Here is a small introduction to my Situation:
For the sake of an example, I'm running a small IT firm developing really nice banana Software solely on MacBooks. My employees, mainly lazy monkeys, are allowed to link iCloud with their private Apple ID. One day, one of my employees decides to leave my Company, though refuses to deauthorize his iCloud account.
Since my IT admin doesn't think that deauthorizing the iCloud account is necessary, he simply wipes the MacBook and calls it a day.
Sceptical me does a little Research and finds the following link:
What to do if I sold my MacBook Air and didn't disable iCloud
One Comment states:
This is not entirely true. If you do not remove your iCloud account
from your old device, it will remain with that device. Our company
sold our fleet of Mac Air's and a few had iCloud set up. These
machines were all wiped and re-imaged, then sold. The new users never
set up iCloud so that account is blank. HOWEVER, we still had access
to those sold machines via iCloud! We could wipe and/or lock at-will,
even after removing that device from your iCloud account. Annoying and
potentially dangerous. You have to have the new user create a new
iCloud account and request approval from the old user to proceed.
Ridiculous! We ran around in circles with this problem when a few of
our employees noticed they could track their old Mac's after sold.
Oops. Now we know disassociating before sale is imperative.
So here is my question:
Is my former employee still able to remotely wipe the MacBook?
Best Answer
If you want to completely "unlink" your MacBook from iCloud/Apple ID, change the Airport Card (WiFi adapter).
Apple uses hardware identifiers, including the embedded MAC (Media Access Control, not "Macintosh") address to uniquely identify it.
Change out that card, and your Mac will no longer be linked to the iCloud account. They are relatively inexpensive and very easy to change - just remove the back cover and the single retaining screw holding it.
Finally, this should be a good example of why you don't allow employees to register company owned hardware as their personal devices.