Managed Device Required
Using this feature requires the device to be managed by Kolide. Please consult the Apple MDM article for details on compatibility and how to enroll the device under management.
What Does Remote Lock Do?
On Intel-Based Macs
When an Intel-based Mac receives the lock command, the following actions occur:
The device will immediately show a loading / spinner icon in the center of the screen for a few seconds, and then turn black.
The device will reboot and then display a lock screen, as shown below. This screen will include any optional message below the PIN entry field.
The device will not communicate with Kolide or receive any additional commands until it is manually unlocked with the PIN generated by Kolide.
Once the device is locked, it can only be unlocked using the six digit PIN. This PIN is accessible to the Kolide administrator in the header of the locked device's overview page.
This pin is also accessible to the end-user via the Slack Home Tab
Once the PIN is entered, the device will communicate with Kolide and let it know that it is no longer locked.
On Apple Silicon Based Macs
When an Apple Silicon Mac receives the lock command, the Mac will immediately reboot into the recoveryOS. In this recovery mode, the only options are to restart, shutdown, activate, or erase the Mac.
To re-activate the Mac, the user must select an administrator user and provide the password. This activation step requires an internet connection.
How To Initiate Remote Lock
Remote Lock is considered a Sensitive Device Action and requires informed consent.
To Remote Lock a Device, simply follow these steps:
Go to Inventory, search for and choose a Mac you'd like to remotely lock. Click on its name to go to the device's detail page.
Click the Actions menu in the upper-right corner and choose Remotely Lock...
For an Intel-based Mac, you can choose an optional message to display under the PIN entry on the Lock Screen.
Click the Contact button to initiate the informed consent flow.
As always, please do not hesitate to reach out via Intercom, or by emailing email@example.com should you have any questions or feedback regarding this feature.