Project Description
I have already built and deployed a custom Apple-compatible MDM server that talks to Apple Business Manager through the regular server token workflow. Device assignment, supervision, remote lock / unlock—everything works. What still eludes me is the automatic iCloud (Activation-Lock) screen that commercial solutions trigger the moment a user tries to factory-reset the phone or remove management.
Right now, when a device enrolled through ABM is wiped, it boots cleanly and the MDM profile is gone—no iCloud lock is presented (Q1: Nahin). I set the device up through Apple Configurator and ABM (Q2: Haan) and even experimented with Lost Mode (Q3: Haan), yet the result is the same.
I need clear, practical guidance that shows:
• Which DEP/MDM flags, configuration-profile keys or server-side commands must be set so Activation Lock is silently enabled while the device remains supervised.
• The exact MDM Check-In / Command payloads (JSON or plist) required to enforce the lock after EraseDevice or “MDM profile removal” attempts.
• Any mandatory ABM or ASM console settings that must be toggled to make this work.
• A short test procedure so I can validate that, after a wipe, the handset stops at the iCloud screen and asks for the assigned Apple ID before it can proceed.
Sample code snippets for the relevant endpoints in Go, Python or Node would be ideal, but a concise explanation of the workflow—with the correct keys and their allowed values—is enough. I’m ready to test immediately on multiple supervised iPhones and will provide live logs if needed. Help me make sure no one can remove my MDM without hitting the Activation Lock wall.