Here at freestyll.com we have now worked with several large IT departments, and the main pain point for managing multiple Apple devices is Activation lock AKA iCloud lock.
Here are our suggestions for Managing iCloud issues in IT departments.
First... the good news, new issues of iOS Devices should be managed by "Apple Configurator" as described in this link support.apple.com/en-gb/HT202804 - this will allow IT to centrally manage activation locks. Assuming you have already got your devices out "in the field" then read on...
1) Advise all users that on return of devices, they must use the reset function within "settings -> General -> Reset All Content and Settings" This keeps data secure and will only proceed if the user frees their iCloud lock from the device by entering the password.
DO NOT use or encourage hard reset from recovery mode as this will create "ghost iPads" which look reset but are actually still locked to the previous users iCloud account - with only a partial email address to ID the device. in one case we identified the original user of one iPad from a Linkedin notification so its handy to keep locked iPads in the original state. Resetting or restoring a device does NOT help as the device is locked on the Apple side server not locally :(
2) On receiving devices back from employees (especially those moving on) its important to treat a physically returned iPad as only the first step, check IMMEDIATELY when devices are returned. It certainly took weeks for the plunc.com team to automatically and religiously check iCloud before accepting trade in and returns.
3) If you are ready to recycle... but typically maybe 20 percent of your devices are iCloud locked... email EVERYONE you manage and ask them to check their iCloud account for devices which should have been removed. They can follow instructions on this link plunc.com/data
If that's not feasible, then check the email hint on the activation screen; you get the first letter of the email address and first letter of the email provider. You can then filter your employee email list and get some some matches or even a specific user. If you have a serial number database then even better. Pro tip: if the user has left your company its still worth making contact and advising them that their data is not secure as you are unable to wipe the device while there account is connected. A white lie but one that usually spurns some action!
4) Dont forget you can always check remotely if the device is iCloud/Activation locked on the apple website at this link www.icloud.com/activationlock/
You CANNOT unlock iCloud from online services which are not Apple themselves. Previously Apple would not free any device from icloud but recently they have softened on this and with an enterprise level account you can submit proof of purchase and serial numbers and they should eventually sort them, see this link support.apple.com/en-us/HT201232. Websites claiming to be able to do this have always been a scam, please see our previous article freestyll.com/blogs/news/168574279-beware-icloud-unlock-scam-websites