As part of macOS Catalina, Apple introduced Activation Lock for Macs. As on iOS, Activation Lock is an anti-theft feature designed to prevent activation of a Mac if it’s lost or stolen.
Activation Lock on Macs does have some requirements in order for it to work. The Mac must:
- Run macOS Catalina or later
- Use the Apple T2 Security chip
- Two-factor authentication must be enabled on the Apple ID used for enable Activation Lock.
- Secure Boot must be enabled with Full Security settings and Disallow booting from external media selected.
Once these requirements are satisfied, Activation Lock is automatically enabled when Apple’s Find My service is enabled.
However, having Activation Lock turn on when Find My is enabled can lead to situations where it’s enabled by an employee on company-owned equipment. When this happens, companies, schools or institutions need a way to bypass Activation Lock without needing to know anything about the Apple ID used by the employee.
To provide this bypass, Apple has made it possible for companies, schools and institutions to use their MDM solution to clear Activation Lock. For more details, please see below the jump:
In order to clear Activation Lock using a MDM, the Mac in question needs to be supervised, which has the following requirements. The Mac must:
- Use macOS Catalina or later
- Be enrolled with an MDM
- MDM must be using Apple’s Automated Device Enrollment service via Apple Business Manager or Apple School Manager.
If a Mac is supervised and managed via Jamf Pro 10.20.0 or later, an Activation Lock bypass code is automatically generated and stored as part of the computer’s inventory. It’s available in the computer’s inventory listing, under the Management section.
Note: This Activation Lock bypass code capability is not exclusive to Jamf Pro; it’s available to all MDM solutions. If your MDM solution does not yet support it, ask your vendor to add this support.
To use the Activation Lock bypass code, please use the following procedure:
1. Get the bypass code from Jamf Pro.
2. Boot to macOS Recovery or Internet Recovery .
3. Make sure your Mac is able to communicate with the Internet and the required Apple services.
3. At the Activation Lock screen, go to the Recovery Assistant menu and select Activate with MDM key…
4. Enter the bypass code and click the Next button.
Once the bypass code has been accepted, the Mac should clear the activation lock and activate.
To illustrate, I’ve made a video showing the described process.