available to all MDM solutions. If your MDM solution does not yet support it, ask your vendor to add this support.

To use the Activation Lock bypass code, please use the following procedure:

1. Get the bypass code from Jamf Pro.

Screen Shot 2020 06 19 at 5 07 07 PM

2. Boot to macOS Recovery or Internet Recovery .
3. Make sure your Mac is able to communicate with the Internet and the required Apple services.
3. At the Activation Lock screen, go to the Recovery Assistant menu and select Activate with MDM key…

Screen Shot 2020 06 19 at 7 15 45 PM

4. Enter the bypass code and click the Next button.

Screen Shot 2020 06 19 at 7 15 57 PM

 

Once the bypass code has been accepted, the Mac should clear the activation lock and activate.

Screen Shot 2020 06 19 at 7 16 07 PM

To illustrate, I’ve made a video showing the described process.

  1. Craig Chambers
    June 22, 2020 at 5:35 pm

    Question about enabling activation lock. When you say “Two-factor authentication must be enabled on the Apple ID used for enable Activation Lock” does the mean if we want all computers to have this enabled we need to manually enable FindMy on the Mac’s (either by telling the user to do it or doing it ourselves before deploying to the user)? Is there a way to enable via Jamf agent or MDM? Once it’s enabled, do we have to go into the Apple ID account to lock the device, or can that be done through a Mac Management tool or MDM?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: