The user must keep Find My turned on and remember the Apple ID and password. See Users: Enable Activation Lock. Activation Lock can deter anyone from reactivating a device without the user’s permission. The user’s macOS or iOS device must have an Apple T2 security chip. See Create a Policy to Allow Activation Lock below. An Allow Activation Lock policy does not enforce a set of rules, but simply allows Activation Lock on a user’s device. You can use a bypass code to get by the Activation Lock to unlock a device to recover the data, without having access to the user’s Apple ID. You can create a JumpCloud policy that allows Activation Lock on your organization’s managed and enrolled devices and have your users turn on Find My in their iCloud configuration to enable Activation Lock.
Activation Lock is a theft-deterrent feature that makes it difficult for anyone else to use your lost or stolen macOS or iOS device.
