Citrix Endpoint Management

MDM options device policy

The MDM options device policy manages Find My Phone/iPad Activation Lock on supervised iOS devices. For the steps on setting an iOS device to supervised mode, see Deploy devices using Apple Configurator 2.

Activation Lock is a feature of Find My iPhone/iPad that prevents reactivation of a lost or stolen supervised device. Activation Lock requires the user Apple ID and password before anyone can turn off Find My iPhone/iPad, erase the device, or reactivate the device. For the devices that your organization owns, bypassing an Activation Lock is necessary to, for example, reset or reallocate devices.

To enable Activation Lock, you configure and deploy the Citrix Endpoint Management MDM Options device policy. You can then manage a device from the Citrix Endpoint Management console without the Apple credentials of the user. To bypass the Apple credential requirement of an Activation Lock, issue the Activation Lock Bypass security action from the Citrix Endpoint Management console.

For example, if the user returns a lost phone or to set up the device before or after a Full Wipe: When the phone prompts for the Apple App Store account credential, you can bypass that step by issuing the Activation Lock Bypass security action from the Citrix Endpoint Management console.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

Device Policies configuration screen

  • Enable Activation Lock: Select whether to enable Activation Lock on the devices to which you deploy this policy. The default is Off.

After you enable Activation Lock by deploying the MDM options device policy: The Security action Activation Lock Bypass appears when you select those devices on the Manage > Devices page and click Security. An Activation Lock Bypass allows you to remove the Activation Lock from supervised devices before device activation without knowing the Apple ID and password of the device users. You can send an Activation Lock Bypass to a device before or after a Full Wipe. For more information, see Bypass an iOS activation lock.

MDM options device policy