Unlocking a macOS device

While it is possible to lock a macOS device from the User Portal, you cannot unlock a macOS device from the User Portal. Instead, unlocking a macOS device requires entering an unlock passcode on the device when prompted. The passcode can be found in the MDM logs for the macOS device, which are listed in the Admin Portal. The procedure is almost identical for unlocking wiped macOS devices.

For wiped macOS devices, you can push the Ivanti EPMM MDM profiles back to the device following recovery.

Important: The Unlock command clears passcodes and TouchIDs from the managed device, compromising device security. Never user this feature on lost or stolen devices.


  1. In the Admin Portal, go to Devices & Users > Devices.
  2. Go to the locked or wiped macOS device and select the carat (^) next to it.
  3. In the device details, select Logs.
  4. A list of device logs is displayed.

  5. Select MDM Log.
  6. The mobile device management log is displayed.

    Mobile device management log.

  7. Find the Lock or Erase Device action in the Action column.

    Alternatively, you can search for the relevant action by selecting a date range and the name of the action from the Actions drop-down list on the left.

  8. Make note of the corresponding PIN associated with the lock or wipe action.

    The PIN is located in the Detail column.

  9. When prompted, enter the PIN on the macOS device you are trying to unlock.

    If the macOS device has been locked and wiped, you must enter the corresponding PIN when prompted in the order that the actions occurred. For example, if you locked the device, and then wiped it, you would need to enter the lock PIN when prompted on the macOS device, follow the on-screen instructions, and then enter the wipe PIN when prompted.

  10. For wiped devices:
    1. Retire the macOS device.
    2. Re-register the macOS device. Alternatively, instruct the user to register the device again.