Lock action
On the devices table, you can click a locked device to unlock it.
Mac Unlock
Swif locks a Mac remotely using MDM by sending a lock command with a six-digit PIN. After the command is sent, the device restarts and displays a lock screen with an optional short message from the administrator. The user cannot restart macOS until the PIN has been entered and validated.
Note: Locking a Mac with Apple silicon requires macOS 11.5 or later.
How Apple Device Lock Works
There are three ways to remotely lock an Apple device:
Method | Description | Swif Support |
Lock a Mac (MDM) | MDM administrator locks the Mac with a six-digit PIN. The device restarts and requires the PIN to unlock. | ✅ Supported |
Activation Lock | Prevents anyone else from using or selling a lost or stolen device. When managed through MDM, provides additional theft deterrence and can be turned off for organization-owned devices. Learn more. | ✅ Supported |
Managed Lost Mode | Locks the current user out of a supervised iPhone or iPad until the mode is turned off. | ❌ Not supported |
How to Unlock
On the Swif dashboard devices table, click the locked Mac device and select Unlock.
Retrieve the six-digit unlock PIN from the device details.
On the Mac lock screen, enter the PIN to unlock the device.
Tip: If the unlock screen doesn't let you type or the keyboard fails to enter values, press ⌘ Command + R during reboot — the unlock screen will then accept input.
Learn more at How Mac Device Lock Works.
Refresh Unlock PIN (Mac)
If the standard unlock PIN retrieval fails when opening the Unlock modal, you can use the Refresh PIN button to re-fetch the PIN from the device.
How to Refresh the PIN
On the Swif dashboard devices table, click the locked Mac device and select Unlock.
If the PIN field is empty or retrieval failed, click the Refresh PIN button below the PIN field.
The system will re-query the device for the most recent successful lock PIN.
Once retrieved, the new PIN is automatically copied to your clipboard and a success notification is displayed.
Enter the refreshed PIN on the Mac lock screen to unlock the device.
Share PIN with an Employee
You can share the unlock PIN directly with an employee via email:
In the Unlock device modal, enter the employee's email address in the Share with employee field.
Click Send. The employee will receive an email containing the unlock PIN.
Key Points
Refresh PIN retrieves the most recent successfully applied PIN — it does not generate a new one if a valid PIN already exists on the device.
If the device has never had a PIN set (PIN is null), refreshing will generate and return a new PIN.
The refreshed PIN is automatically copied to your clipboard for convenience.
Windows Unlock
Swif's Device Lock on Windows leverages BitLocker to enforce a full-disk lock and shutdown. When a Windows device is locked, the device shuts down and requires a 48-digit BitLocker recovery key to unlock on the next boot. The unlock behavior depends on the Windows edition, whether a BitLocker policy already exists, and whether the device has a TPM (Trusted Platform Module) chip.
Note: Device Lock has no effect on Windows Home edition devices, as BitLocker is not available.
How to Unlock
On the Swif dashboard devices table, click the locked Windows device and select Unlock.
Retrieve the recovery key (48-digit numerical password) from the device details in the Swif dashboard.
On the device, power it on and enter the recovery key at the BitLocker recovery screen.
Unlock Behavior by Scenario
Edition | BitLocker Policy | TPM | Unlock Behavior |
Home | Any | N/A | Unsupported — lock has no effect |
Pro | Exists | Yes | Enter recovery key once; no further prompts on subsequent boots |
Pro | Exists | No | Enter recovery key once; a user-defined password is required on every future boot |
Pro | Not exists | Yes | Enter recovery key once; drive stays encrypted but unlocks automatically on subsequent boots |
Pro | Not exists | No | Enter recovery key once; a user-defined password is required on every future boot |
Key Points
TPM-enabled devices (Pro): After entering the recovery key once, the TPM chip handles automatic unlocking on subsequent boots — no repeated prompts.
Non-TPM devices (Pro): After entering the recovery key, a user-defined password will be required on every future boot to decrypt the drive.
Windows Home: Device Lock is not supported. No action is needed.
Learn more at Windows Device Lock/Unlock Behavior with BitLocker Policies.
Linux Unlock
Linux Device Lock is a security feature that allows IT administrators to remotely lock a managed Linux device. When activated, the Swifteam agent intercepts the normal login flow and displays a lock screen with a custom message and contact information, preventing access until the correct master password (PIN) is entered. The lock takes effect immediately and persists across reboots.
How Linux Device Lock Works
When a lock command is issued, the Swifteam agent performs the following steps:
Lock Screen Setup — The agent creates scripts that intercept the normal login flow:
An init script (
start-on-tty) in/etc/init.d/switches the device to a specific TTY and launches the master password prompt.A start script (
start-on-tty.sh) executes the password check and handles cleanup after successful authentication.A master password script (
masterpass.sh) displays the lock message (e.g., "Your system has been locked by [Admin Name]. You can contact this number: +1-208-507-5466") and prompts for the PIN.
PAM Configuration — The agent modifies PAM (Pluggable Authentication Modules) configuration files to enforce the master password check before any login session, ensuring the lock cannot be bypassed through standard login methods.
Service Management — Both major Linux init systems are supported:
systemd: A systemd service is created and enabled to run the lock screen on boot.
SysVinit: An init script is installed and registered for older systems.
SELinux: If SELinux is active, policies are adjusted to allow the lock scripts to execute.
How to Unlock
On the Swif dashboard devices table, click the locked Linux device and select Unlock.
Retrieve the master password (PIN) from the device details.
Access the lock screen on the device:
Physical machines: Press Ctrl + Alt + F2
Virtual machines: Press HostKey + F2
Enter the PIN at the lock screen prompt.
If incorrect: The system waits 5 seconds, then prompts again.
If correct: The system proceeds to unlock — all lock-related scripts are deleted, created services are removed, PAM configurations are restored, and the device reboots to normal operation.
Key Points
The lock persists across reboots — the device cannot be used until the correct PIN is entered or an unlock command is sent remotely from the dashboard.
All changes made during locking are fully reversible — no permanent modifications are made to the system.
Both systemd and SysVinit-based distributions are supported.
Learn more at How Linux Device Lock Works.
Bulk unlock
You can select multiple devices to unlock together and find the Mac & Linux device's unlock PIN code.
Unlock device group
If the whole device group is locked, you can unlock the device group directly and find the Mac & Linux device's unlock PIN code.
