OS Support
| macOS | Windows | Linux | iOS / iPadOS | Android |
|---|---|---|---|---|
| ✅ | ✅ |
Rules for escrowing bypass codes
For a bypass code to be successfully escrowed, all of the following conditions must be met:- The device must be supervised via MDM — unsupervised devices cannot escrow bypass codes.
- The device must be enrolled before Activation Lock is enabled — if a user activates Find My before MDM enrollment, the bypass code will not be available.
- The device must be a company-owned device — personally-owned (BYOD) devices are not eligible for bypass code escrow.
- The MDM profile must be installed at the system level — user-approved enrollment (without DEP/ABM) may not reliably escrow bypass codes.
Check bypass code availability
- Go to Devices > All Devices.
- Open the relevant device record.
- Scroll to the Compliance section.
- Check the iCloud Lock status:
- ✅ Enabled — the bypass code is available and escrowed.
- ❌ Missing bypass code — no code was backed up; the original Apple ID is required.
Run a regular audit of devices showing Missing bypass code to identify machines that may be unrecoverable after a wipe. Prioritize re-enrolling these devices via ABM if possible.
On macOS
Retrieve the bypass code from the device record, then:- macOS Catalina (10.15) and later: on the Activation Lock screen, click the question mark next to the Apple ID field, select Bypass activation lock, and enter the code.
- macOS Mojave (10.14) and earlier: enter the bypass code directly in the password field on the Activation Lock screen.