Find My Mac and Activation Lock

Find My is Catalina’s extension to the existing Find My [Mac/iPhone/iPad] service which has progressively developed since its introduction in the summer of 2010. Although Apple pushes it as a feature of Catalina and iOS 13, many of its features work in Mojave and earlier. The notable exception to that is its integration with security features in the T2 chip, which now provide Catalina’s Activation Lock.

To use Find My features on any Mac, the following need to be true:

The Mac and other Macs/devices need to be signed in to the same iCloud account.
Location Services need to be turned on.
Find My Mac must be turned on.
The Mac needs an Internet connection.

Location Services are a fundamental requirement, as they enable that Mac or device to determine where it is, using any available hardware and its Internet connection. Turn them on in the Privacy tab of the Security & Privacy pane. There is a penalty here for those concerned with ensuring absolute privacy: you’ll need to click the button to read Apple’s detailed information about what data Apple receives about your location. There doesn’t appear to be any way to enable Location Services without providing Apple that information.

findmy01

Turning the Find My Mac service on varies according to which version of macOS it’s running. In Mojave, for example, it’s in the iCloud pane, but in Catalina it’s in the new Apple ID pane, listed from the iCloud item at the left. There you’ll also find options to control Find My Mac and Offline Finding; when you enable Find My Mac, both are normally enabled by default.

findmy02

If you’re running Catalina, or an iPhone/iPad with iOS/iPadOS 13, then you can open the Find My app and it will show you the location of all your currently active Macs and devices which have Find My enabled.

findmy03

findmy04

If your Mac or device is lost or stolen, you can then use the Find My app to locate it, play a sound on it (ideal if it’s just misplaced), lock it using a passcode, or erase ‘contents and settings’. These can only take effect when the Mac or device is next connected to the Internet. If you lock your Mac in order to prevent anyone else from using it – a useful measure if you have left it somewhere and hope to recover it – then you can unlock it using the passcode which you set, or through your account on iCloud.com. When you set a passcode, include a message to be displayed telling the person finding that Mac or device how to contact you. Be careful not to give a potential criminal personal information which they could abuse.

When Apple uses the phrase ‘Erase Mac’, or ‘erase contents and settings’, this doesn’t apparently mean completely wipe the contents of that Mac’s internal storage. Although Apple’s documentation doesn’t make this clear, it apparently only refers to some particularly sensitive data on that Mac, such as card details stored in Apple Pay. However, users who have performed this report that they’ve been unable to detect any such erasure. Use this ‘erase’ feature of Find My with great caution until Apple makes it more clear what it actually does.

If you have enabled Find My on a Mac which has a T2 chip and is running Catalina, then your Mac also has Apple’s new Activation Lock, which provides more powerful protection still. You can check whether Activation Lock is enabled on your Mac by opening System Information, and selecting the Hardware item at the left. The last line in that overview should state whether it’s enabled.

findmy05

Activation Lock has two additional requirements which you should already meet:

Your Apple ID (iCloud account) must have two-factor authentication enabled.
The Mac must have full Secure Boot enabled – that’s the default Full Security setting in the Startup Security Utility (accessed in Recovery mode). This also prevents it from being booted from an external drive.

When Find My Mac and Activation Lock are both enabled, anyone wanting to turn off its Find My service, erase sensitive data, or try to reactivate or use that Mac must enter the password for your Apple ID, or any passcode which you set when you lock that Mac. This makes it even harder for a thief to do anything with your Mac, and provides further protection for the data stored on it.

The snag with both Find My Mac and Activation Lock is that they can get in the way of anyone trying to service or repair that Mac, or another legitimate user – perhaps someone who you give or sell that Mac to.

If you have enabled Find My Mac alone, or in conjunction with Activation Lock, you must remember to turn both off, by turning Find My Mac off on that Mac, before signing out of iCloud. Apple now recommends that you do those before sending your Mac in for service, a topic which I’ll consider in the next article.

Apple’s general information about Find My is here, instructions about what to do when your Mac is lost or stolen are here, and specific information about Activation Lock is here.

7Comments

Add yours

1

Valdo on December 27, 2019 at 10:09 am

Thank you for extended information. I use Find My on my Mac and other devices with locations switched off. In this case it is not possible to localise the devices but still possible to wipe it and block future usage by clicking Lost Mode.

As a side problem is that in 2014 or 2015 I changed my Apple account linked email address, but when I login into icloud.com and select Find My there is still my old email address.
After few logoffs and logins the correct email appears.
Apple phone support didn’t help me with this, maybe an idea how to fix this? Some deeper user accessible settings somewhere?

LikeLiked by 1 person
- 2
  
  hoakley on December 27, 2019 at 10:36 am
  
  Thank you.
  I don’t know of any deeper settings, although I suspect this is an iCloud/account issue which only Apple can fix.
  You may be disappointed in Apple’s idea of ‘wiping’ a Mac or device – more coming on Monday.
  Howard.
  
  LikeLike
3

macOS Catalina、「Macを探す」とアクティベーションロック | 酔いどれオヤジのブログwp on December 28, 2019 at 2:15 am

[…] (Via Eclectic Light Company.) […]

LikeLike
4

Mike on February 22, 2020 at 7:13 pm

The Find My Mac requirements state that you have to disable the ability to start from an external drive. I tested this last weekend after building a new MBP 16.

After creating a backup drive with Carbon Copy Cloner, I restarted in to Recovery Mode, enabled booting from external drives, and was successfully able to boot from the CCC drive. Find My Mac appeared to remain on, even after rebooting back to the internal SSD.

However, after this what did happen was Apple Pay was turned off, stating that you can only have it enabled for one boot drive at a time (or similar language).

LikeLiked by 1 person
- 5
  
  hoakley on February 22, 2020 at 11:18 pm
  
  Thank you.
  When you enabled booting from external drives, did you alter the upper Secure Boot setting at all? It may be that which needs to be left at Secure Boot, and the lower option is unimportant.
  Howard.
  
  LikeLike
  - 6
    
    Mike on February 23, 2020 at 5:19 am
    
    I did not change the Secure Boot settings at all (left on Full Security).
    
    LikeLiked by 1 person
    - 7
      
      hoakley on February 23, 2020 at 6:44 am
      
      Thanks.
      Howard.
      
      LikeLike

Share this:

Related