15 comments

[ 0.20 ms ] story [ 34.2 ms ] thread
Firstly, the scenario described is a fundemental failure of device management by this hypothetical small business, however that being said...

https://support.apple.com/en-us/HT201441

1. The company would have proof of purchase, so they could remove activation lock that way

2. The employee can remove activation lock by removing it from icloud.com - no need to share a password.

If you have proof of purchase you should have no issues getting the activation lock removed by Apple Support. It’s mentioned in the official documentation and I’ve used it successfully.
Foe, 100% - this is such a short-sighted move by apple that I am bewildered at the support it's implementation has received. If you cant see it coming now, here's what the future will look like: Mountains of unusable e-waste Apple devices which have no real owners and would be perfectly usable if not for this arbitrary lock. There must be a better, more logical way to protect from theft that doesn't involve these long term effects.
Companies (I know this, since mine does) can block employees from activating Activation Lock with a profile

E-waste generated by activation lock at companies is almost entirely due to mismanagement or lack of will.

Agree to all of the above, which is why im certain it will be widespread. What now?
This would be fairly easy for Apple to fix as a middle-ground.

Some (presumably not all) MDMs delete the escrowed Activation Lock bypass code when you drop the machine from MDM. Jamf _suggests_ that this is because Apple won’t validate the bypass code unless the machine still exists in the last associated MDM, but I’ve never found crystal clear documentation on the underlying theory.

If Apple already knows the last enrolled MDM server (which isn’t guaranteed), then they could change the implementation so that the last valid bypass code is always preserved and valid. This could then be made available via some channel.

I’ve been long saddened that they don’t want to work with industry more expansively to deal with the waste problem the current implementation creates.

At the same time, it’s my hardware. If it gets lost or stolen, I still feel entitled to control whether it’s useful. On the other hand, I’d rather wipe it and let it be used than a resource sink.

If the device has no real owner return it to Apple and they can refurbish or recycle it. In terms of mitigating e-waste Apple does a pretty good job considering their size.
You feel its a valuable use of a working machine to do this?
"Just throw it away through us, for free! Keep in mind, any other option may be contractually illegal and we will do everything in our power to prevent you from recovering this hardware."

Someday we'll wonder why people thought this company cared about the environment. Someday.

Mostly foe.

Today, I've got two laptops stuck behind an Apple Business Manager MDM error. Thankfully I'm not in a hurry, but several hours have already been burned trying to get these past the Remote Management setup screen.

I was asked to help a woman who worked as a housekeeper. She had been given a used iPad as a Christmas present by a previous employer, but the previous owner did not remove it from her iCloud account. Months had passed and the new owner was no longer working for the giver, and reluctant to ask (language barrier) so the iPad was a paperweight.

My daughter recently lost her iPhone in a big city. iCloud lock allowed us to remote-lock it, send messages and see its last location on the map, but the device was never returned. We sent a remote-wipe command, but I assume it was smashed for fun, since it was useless thanks to Activation lock.

First mistake of this small business:

> signed into her personal iCloud account.

It’s not the employees personal computer. No personal iCloud.