Skip to content
BLOG

How to turn off Apple's Activation Lock

Headshot of Andrea Pepper, SimpleMDM writer and MacAdmin
Andrea Pepper|July 26, 2023
General IT Article background
General IT Article background
Sections

If you're a MacAdmin, there's a good chance you've seen the dreaded Activation Lock screen before. If you have a machine that displays this page, you have a machine with a pre-existing Activation Lock. For admins and nonadmins alike, it's super annoying. But have no fear — I'll teach you how to get rid of it (and other tips for managing Activation Lock).

When removing Activation Lock from a device, the method will depend on whether it was a manually enrolled device (user-linked) or an auto-enrolled or supervised device (organization-linked).
 
Organization-linked is more straightforward, requiring ABM, ASM, or ABE, and allows an MDM solution to control Activation Lock through server-side interactions. The latter, user-linked, needs a personal Apple ID and the Find My feature, which enables the user to lock a device to their Apple ID.

Disable Activation Lock with Apple Support

Apple Support offers a few ways to remove Activation Lock.

To remove Activation Lock on an unmanaged or unsupervised device where the individual user has locked it via a personal iCloud account, you can use one of the following methods:

  • If you know your Apple ID and password, you can remove Activation Lock through www.iCloud.com/find by following their steps.

  • If you can't find your Apple ID password, you can recover it at https://al-support.apple.com/#/getsupport by following the prompts.

  • If you have proof of purchase documentation, you can start an Activation Lock support request. Proof of ownership must include the product serial number, IMEI, or MEID. (The device must be erased at the end of this process to complete unlock.)

  • For Supervised/ADE devices, or if the device is locked with an Apple ID tied to your workplace domain, contact Apple Education and Business Tech Support for the next steps: (800) 800-2775.

    • Things to keep in mind when you call Apple Education and Business Tech Support:

      • You'll need to actually call Apple Support. Business Activation Unlock cannot be requested online at the time of publication.

      • After the phone call, Apple Support will send you an unlock form. This form will expire after a few business days, so don't delay, or you'll have to repeat the process.

      • Historically, you should be golden if you can show Apple Business Support (not Consumer Support, don't waste your time) that the locked device's serial number exists in your organization's ABM/ASM inventory. This could save you time digging through receipts.

Disable Activation Lock with your MDM

Already got your device enrolled in an MDM? Excellent — then you may not need to go through Apple Support to turn off Activation Lock! Instead, you can use a Device Enrollment Credential Override or an Activation Lock bypass code.

Device Enrollment Credential Override

Okay, hold on to your hats because this one blew my circuits when I discovered it in Apple's KBs.

If an iOS device is secured with an organization-linked Activation Lock, a credential override can unlock the device even when your MDM isn't communicating effectively with the device. Rather than using the Apple ID of the individual who activated the device lock, use the credentials of the user who created the device enrollment token for the MDM to which the locked device is assigned in Apple Business Manager.

Device Enrollment Token

iOS Activation Lock Screen

Image credit: 9to5Mac.com

In this example, I am the user who created the device enrollment token for the Test Server in the first image. I enter the Apple ID and PW credentials I used to generate the device enrollment token that links SimpleMDM to Apple Business Manager into the Activation Lock screen on iOS to attempt an unlock, as seen in the second image.

The user account that created the device enrollment token in Apple Business Manager would require the role of an Administrator or Device Enrollment Manager. (Site Manager is also applicable if using Apple School Manager.) If these prerequisites apply to your situation, try this method first to save yourself some time!

With organization-linked Activation Lock for iPhone and iPad, the MDM contacts Apple servers to lock or unlock the device, independent of the user or device status. It creates a bypass code for turning Activation Lock on or off.

Activation Lock bypass code

If your enterprise devices are supervised and managed by ABM, one of the easiest ways to remove an Activation Lock is by sending an ActivationLockBypassCodeCommand through your MDM and clearing the lock.

With organization-linked Activation Lock, the MDM solution independently interacts with Apple’s servers to lock or unlock devices without user involvement or device status. The MDM crafts a unique bypass code for Activation Lock control, which it dispatches to Apple's servers.

With an Activation Lock bypass code command, the Activation Lock on supervised Apple devices can be removed remotely if the associated Apple ID and password are unavailable. The main drawback is that it doesn’t constantly check in; if you must disable Activation Lock, you must send an Activation Lock bypass code command every time a user locks it.

Minimum tech specs required for ActivationLockBypassCodeCommand:

MDM:

Supervision Required

Software:

iOS 7.1+

iPadOS 7.1+

macOS 10.15+

 Hardware:

macOS 

T2 or Apple Silicon Required

How do I use the Activation Lock bypass code?

  1. Set up the Device in Apple Business Manager or School Manager: Enroll the device in ABM or ASM.

  2. Set up MDM: Configure an MDM solution like SimpleMDM. This solution will manage your device and generate the bypass code.

  3. Find the bypass code: Use your MDM solution to find the bypass code. Generally, this is done by navigating to the device details page in your MDM control panel and selecting Show Bypass Code.

  4. Enter the bypass code: According to Apple Support, “If you have physical possession of the device on an iPhone or iPad, enter the MDM Activation Lock bypass code on the Activation Lock Screen in the Apple ID password field, and leave the username field blank. On a Mac, the bypass code can be entered by clicking Recovery Assistant in the menu bar [on the Activation Lock screen] and selecting the 'Activate with MDM key' option.”

  5. Reset the Device: After successfully unlocking the device, a factory reset will remove the Activation Lock. Clear any remaining Activation Locks via your MDM solution before distributing the device to avoid potential issues.

How to use Activation Lock bypass code with SimpleMDM

  1. Go to Devices.

  2. Click on the desired device that you want to unlock.

  3. Click the Actions button on the top right of the Device Details page.

  4. Select Disable Activation Lock from the Actions drop-down menu.

  5. A warning pop-up window will appear to complete the action. Click OK to proceed.

When a device initially enrolls in SimpleMDM, it sends the ActivationLockBypassCode to the device, collects the bypass code, and stores the code on the device record. The Disable Activation Lock button in SimpleMDM will take any previously stored codes and automatically remove any existing activation lock if present.

Activation Lock got you stuck? SimpleMDM is here to help! Don't miss this chance to unlock your knowledge and power up your skills with a 30-day free trial of SimpleMDM. 

Headshot of Andrea Pepper, SimpleMDM writer and MacAdmin
Andrea Pepper

Andrea Pepper is an Apple SME MacAdmin with a problematic lack of impulse control around a software update prompt. When not poking at machines, Pepper enjoys being a silly goose in sunny Colorado with her two gigantic fluffer pups.

Related articles

Padlock on computer screen

Apple Lock Guide for MacAdmins

SECURITY

General IT Article background

What is Apple's Automated Device Enrollment (ADE)?

GENERAL IT

General IT Article background

How to deploy CrowdStrike Falcon Sensor with SimpleMDM

SECURITY