NL | EN
MySysCheck.com

Apple MDM Lock

MDM (Mobile Device Management) is used by schools and businesses to manage devices remotely.

What is an MDM lock?

A device with an MDM lock is linked to an organization. Once it connects to the internet, it checks in with Apple’s MDM server, which can manage, lock, or wipe the device.

Important: always perform both checks

For Apple as well, there are two risks you can best rule out by doing both steps:

  1. Pre-registered via DEP (Device Enrollment Program) → only visible via our IMEI check (multiple sources simultaneously).
  2. Active MDM prompt during setup → only visible by powering on the device, connecting to Wi‑Fi, and completing the setup wizard.

That's why you should always do both checks:

  1. Step 1: Perform IMEI check – to discover pre-registered devices.
  2. Step 2: Power on and complete setup wizard – to see if an active MDM prompt appears.

⚠️ Only step 1 → risk that the device still enters MDM during setup.

⚠️ Only step 2 → risk that a pre-registered device is still managed later.

👉Only by performing step 1 AND step 2 are you more certain the device is truly MDM-free.

Extra attention: pre-registered devices

Some devices are already pre-registered with an organization (such as a company, school, or provider), without having an active MDM/KG lock yet.

This means the device appears free now, but as soon as it connects to the internet, the organization can still activate a lock – immediately or at a later time (for example, if there's still an outstanding obligation or a company takes action).

Our IMEI check is extra valuable here, because our API consults multiple sources simultaneously (including Microsoft Azure, Apple Business, Sickw, and other MDM servers).

Other checkers often only look at one source, which means you can miss risks.

Why isn’t a check always enough?

Even if a check shows “No MDM”, the device can still be automatically enrolled by Apple if it’s part of the Device Enrollment Program (DEP). This happens during setup when online.

How to be sure the device is MDM-free?

  1. Turn on the device and connect to Wi-Fi.
  2. Complete the setup wizard until you reach the home screen.
  3. If you do not see a “Remote Management” prompt, the device is not enrolled via MDM.
  4. Optionally, check VPN settings to ensure they are empty (nothing configured).

Note: If “Remote Management” does appear, the device is not MDM-free, even if an earlier check suggested it was.

Rule of thumb for MDM checks on other brands

❌ No check is 100% reliable if the device is turned off or not connected to the internet.

✅ Best method: power on the device + connect to Wi-Fi + complete the setup wizard.