Hi everyone! I'm facing an issue with Activation Lock on our Macs. Our users log in using federated Apple accounts connected to our organization's domain, rather than standard @icloud.com Apple IDs. The problem is that Apple seems to disable Find My for these federated accounts, which is critical for enabling Activation Lock. Has anyone dealt with this restriction? How do you manage Activation Lock and device security in a situation where users have these federated accounts? I'm looking for any workarounds or best practices you might have!
3 Answers
Unfortunately, it seems like you'll have to accept this limitation. That’s just how Apple does things. You can check their official guide on managed accounts for more info, but it seems like your hands are tied with this setup.
That's frustrating! I also manage Macs and will look into this, as it's definitely a glaring issue. Apple not allowing Find My on federated accounts is a real blocker for using Activation Lock properly!
Are you using federated accounts or do the users have @icloud.com accounts on their Macs?
If your devices are enrolled in Apple Business Manager and set up through your MDM correctly, that should cover your security needs. Just ensure that everything is locked down properly through those systems.
Most of our devices weren't enrolled that way; they were manually set up. So, does that mean Find My isn't essential for activating the lock? Would just keeping the Activation Lock policy be enough if a device is lost?
So what's the right way to implement Activation Lock then? Should we be using personal iCloud accounts?