Enterprise and educational institutions have a new tool in Casper 9.1 for identifying iOS 7 devices under Apple’s new Activation Lock management. This tool becomes increasingly important if employees or students are allowed to use their personal Apple IDs with their devices because only they can return the device in an unmanaged state.
Apple introduced “Find My iPhone” in iOS 3 allowing users to track their own devices or others with their owners’ permission. Since that time Apple has added remote lock to prevent use of a lost device and remote erase to wipe data from the device when the owner can’t recover it.
With iOS 7 Activation Lock is automatically enabled when remotely locking or erasing a device, making using or selling it difficult without first entering the password for the Apple ID that locked it and then removing the management. When a remote lock or erase command is issued Activation Lock effectively bricks the device preventing anyone from erasing or reactivating it.
JAMF Software released Casper 9.1 the same day Apple released iOS 7 and added the new field “Device Locator Service Enabled” for identifying iOS 7 devices tied to Apple IDs that can remotely lock or erase them. This field appears both under the General payload of an individual device as well as a criterion under Smart Mobile Device Groups.
Casper can only identify whether the device location service is enabled. It cannot report the Apple ID itself managing the device.
As part of any device return policy for an employee’s departure from his company or a student’s end-of-year equipment return, administrators should review whether the Device Locator Service Enabled field is true or false for the device. The employee or student must remove the device from his Apple ID prior to returning the equipment. He must do this on the device itself under Settings > iCloud and turning off Find My iPhone or Find My iPad. This requires he enter his Apple ID password to complete disabling the management.
While iOS 6 and earlier devices include the remote lock, locate and erase features they don’t include Activation Lock. This is new in iOS 7.
Apple has made no announcements about whether OS X 10.9 (Mavericks) will include this option as part of its “Find My Mac” feature set.