I recently bought a Macbook air laptop at an asset auction held by an appointed liquidating agent for a company that was going into administration with the intention of using it as my own personal computer. The liquidating agent had advertised that they had "wiped" the hard disks prior to the sale. Upon booting the laptop I am greeted with the OS install screen, which is fine and the install's the latest OSX with no issues however after the install is finished I am then presented with MDM Enrolment for remote management. I've contacted the liquidating agent for help on this and they have advised that the laptop was "sold as seen" and that they don't provide IT support, the MDM enrolment seems to hang and do nothing. Is there anyway to resolve this or have I just bought an expensive paper weight ?

I'd like to ask if there is a difference how my personal data is managed on an iPhone. 1. Private Device (enrolled manual MDM): Separate APFS volume, restrictions for the company which data can be accessed and what is controlled on that device. Things are separated. 2. Inventory Device of the company (DEP enrolled MDM device): Can I use a private iCloud-Account on such device and data is separated like it's my own private property and because of it's a corporate device, they have a bit more rights things to do with it (wiping and so on) except of accessing my personal data? Would be really helpful to know, can't find specific information about it. Thank you!

I need to get information about **System Device Profiles (MDM or enrollment)**, such as Details: Description, control the computer, Allows and other. But I need to get it from some *FileInfo* in order to write these info to my .txt file. I found the right information in **/Library/Application Support/com.Apple.TCC/MDMOverrides.plist** . But in new system Mac version these info is SIP protected, that's why I need to restart the PC in Recovery Mode and write the next console command: *csrutil disable* . I need to find an easier solution, which is approached with any version of system. I can also find the necessary information in System Preferences/Profiles in Details, so does it mean that the information is opened? Where can I find it? It can be no path in Privacy Preferences Policy Control. I have also known about console commands such as *profiles list* or *profiles show*/, but it isn't full info. I really need to read the full info about **all Mobile Device Management** profiles from some file in order to write in my own file and send to server, or something like this.

I will soon have to follow an enrolment process with the company MacBook pro (16'' 2021) I've been using (both for home and work activities). I'd like to continue using the current volume for home activities so I created a second APFS volume where I installed a second MacOS for work related activities and the enrolment. Even though FileVault is enabled on my home volume, I can access its content from the new volume. I don't understand this… What approach would you recommend to prevent admins from the work volume to be able to see files and apps from the home volume?

My son bought this Macbook from some guy for cheap. Did'nt bother to check if he can login and use it. I wiped the macbook clean. And installed ventura, after it asked for wifi and country name, it goes into the MDM menu. I turned ON macbook with CMD+R, went into terminal and did echo "0.0.0.0 iprofiles.apple.com" >> /etc/hosts Made sure the command succeeded by cat /etc/hosts. Exit from terminal. Now back in the mac recovery menu and choose 'install MacOS', it does its thing for 50 minutes and after a few apple logo's, it takes me back to the MDM and hangs. The editing of /etc/hosts file to block iprofiles.apple.com is not sticking after reboot. Please help me in completing install of MacOS after bypassing the MDM.

I got a 2015 MacBook Pro from eBay. I’m trying to install Sierra from scratch (after completely formatting the SSD) but I get this strange extra step (although the install USB is vanilla and done using Apple’s own bootable usb tool) that I can’t pass (pressing continue asks me to connect to a IBM private network, which I obviously can’t do) Does anyone have any info about this. Where is this MacBook comming from? How can I disable this remote management step? Is this a custom firmwere, or where does this come from? 

Resetting an old MacBook Pro - really old - it originally came with Snow Leopard. Using a USB based Mojave installer, which I have used before and is the last thing that stably runs on this box. On full reset - NVRAM, SMC, disk, everything, installer loads normally but then does the MDM prompt and tells me my computer is managed by a company in New York. Key details - this is a personal MacBook, bought new years ago. I have done this re-install in the past without issue. Have researched various issues with MDM and used computers, get all that. Question though is how something now is on this box that thinks it needs MDM to re-install. It has never been used outside my possession. Working the various procedures indicated to try to remove/bypass the MDM prompts. Curious as if anyone has determined on a personally owned computer how it magically starts to use MDM. Thanks

I have purchased a MacBook Pro a year ago and after upgrading to Sierra started to receive notifications from a company that owned a laptop before. I have tried contacting Apple Service and the actual company, no luck so far. I have learned that I need to find two files: /System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist But I can't move them (and even create folders where they can be moved): /Library/LaunchAgentsDisabled and /Library/LaunchDaemonsDisabled Can anyone please help how I can turn off device enrollment notifications?

I enrolled my private MBP with my employer's Intune Company Portal and got access to company resources. Now they changed the policy and private MacBooks are no longer allowed to be be enrolled. That wasn't a problem for me since my old MBP is already enrolled and worked fine, but now I've decided to replace it. Is there any possibility to transfer data to a new Mac including all of the enrolment profiles and certificates so it just continues working like if it was the "old" one?

New to the site and have a question about a 2017 MacBook (12inch Intel Core M3) I recently picked up from a pawn shop. It’s running macOS Monterey and I was able to go through the setup, add my iCloud and sign in and everything and yet I keep getting DEP notifications from Northwestern University. I even wiped it when I first got it yet I still get this. If I click “Details” on the notification it will take me to the Profiles screen (This is the only way to find it as going to Apple Icon > Preferences and searching for the profiles button reveals nothing, it’s not there) On the profiles screen there are no profiles, I’m afraid to click allow for Northwestern University to setup my laptop so I always click cancel and it will let me stay in the profiles pane but there’s never anything there. Searching through my Activity Monitor also shows that there are no MDM processes running. Is there anything I can do about this?

I wanted to ask about the consequences or the steps I should follow in order not to do something wrong with the update of my Macbook Pro 2019 from Big Sur to Monterey. I have never accepted the popup to enroll my device and also disabled via hosts file the notification. So my current status is: $ profiles status -type enrollment Enrolled via DEP: No MDM enrollment: No Can I just do a Software Update at the System Preference and update to Monterey without risking to enroll my device or I should follow some additional steps? I wouldn't like to do a fresh install as I would keep all my system files etc in place since I am using this machine purely for development so it would be a long thing to restore everything.

I've just bought my first MacBook and I found out that it is enrolled in MDM/DEP. The guy I bought it from had it completely sealed up with original packaging so I never thought it would have problems with it, while I also paid almost retail price. Anyway, I have tried different solutions posted here to remove DEP notification and I get stuck at moving files to /etc/hosts. ZSH give back "access decided" error or mounting with root returns "mount_apfs: volume could not be mounted: Permission denied mount: / failed with 66". How can I gain access to /etc/hosts ? I have searched everywhere and for M1 Macs I couldn't find an answer. Thank you!

I got a new Macbook that is managed by a company with Apple Business Manager. Other than working for this company, I want to use this device for my private stuff too, like freelancing. This would mean storing some projects and applications on the device that I don't want to share with a company that owns this Macbook device - I want full privacy and control over my data. The warning says the company can erase the device and list installed apps, but I’m not sure how to tell what else they might do with their owned and managed device. It would be very helpful to know what extent of privacy and control I have over this managed device?

I recently bought a MacBook Pro from a third party brand new in the box. I go to set it up and I get to a screen that says "Remote Management" It says Verizon can remotely install apps and erase my MacBook Pro... WTF? Why am I seeing this message? Does this mean the MacBook is not new?

I have a company-provided 2019 MacBook Pro that is enrolled in Apple DEP and has Jamf as the MDM provider. (OS Version is Big Sur, 11.6.2) For a side project I created several virtual machines with Parallels and VirtualBox and it quickly turned into another kind of endeavour: With VirtualBox, the OS setup never gets to the "remote management" step, just goes on like a generic Mac. But with Parallels, no matter what I do (in terms of configuration), it is always stuck at the "remote management" step. (Which I don't want.) I mean, I can opt into it with my VM but the setup won't let me go without it. This is never the case with VirtualBox. This ingrigued me and I have been experimenting and researching about it. Because I am kind of new to the Apple world and want to learn more about it. **Question:** How is this even possible? How does the VM (in Parallels) get aware of its outside world and is able to introduce itself (specifically) to my company's MDM server and more importantly how come there is no way to isolate the VM from the company? ### Details: ### * I tried the OS installations with (what I believe to be) a clean ISO. Grabbed it from App Store and extracted the ISO using createinstallmedia utility through CLI. * In Parallels, actually, the VM is not readily able to grab the MDM profiles from the server. To obtain them, the machine must have a registered serial number and a correct device id, both of which are configurable within Parallels. During my research, I also verified this is really the case with Apple DEP. But this also means the virtual machine, by default, just has a generic serial number, yet it still able to identify itself with my company. (i.e. Requires the remote management step to be fulfilled.)

I have an M1 Mac that is in DEP (using Jamf). If I wipe the machine (from within Recovery Mode) and reinstall Big Sur 11.1, the first created user does not have a Secure Token, and so I can not enable FileVault. Looking on the web I have found people who had similar issues, but the general solution seems to be "wipe the machine and reinstall macOS, and you're all good", which is exactly what I am doing. See this one as an example: https://discussions.apple.com/thread/8487253 The best description of Secure Tokens (I am including the link because otherwise everyone else will point me there) is here: https://derflounder.wordpress.com/2018/01/20/secure-token-and-filevault-on-apple-file-system/ It looks like a bug in the OS - the initial created user has no Secure Token, and so I can not give any other users a Secure Token. Therefore I guess I am not allowed to use FileVault?

My case is I bought a macbook off eBay, reformated the SSD inside it to High Sierra then transfered the SSD to an older Macbook and that's when I started getting the DEP notifications. The older Macbook previously never had the notifications. So my guess is the DEP either came from the OSX installer I used or the SSD?

I'm fairly new to the whole world of Apple and macOS. As I'm currently writing my thesis about the possible enrollment of macOS devices via [Device Enrollment Program](https://www.apple.com/business/docs/site/DEP_Guide.pdf) (DEP) (in connecting with some other stuff), I searched the Web, books and the Apple's Developer documentation, but I have not found a reliable guide on how to use [Volume Purchase Program](https://volume.itunes.apple.com/?l=en) (VPP) and DEP (or at least a "quotable" description), only the handbook for ABM (which is pretty good, but does not answer all my questions). Am I just blind or are there some "hidden" gems that i seem to overlook? Maybe there is a guide in [Apple Business Manager](https://business.apple.com) (ABM) directly, to which i don't have access - yet - ?

The company I work for is in the process of enrolling all iPads into MDM and correcting devices not in the DEP. We've found one that we've had for a while. It's in another DEP **but not** in another MDM... So we are prevented from adding it our DEP but we have nobody to contact about correcting it. We contacted Apple with no results. Nobody has a serialized proof of purchase, the device wasn't asset tagged properly whenever it was acquired. My best guess was that somebody independently bought a refurb unit from a third party seller. How can I go about properly cataloging this into our DEP?

I am wondering how to sign enrollment profiles for macOS Server. Ideally, I would like to avoid paying money. In any case, how do you do it?