Activation Lock

Activation Lock is a theft-deterrent feature. Devices with activation lock enabled require an Apple ID and password or bypass code during the setup assistant screen before the device will complete the setup process. Failing to produce either of these on a device that has activation lock enabled will result in an unusable device.


To control activation lock with SimpleMDM, the following is required:

  1. A device running iOS 7+ OR macOS 10.15+ with a T2 chip (or greater).
  2. Supervision
  3. Automated Enrollment (required only for "Enable" mode, described below)

Activation Lock Modes

SimpleMDM allows activation lock to be configured on devices in one of three ways:

  1. Disable: activation lock is disabled and cannot be enabled by the user of the device.
  2. User Enabled: activation lock is not automatically enabled but the user of the device may enable it at a later time.
  3. Enable: activation lock is forcefully enabled by SimpleMDM.

Activation lock is configured on a device at the time of enrollment. Changing this setting will not affect devices that have already been enrolled.

Disabling Activation Lock with SimpleMDM

Activation lock can be disabled on a device one of two ways:

  1. When erasing a device with SimpleMDM, you may optionally select to have the device unlocked at the same time.
  2. By viewing the device details page and selecting the "Disable Activation Lock" option from the "Actions" drop-down menu. A device does not need to be enrolled for this feature to function.

Disabling Activation Lock from the Device

Activation lock can be disabled from the device itself during the setup assistant process. When prompted, one of these methods will unlock the device:

  1. If the device was locked by the user and "User Enabled" activation lock mode was set at the time of device enrollment, the user's Apple ID may be entered.
  2. If activation lock was enabled by SimpleMDM at the time of device enrollment, the Apple ID of the administrator that generated the Automated Enrollment (DEP) server token within Apple Business Manager may be entered.
  3. An activation lock bypass code may be entered in the password field, with the username field left blank. These codes (there may be up to two per device) can be retrieved from the device details page for a device. If more than one code is listed, only one will work depending upon if the device was first locked by the user or by SimpleMDM. Note that it is also possible, from this same screen, to disable activation lock programmatically from the "Actions" drop-down menu, as mentioned in the section above.
Still have a question or want to share what you have learned? Visit our to get help and collaborate with others.