iOS Activation Lock -> How to change the Apple ID it is locked with?

SOLVED
Pom_Poko
Conversationalist

iOS Activation Lock -> How to change the Apple ID it is locked with?

Hello everyone,

 

my team (my colleague and I) are new to the MDM business and are consulting for a school. With the COVID and stuff, they are changing to a new model of teaching and have bought iPads through an Apple reseller and all.

 

Long story short, we set up anew the ASM and the Meraki MDM endpoint. I did the mistake of creating the first MDM certificate using my my school's Apple ID (john.doe@myschool.appleid.com) instead of the department's Apple ID (it@myschool.appleid.com). Our Apple reseller and us exchanged the apple accounts so the devices would show up in the DEP. We did the configuration and all went perfectly but, just for tests, reset one of the iPads using iTunes (to check what would happen if they were eg. stolen).

 

Sure enough, they were activation-locked to my personal school's apple id (john.doe@myschool.appleid.com). Now I've created a new MDM certificate, with the subject as it@myschool.appleid.com. My question is: what is the process I have to carry out so that the devices will be activation-locked using the it@myschool.appleid.com instead of john.doe@myschool.appleid.com?  Under the assigned-by column in DEP, all i can see is system_user. Do i have to delete the MDM server and start from scratch? (that would be no drama).

 

Thanks a lot in advance,

 

Pom_poko

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal

Changing the certificate and ID - I think you are going to need to re-enroll all of the devices (which involves wiping them).  Perhaps the Apple reseller can update this otherwise it can only be done via Apple Configurator and plugging the device directly into a Mac (can't be done on a Windows machine).

 

Hopefully the Apple reseller can update DEP.

View solution in original post

3 REPLIES 3
PhilipDAth
Kind of a big deal

Changing the certificate and ID - I think you are going to need to re-enroll all of the devices (which involves wiping them).  Perhaps the Apple reseller can update this otherwise it can only be done via Apple Configurator and plugging the device directly into a Mac (can't be done on a Windows machine).

 

Hopefully the Apple reseller can update DEP.

View solution in original post

PhilipDAth
Kind of a big deal

You should also make sure you choose an account that is not used for anything else "Apple".  It should be 100% exclusively used by Systems Manager and Apple DEP.

Hi PhiipDath,

 

thanks a lot for your replies.

 

Sure enough, it was a matter of recreating the certificate with the intended Apple ID it@myschool.appleid.com (which i did just in case), nuking the MDM server from the ASM (so the MDM server list in ASM was empty). Since I was deleting the server, ASM prompted me whether I wanted to unassign the devices. Confirmed the "Unassigned and delete" button so the MDM server was gone. Then I redid the certificate-token process so that both ASM and MDM/DEP knew each other.

 

After this, when I requested activation locks the Apple ID was the IT Team's one, instead of my "personal" one, which is the intended effect.

 

With your message I was a little bit more confident I was doing the correct steps (i guessed I had to redo the process but now i KNOW it), so thank you for taking the time to do that.

 

Cheers.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels