Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: jjrbg
jjrbg Author
User level: Level 1
0 points

Company owned devices

How can we deal with company owned iOS 7 devices locked to an employee's personal Apple ID after they have left the business?! We have 60 devices in our organisation, and Apple does not appear support:


- Blocking users from upgrading to iOS 7. We just have to ask nicely - but patience will run out!

- Blocking download/use of Find My iPhone

- Disabling Activation Lock via MDM


So, how can we realistically manage this from an asset management/IT perspective? The company own the device - not the individual user. However, you must login to the device with an Apple ID. The only possible option I see is to create Apple IDs against their company email addresses, so we can reset the Apple ID password should they leave the business. This would be a nightmare, and users would not be keen on adding their personal credit card details to a work email address. Also, any personal app's purchased against that ID cannot be transferred to another email address - so again, this isn't a feasible solution.


I understand what Apple were going for with this feature - In fact, for regular home/consumer users it's a fantastic feature which will hopefully reduce thefts etc. But yet again, Apple don't seem to realise they have a huge enterprise user-base where we need to be able to manage/control certain features centrally.


Does anyone have any thoughts on this?

iOS 7

Posted on Sep 19, 2013 12:04 AM

Reply
Question marked as Best reply
User profile for user: tqn_sifue
tqn_sifue
User level: Level 1
34 points

Posted on Sep 20, 2013 9:54 AM

Check out KB HT5927 - iOS 7: Mobile Device Management and Find My iPhone Activation Lock. You can manage your company iOS devices where the Activation Lock is not turned on but still have Find My iPhone enabled.

View in context
7 replies
User profile for user: jjrbg
jjrbg Author
User level: Level 1
0 points

Sep 28, 2013 7:48 AM in response to tqn_sifue

We use MobileIron to manage our devices, not Apple Configurator. The benefit of MobileIron is it's entirely OTA enrollment and configuration. From what I understand of Apple Configurator, it requires each device to be connected via USB - this would be a step backwards for us. Plus it would mean using two different products to manage our devices as Apple Configurator doesn't have all the features of MobileIron.

Reply
User profile for user: jjrbg
jjrbg Author
User level: Level 1
0 points

Sep 28, 2013 7:52 AM in response to PavilionServices

We're mostly Windows too, but we do have access to a Mac if we were desperate. I'm not sure if the iPhone Configuration Utility will be updated to include this feature. It would be great if Apple had a fallback process - for example, if you were able to provide proof or purchase/ownership of the specific device - they could override the Activation Lock.

Reply
User profile for user: pvonk
pvonk
User level: Level 6
13,851 points

Sep 28, 2013 7:56 AM in response to jjrbg

You might read through the following link, the part about Activation lock and how a device can be permanently locked - I mean permanently.


One paragraph for the link below...


"As a result of that, using Activation Lock will become the best way for disgruntled employees to take a parting shot after being fired. They will report their device lost, then turn it in and leave. After that, the company will no longer be able to use the device, even though the company owns it."


http://www.cultofmac.com/246755/why-ios-7s-activation-lock-is-a-disaster-waiting -to-happen/

Reply
User profile for user: jjrbg
jjrbg Author
User level: Level 1
0 points

Sep 29, 2013 1:00 PM in response to pvonk

Thanks for the link - a very interesting read. I cannot believe Apple haven't created a workaround, all-else-fails process. Imagine purchasing a £2000+ MacBook paperweight! Surely, legally there must be some comeback. Could you take the ex-employee to small claims court?


The only solution I can think of is to ask users to create Apple ID's with their corporate email address, and tie their devices to that. If they were to leave, we control the email domain, so could reset the password if neccessary.


I called Apple Enterprise Support and they suggested a general corporate iCloud account that we use to enroll all our devices with. Apparently, the iCloud Apple ID can be different to the Apple ID used by App Store and iTunes etc.

Reply
User profile for user: jjrbg
jjrbg Author
User level: Level 1
0 points

Oct 2, 2013 5:10 AM in response to jjrbg

Some potentially good news on the horizon for anyone else concerned by this feature for company owned devices. I have heard there is an upcoming release by Apple to their MDM partners called "Streamlined MDM Enrolment". This is actually listed on the Education page for iOS 7 already. This will supposedly enable devices to be fully enrolled and provisioned over-the-air (in "supervised" mode) without the need for a physical connection using USB or Apple Configurator.


User uploaded file


Streamlined MDM enrolment.

With automatic device configuration, new devices purchased by a school can be wirelessly enrolled into their MDM system during setup. In addition, new devices can be placed wirelessly in supervised mode, which enables enhanced management options. With streamlined MDM enrolment, users can be up and running quickly without the need for manual configuration by IT.



I await some timescales as to when we'll be able to utilise this new feature.

Reply

Company owned devices

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up