The Story of a Locked iPad

One of my clients recently had an employee pass away unexpectedly. This unfortunate experience led to many challenges for them. One of those challenges was a company-owned iPad that was locked. It was purchased as a trial to determine the best way mobile devices could be utilized by the company. It was then given to the employee with the understanding that they would use it on a daily basis to determine if iPad's would be useful for the rest of the staff.

Although it was owned by the company, the iPad was treated like a personal device. Other than purchase records the company had no information about the iPad available to them; including the passcode. The "owner" had set a Simple Passcode, but failed to let anyone in administration know what it was. Fortunately, another staff member was able to guess (!) the passcode and unlock the device. Having a passcode that simple will be a topic for another day.

The first I learned of this device was when a colleague and I were called in to assist with connecting it to the Apple TV the client had just recently purchased (which was news to me as well). I was able to install updates to the iPad, configure the WiFi settings properly, and connect it to the Apple TV. However, that's when we (the client and I) found out that the data they wished to present was in iCloud. And, of course, the Apple ID was under the recently deceased employee's personal email account.

One of the blessings of this whole experience is that the iPad was purchased with AppleCare+. I called Apple Support and began the process of resetting the password and security questions for the Apple ID. The client was able to provide all of the purchasing information (including credit card) and the support representative was able to send a verification code to the iPad. Once the code was verified an email was generated that was supposed to allow us to reset the password. The reset email is not delivered for 24 hours; so, we waited. When it arrived, it provided a link to a password-reset website. Unfortunately, when I attempted to reset the password, the website stated that it could not verify the link.

So began another call to Apple Support. After another lengthy discussion about our issue, I learned that the original representative was not supposed to have honored our request for a password reset; which may be why the link could not be verified. The case was escalated and I eventually spoke with a support manager. He was very helpful and we were able to work through the process. I was able to change the primary and recovery email addresses for the Apple ID so that it was associated with the client. And after another 24 hours I received a password reset email that provided a link that actually worked. Success!

The client did have to open an additional case with Apple Support in order to reset the security questions; but that process was very smooth. I would like to give a shout out to the Apple Support team for giving us all of the service and support that they did, and for following up several times just to be sure that all of the issues were resolved. Thank you.

There are several valuable lessons to be learned from this experience:

• Communication is a two-way street. As a consultant who is not always present at a company I need to stay in contact with them on a regular basis and discuss current and future projects. But because I am not always on-site, the client should know that they need to keep me abreast of new developments in their technology plan. One of the challenges I have is helping my clients understand that anything that connects to the network needs to be brought to my attention.
• It is vital that proper Documentation be completed. Since this is a company-owned device, they need to know all of the account and security information that accompanies it. There is a lot of data that needs to be recorded such as serial numbers, Operating System versions, apps purchased and installed, WiFi connections, data plans (if it has cellular capabilities), and much more.
• In order to assist with all of the above, a Mobile Device Management solution is a must. As mobile devices are being brought into the business world, we need to balance securing company data with productivity. Ideally an MDM solution would allow for centralized management of applications, data flow, configuration profiles, and update settings. Granted we were only dealing with one device here, but obviously the company was planning to deploy more devices to staff members. 
• Mobile devices are far more susceptible to damage than the traditional desktop computer. As such, I highly recommend purchasing a protection plan such as AppleCare. Most warranties last a short time and are very limited. Extended warranty plans; however, usually cover accidental damage and software support. I am very glad that company had the foresight to include this with the purchase of their iPad.