Deleted iPad from network while device in Lost Mode
To start off with a bit of background, we have multiple iPads that we manage through MDM. Recently, a few devices have been lost/stolen from their owners. We were looking into the proper steps on how to remove these devices from our network while keeping the device locked to protect any company data.
I have in my possession an iPad that we use for testing purposes. I placed the iPad into Lost Mode and then removed the device from our network. Of course, it freed up one of our licenses how we predicted, and the device remains in Lost Mode exactly how we want it.
Herein lies our issue. How can we re-add this device to our network while it is in Lost Mode? Normally we have the devices automatically enroll through DEP, or on rare occasions, we have to manually enroll a device manually by visiting m.meraki.com, but with the device in Lost Mode, that is not possible.
In my opinion, Lost Mode is sort of a terrible design for wifi-only iPads. The device cannot get on a network it hasn't previously been on in order to receive commands.
If any network config has been removed, then you will most likely need to connect via a USB to ethernet adapter. And the various off-brand USB to ethernet adapters may not work.
We don't use Lost Mode here...we created a separate location in Meraki that we move it to where it will get a restricted profile yet still be able to get on a network to report in its location, and receive commands.
It does seem like a huge oversite to not have a way to better manage devices that are lost/stolen.
I did end up hooking the iPad up to iTunes and did a reset on the device. The problem is, when the iPad started back up, it loaded up into the device without checking to see if it is managed by any MDM. The iPad booted into its default settings and I was able to go into the settings on the device and remove the Meraki Management.
It's a shame that it is so easy to get past this MDM, so if one were to steal an iPad, it would only take 5 minutes of searching the internet to get past this and obtain a completely unmanaged device.
I did factory reset through the device settings afterward and because it is managed through our DEP it picked up our profile and allowed us to manage it once more.