MEM: Bypassing iOS activation lock on supervised devices

While it’s not supposed to be possible, I have seen iPads which were added to DEP/Apple School Manager/Apple Business Manager and supervised allow the user to turn on ‘Find my iPad’ which creates an activation lock when the device is reset. Unfortunately your only clue is the first letter of the email address, and the first letter and TLD of the domain, e.g. a*****@a*****.com – not much use if you can’t figure out who that is to recover it via resetting the account password. Luckily you can bypass this if the device is registered to DEP and enrolled in MDM.

In the case I had this week, the iPad had already been reset via ‘Erase all content and settings’, so there was no longer an MDM profile installed. The MDM it used to be connected to has not been used for 3 years (the APNS certificate expired and wasn’t renewed, as we were migrating to Intune. Some devices were missed and remained on the old MDM but in an unmanageable state). Most MDMs will allow you to generate or view the activation lock bypass code. The MDM can generate this without needing to contact Apple – in my case the APNS certificate was expired – and without needing to talk to the iPad.

Once you’ve got this code, enter it into the password field on the iPad’s activation lock screen. Leave the username blank, and you should be able to unlock the device, It’s in the format XXXXX-XXXXX-XXXX-XXXX-XXXX-XXXX with a mix of letters and numbers.

On Intune, you can view this data for a device by going to Devices > iOS/iPadOS and clicking on the device in question. Click on the ‘Hardware’ tab and scroll down to reveal the Activation lock bypass code.

Screenshot of Intune iOS device screen's Hardware tab, showing where the activation lock bypass code is
In Intune you can find the bypass code in the iOS device’s Hardware tab.

Unfortunately if the device was never enrolled, you need to contact Apple with proof of purchase and they should remove the activation lock for you.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.