I am trying to POST JSON to https://mdmenrollment.apple.com/device/activationlock to enable Activation Lock for an iPhone that is enrolled under DEP (I've also tried 2 other iPads). The HTTP Response is a 400. The body of the Response contains the string "USER_INACTIVE". I cannot find anything in the documentation or the forum regarding this response string. Has anyone been able to successfully POST to the above URL, or received the above HTTP response and determined the error? The JSON that I have posted includes the device serial number. I have also sent JSON with and without the optional "escrow_key" and "lost_message" keys.
Getting HTTP 400 response string USER_INACTIVE
Saw the same issue today for a device that is part of an Apple Business Manager account (migrated from a regular DEP account).
Enabling activation lock worked for a device that is part of an Apple School Manager account.
MDM documentation states that both Business Manager and School Manager accounts should support MDM Activation Lock, though:
"The Activation Lock request is available in X-Server-Protocol-Version 2 and later to organizations that have enrolled through the Apple School Manager portal or Apple Business Manager portal."
Not sure why activation lock fails for the ABM device...?