Activation lock (Apple)
Enable activation lock to secure your MDM managed macOS devices in case they are lost or stolen. When activation lock is enabled, if the device is factory reset, the device user will see a lock message from you and will be unable to use the device. They will not be able to set up or use the device as long as activation lock is enabled.
Activation lock is intended to be a proactive security measure. It should be enabled before the device goes missing, usually during initial device setup.
•Activation lock can only be enabled on devices enrolled in one of Apple's device deployment programs. For more information, see Apple device deployment programs (DEP).
•Macs must be running macOS Catalina or newer and have a T2 security chip installed
To enable activation lock on a device
1.Find the device in the Network view.
2.Right click it and click MDM actions > Enable activation lock.
3.Enter a message to display on the screen and a way to contact you if the device factory reset.
To disable activation lock from the console
1.Find the device in the Network view.
2.Right click it and click MDM actions > Remove activation lock.
To disable activation lock on a device that has already been factory reset
1.In the console, click Tools > Configuration > Client data storage.
2.In the Devices tree, double-click the device you want.
3.In the Client data dialog box, select the Server-Created Bypass Code, and click the export toolbar button.
4.Select a location for the resulting text file.
5.Open the text file in an editor and view the bypass codes.
6.On the factory reset device:
•macOS. At the top left of the screen, click Recovery Assistant > Activate with MDM key. Enter the bypass code and click next. Activation lock is removed.