You can send several mobile device commands to your iOS devices, such as:
- Update inventory
- Lock device
- Lost Mode
- Clear passcode
- Unmanage device
- Wipe device
- Send blank push
For more information on these commands and what they do, please see Remote Commands for Mobile Devices. Note that some of these commands might say Supervision required. This means the device must be enrolled in the DEP program at the time of device setup. More information on DEP can be found at the mobile device enrollment page.
To run these commands in the JSS:
- Click on Mobile Devices at the top
- Search inventory for the desired device and select it
- Click the Management tab
- Click the desired command
|These commands should be done with great care, particularly wiping the device or unmanaging it. You should test these commands before running them on a production device to ensure they do what you want them to.
iOS/iPadOS devices can be locked down by enabling Lost Mode. Once Lost Mode is enabled, the device will be unusable and will display a message on the screen, instructing the user to contact support to unlock it. If the device is enrolled in DEP, you user will not be able to bypass Lost Mode by wiping the device, so this is ideal for protecting lost or stolen devices.
To enable Lost Mode, follow these steps:
- Click on the Enable Lost Mode button in the Management Commands pane
- Enter a message to be displayed to the user on the lock screen.
- Fill in the message and footnote fields with your custom message. You can optionally specify a phone number, as well.
- Leave the "Always enforce Lost Mode" box checked
- The "Lost Mode Sound" setting is optional but recommended. If enabled, the device will get progressively louder and keep beeping until the user touches the volume-down button.
- Click Enable Lost Mode to finalize the settings and send the command.
- Find the device record in the JSS
- Under the General tab, go to the Security pane on the left
- Scroll down to the "Approximate location" field
- Click on the coordinates to open Apple Maps. Note: if the link does nothing, try command-clicking to open it in a new tab. It should prompt you to open the Apple Maps app.
- In the JSS, find the mobile device record
- Go to the management tab
- Click on the Disable Lost Mode button in the Management Commands pane
- Note: the device will need internet access to receive the unlock command. This might require an Ethernet dongle or connecting to a Mac via USB to share its internet connection.
- In the JSS, open the computer record
- Go to the Management tab
- Click on the Lock Device button
- Enter a 6-digit passcode. Note that while Jamf will let you type anything in this field, it must be only numbers.
- Record this passcode and serial number and store it somewhere safe, like in LastPass.
While the passcode is also accessible within Jamf under History > Management Commands > Completed, these logs get flushed periodically so you must save the passcode somewhere permanent.
- Enter a lock message. e.g. "To unlock this device, contact the MIT service desk at email@example.com or 617-253-1101."
- Click Lock Computer
- Users will be prompted to enter the passcode during firmware boot before they can select a boot drive.
Apple Silicon Macs must be running macOS 11.5 or later for this to function correctly. On 11.4 or earlier, the computer will simply reboot to recovery and require authentication with a Secure Token-enabled account to reactivate.
Questions? Contact us at firstname.lastname@example.org.