Locked IPADS
Posted by After-Word6179@reddit | sysadmin | View on Reddit | 87 comments
Looking for some help, maybe someone here has gone through a similar situation, so basically our company bought around 200 ipads, and somehow, its beyond me, the ipads got registered to his personal Apple ID and now he has left and marked all of them as lost/stolen.
How can I go about regaining access or factory reseting them ? Should I contact apple, or is there nothing that they can do ?
riptide_wave@reddit
Get the receipts and be ready to contact apple. Or better yet, let legal handle it.
Orangesteel@reddit
Yup, had this issue with a single device bought by shadow IT. Contact Apple, offer proof of purchase and it was unlocked in a few days. I’d get procurement/contracts to do the legwork, we didn’t need legal. (Maybe for 200 the process is different and more legalistic.)
buzz-a@reddit
The reason to get legal involved is to pursue the ex-employee.
What they did is illegal, harmful to the company, and something they can get sued for.
Apple is just a simple proof of ownership to tech support.
Superb_Raccoon@reddit
Incompetence is not always malicious.
buzz-a@reddit
100%
This doesn't sound like it's accidental.
adstretch@reddit
For large batches if they go through business / education support they will give them a spreadsheet to fill out and do it in bulk.
Economy-Engineer-114@reddit
This is true the spreadsheet method is usually provided for business or education device unlock request above around 5 devices or so. You will need to provide copies of the original purchase order / receipt for them to play ball but then the devices are usually unlocked in a week or so.
nathan9457@reddit
Agreed, legal purely because his actions are malicious.
danekan@reddit
Or just incompetent
beren12@reddit
You don’t “accidentally” mark 200 device as lost. Not login to them with your personal account.
mixduptransistor@reddit
Yeah, OP if you have the receipts and can prove that the company paid for them start the process with Apple. But, also, just because they were registered to this guy's personal account doesn't mean he can do whatever he wants.
A good strong demand letter from the company's attorneys should shake him off his ass. If not, they should file a lawsuit. I mean maybe even consider calling the police. The cheapest iPad they sell right now is $349 x 200 is about $70,000, and bricking them is essentially destroying them making this more than just a civil disagreement
HotTakes4HotCakes@reddit
Except he didn't brick them, he locked them. If he refuses to unlock them, then you contact Apple and if Apple refuses to help you, that's when you call them lost.
But if you want to come after him for damages, 200 previously deployed and now permanently locked iPads is definitely interfering with work and probably production somewhere. The company can likely argue they're losing money the longer they're locked.
mixduptransistor@reddit
They're bricked right now. Maybe not unrecoverably, but the fastest route to having this solved is this guy un-reporting them as stolen. They should pursue both paths in parallel because the Apple route is both not guaranteed to work and also will take some time to navigate. If they can get a letter from their lawyer and threaten the guy with legal action, he could have them unlocked within minutes of receiving that letter
_30Harsh_@reddit
I did this but they did not sort my issues rather I got it down by local repair shop
LotusLord23@reddit
This is the way
TraditionalShape666@reddit
This is why companies should set up mdm software and spend the money, instead of trying to do it cheap. Each iPad or mobile phone its £500 to £700 the software license is far cheaper then have lots of dead hardware.
BlockBannington@reddit
Receipts. Without it, you have jack shit as I tried the same with 30 iPads. Tossed them and implemented ABM. But for some reason, facility wants to hang on to managing iPads. The fuck.
LDroo9@reddit
Are they not in ABM/Intune...
After-Word6179@reddit (OP)
unfortunately not, its all on his personal ID
Expensive_Plant_9530@reddit
How the hell did he manage 200 iPads without ABM and an MDM? That would’ve been insane labour overhead to do literally anything.
gme_is_me@reddit
What I did back in 2013 was create a new work email and a corresponding iTunes account. You could register 10 devices (in this case, iPads) per account. I had about 230 devices. I kept an Excel spreadsheet with IMEI, serial #, phone number, and who it was assigned to.
I set each device up to require password for any new download, and I did not give it it to anyone. When setting up a new batch of 10, I would download everything into one, back it up, then log into the others and set them up from the backup.
Yes, it was very labor intensive, but my company was too cheap to pay for any of the early MDM solutions.
I do not miss that at all.
FirstTimeWorkingInIT@reddit
Doing something similar, we have in total about 350 phones/ipads, but my company is Japanese, and thus slow on the choice of getting an MDM solution for the past year or so that I have been in charge of these devices. I just have an excel with every IMEI, phone number, apple account linked etc.
Very much not ideal, but you gotta work with what you've got.
yepperoniP@reddit
This was literally what my past manager wanted me to do, but a decade later in 2023. I ranted about him in a post here at the time but it was insanely stupid when groups of 10 iPads started syncing over iCloud as they were on the same account. Was just a huge clusterfuck I wanted to fix but he’d always give some excuse about not having money.
I brought up InTune multiple times as we already had the proper MS365 licenses so it wasn’t a financial problem and would save us a ton of time managing them but he would literally start yelling at me about how it wasn’t necessary.
Glad I got out of there but was kind of good to see how bad things can get at some places.
Expensive_Plant_9530@reddit
Yeesh.
I remember inheriting some stuff like that on thankfully a much smaller scale, when I interned at my current company.
Fortunately we adopted ABM and VPP, and were able to get onto Meraki SM. Last year we switched to Jamf and I quite like it.
I couldn’t imagine trying to manage that many iPads these days manually.
We’re fortunate in getting non-profit pricing which is ridiculously cheap per device, so that helps a lot.
joshghz@reddit
A long time ago, I worked at a school where the mess I inherited was like this. Not the cleanest solution, but I ended up getting a Mac Mini as a server and used Apple Profile Manager and re-enrolled them all.
atbims@reddit
That's secure... Let's allow company equipment back up to someone's personal iCloud 👍🏼
You need to get off Reddit and go to your legal department. You've got data risk, malicious actions toward company assets, and a disgruntled former employee at the very least. The cost of these iPads is probably not even the biggest potential loss here.
publicdomainadmin@reddit
Do you feel better, now that you got that off your chest?
protostar71@reddit
What a productive comment.
publicdomainadmin@reddit
Versus the condescending comment I replied to? OP clearly effed up but dude's reply here is just piling onto OP, especially when others have given similar advice in the thread without the attitudinal addition.
Also OP wasn't as bad off as they thought considering they have an MDM enrolled and have already spoken to legal.
It's possible this entire situation was dumped on OP to deal with without OP being the issue here.
guzhogi@reddit
They can be on a personal Apple Account, and still in ABM. Apple released a new feature awhile ago that allows companies to disable activation lock themselves, as long as the iPads are in ABM
Key_Pace_2496@reddit
This is a legal issue and not an IT issue.
the_federation@reddit
Open a support case with Apple Business Support to remove the activation lock. You'll need proof of purchase/ownership, which may be difficult. If you can find the ABM tenant, that'd be ideal. I had to open a similar ticket last month, and they wouldn't take our CDW receipt as proof of purchase; I had to reopen the case and upload a screenshot of the device being in our ABM tenant to get them to unlock it.
canadian_sysadmin@reddit
You can send receipts to apple. It's long and painful but can work.
But make no mistake, this is almost certainly a scam. Anyone who handles large volumes of iOS devices knows the best practices.
GeekgirlOtt@reddit
Are you sure they were marked stolen? What do you see on them / what has happened with then to tell you that? You don't seem to know even which MDM was in use and there were new terms released in ABM mid month that may need to be agreed to. Failure to do so can cause various technical issues.
ColdHeat90@reddit
I’m more impressed that the former employee locked 200 iPads to one Apple ID.
yepperoniP@reddit
Not sure if this is an AI post, even today there’s still a 10 device limit in place. Had to deal with this a few years ago when trying to clean up somebody else’s work. Relatable story, but gets the smaller details wrong.
jkdjeff@reddit
Legally, they probably belong to him, not the company.
After-Word6179@reddit (OP)
How does that work ? Their bought by us and we have invoices with proof
jkdjeff@reddit
“Bought by us” how?
Sintarsintar@reddit
Contact apple with the invoice they should be able to get it corrected.
edingjay@reddit
This. You need a proof of purchase. Went through this about 2 years ago on an iPad we had lying around and I had to match the serial number to a CDW order and send it in to support to get it removed from the former employees apple id.
abfarrer@reddit
Apple support can provide an unlock code, but you'll need proof of ownership and it's going to be a pain to do for all of them. They'll also end up wiped, if they aren't already. Investigate using an MDM before you reset them, at the very least register them to a company owned apple id, or some user will end up adding theirs and you'll be locked out again.
Orrickly@reddit
When I worked K12 IT Apple would help us with stuff like this but we had to supply a PO with device serial. It never happened to us but always heard they're a real pain in the ass if you don't have that.
cl326@reddit
Just melt in them down, reconstitute them as ‘like new,’ and the registrations will be empty. Register them as new. We do this all the time.
mods_are_lame1@reddit
Like in a kiln?
hainesk@reddit
Apple will help if you can show receipts that include the device serial numbers. If the company paid for it then they should have that.
lkeels@reddit
He who?
After-Word6179@reddit (OP)
Sorry just realized I didn’t mention, basically a disgruntled employee
kahless2k@reddit
If you have proof of purchase with the serial numbers, Apple will remove the Apple ID unlock for you.
It will be a process though, I hope you have ABM and don't need to go through that.
6tyrrell@reddit
There is software you can buy to remove mdm and ID. I used it to reset 5 ipads at my work. Worked great but it isn't free. I'm assuming its probably what people use to reset stolen devices but its completely legit. I just had to sign an acknowledgement that we owned all the ipads and have evidence to back it up if needed.
Leviathon713@reddit
Does this magic software have a name? Searching that is going to turn up nothing but garbage or scams.
AFAIK this can't be done without something very expensive that normally only law enforcement has access to (well, the license part you can buy the hardware). At least for the iPhone, I assume the iPad to be the same.
tokenwalrus@reddit
We've gone through this with buying refurbished iPads. They were never released from the previous organizations MDM. The vendor and apple were no help so we ended up returning the ones that were like that. We don't buy refurbished Apple products anymore.
Opposite_Bag_7434@reddit
You might work with your accounting team to help identify clues of an ABM account. This might be your best chance at this point.
ChiefBroady@reddit
Sounds like you need to call apple with receipts and buy a plane ticket and a baseball bat. At least.
St0nywall@reddit
There's no way you can lock 200 iPads to one personal account. There's a limit of 10 devices per ID.
You will need the receipts showing you own the devices and send them into Apple to have the account released from the iPads. Contact Apple support for the release document and email to do this.
atbims@reddit
No, there is not. There's a limit of 10 for services like Apple music and media purchases, but there is no limit to how many devices can be signed in or activation locked on a single account.
St0nywall@reddit
Yes there is a limit, but your statement is also correct.
The_Lez@reddit
Man this has been my situation too. But with various past users. I have maybe 20 iPads that are now essentially just paperweights because no one kept any receipts and they didn't have an MDM.
su_A_ve@reddit
If they were purchased directly from Apple, they should be on ABM or ASM (for schools). Apparently now you can remove an activation lock from ASM without having to contact Apple. It was doable before but would take a week..
Dull-Personality5131@reddit
🤔are they not in ABM?
fraghead5@reddit
Apple will unlock them with proof of purchase
linniex@reddit
Thank you for this; I gave my mom an older iPad about 5 years ago, it was still working fine but she ‘forgot’ the PIN code to it. I’ve tried almost everything to unlock it. Gotta figure out where I bought it though because it’s about 10 years old now.
fraghead5@reddit
You will need proof of purchase with the serial number. Not sure if they do it for individuals, but i know i have done it 3-4 times to remove iCloud lock on some corp owned laptops that the users locked to iCloud before i had policies to block that.
linniex@reddit
Yeah and I’m pretty sure I got it thru Verizon too
Vesalii@reddit
If younhave an invoice apple will fix that for you. If not, you're SOL
Helpjuice@reddit
This would require coordination between finance, logistics, legal, and IT.
Gather all purchase orders from finance, validate where everything is with logistics, and have legal review the bulk contact with Apple to make sure everything is in order. Then once Apple processing things IT will need to enroll everything within the Apple Business Manager + MDM to permanently resolve this issue. This should be done going forward for all corporate owned devices without exception with only the business account being used and all personal usage emails forbidden by policy.
daishiknyte@reddit
This is a problem for legal.
Correct-Prune5759@reddit
MDM adminncentre you have access? It should be registered and you need to remove the mdm authentication if it is company either azure or 3rd party management should be the source through which devices onboarded
BatPsychological4678@reddit
Can we wipe & re-enroll via MDM if we had one set up before this?
ProfessionalEven296@reddit
You call two people; Apple Support, with a copy of the sales receipt, to get control back, and your attorneys, because he's just trashed $200,000 worth of equipment. Even if you get control back (you should), you were unable to use them for a period of time.
If Apple are unable to help for any reason, it looks like this chap is in danger of losing his house....
joeykins82@reddit
This is a legal matter. He's deliberately rendered 200 company-owned devices unusable after leaving the business. A strongly worded letter from the lawyers basically saying "remove these devices from your Apple ID so that activation lock clears, or we will both seek civil damages and raise this with the police" should make him reconsider. "If you do this promptly we will consider the matter closed and no further action will be taken" etc.
mrzaius@reddit
Sure... But going through vendor route should get them jammed into ABM and corporate owned as they should have been from purchase.
Debatably a better outcome with less work.
marks-buffalo@reddit
Give the stolen iPads back.
Randomhandz@reddit
Use the apple business portal, sign up and use JAMF, enroll them all and reset.
cubic_sq@reddit
Were they purchased through an apple partner / reseller? Reach out to them.
If not, will prob be a long painful process..
meuchels@reddit
What is cumby is that there isn't a single answer to your question as we are in a similar situation on a much smaller scale. Part of the fault should be on Apple for straight up bricking devices instead of giving a method of reset and move on.
AstralVenture@reddit
He’s going to get arrested, and why would a company allow an IT professional to register any device on their personal account?
danekan@reddit
It’s pretty common for iPads in a small org Not saying it’s right but you can’t assume malice.
Absolute_Bob@reddit
There are many companies out there who hired "some guy that knows computers" with absolutely zero idea of their real qualifications because they aren't qualified to hire for the position. Then the guy gets in there and doesn't know anything remotely enterprise, tosses the company domain name on his personal registrar account, and has Raid 0 drives with no backups.
Cczaphod@reddit
You can only register around a dozen devices to an AppleID unless it's a managed ID. If it's a managed ID, then your company owns the ID and can reset the password.
PoolMotosBowling@reddit
Def contact the legal department and let them handle it.
Successful_Glass_925@reddit
Talk to your Apple regional sales representative. Hopefully the one you used to purchase iPads. Get your receipt. Call the apple business support line. Call do not email or text and make sure it’s Apple business.
SchemaAndShell@reddit
After all the legal fees and time wasted when this is over, I hope your organization will consider implementing ABM/MDM and adhering to a proper governance program.
Appropriate-Fish2374@reddit
A letter from your legal department should encourage this ex-employee to help clear up this error.
BoysenberryDue3637@reddit
I'm going to make said former employee pay a very large price for this. It is going to start out on the civil side and then work to criminal for theft. If getting the law involved doesn't get them to give up the ID doesn't work, it's on them.
dontbethefatguy@reddit
You’ll have to use proof of purchase to get activation lock codes for each iPad from Apple.
daedroth28@reddit
If they were bought new, you could possibly contact your reseller to go through their channels for Apple support. Alternatively, if you haven't already created an Apple Business Manager account, do so. Then contact Apple support directly and provide invoices proving company ownership of the iPads, rather than personal.