Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save henrik242/65d26a7deca30bdb9828e183809690bd to your computer and use it in GitHub Desktop.
Save henrik242/65d26a7deca30bdb9828e183809690bd to your computer and use it in GitHub Desktop.
@Kaus1kC0des
Copy link

sudo profiles show -type enrollment

Did this work correctly, coz I'm using an intel MacBook Pro 2018 and I was constantly getting this MDM Enrollment notification pop up on sonama and one day the pop up won't go, It stayed there with no option to cancel.

Then I wiped the disk and went back to Mojave, then I've come back to Ventura following the steps mentioned in your post, setting the IP address of the mentioned websites to 0.0.0.0.

Now can I upgrade to Sonama??

@Mktulio
Copy link

Mktulio commented Oct 27, 2023

Bem, eu não recebo o alerta, só tenho essa notificação irritante. Ainda não consigo encontrar como excluí-lo...Imagem > > > > 1. Desligue seu Mac e entre na Recuperação. > > 2. Abra o terminal na Recuperação e digite para desativar o SIP: > > 3. csrutil disable > > 4. Reinicie seu Mac e abra um terminal após a inicialização no macOS. > > 5. Finalmente, para remover a notificação irritante, insira o seguinte: > > > > > > sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord > > sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound > > sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled > > sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound > > sudo launchctl disable system/com.apple.ManagedClient.enroll > > sudo launchctl disable system/com.apple.mdmclient.daemon > > sudo launchctl disable system/com.apple.mdmclient > > sudo launchctl disable system/com.apple.devicemanagementclient.teslad > > > > > > > > Você pode então manter o SIP desligado ou ativá-lo novamente na recuperação digitando csrutil enable no terminal de recuperação > > Funcionou como um encanto! Obrigado por compartilhar isso :) sP.>>>>>> Pessoal, boa noite! posso atualizar numa boa? No meu funcionou, segundo dia sem o pups chato. Posso atualizar para o Sonoma 14.1?

sSeteP

@MikeParder
Copy link

might be a stupid question and off topic, but would apple accept one of these bypassed M2 Pro Macbook Pro's for a trade in?

@alucardness
Copy link

might be a stupid question and off topic, but would apple accept one of these bypassed M2 Pro Macbook Pro's for a trade in?

They will accept it, but you won't get any benefits 😔

@TomRider22
Copy link

Hello all,
Does anybody know is the file ".deviceConfigurationBits" is needed or can be removed? If I'm doing cat of it I can see parameter "DeviceConfigurationFlags" with value 9. I have changed it to 0. Tried to find info regarding this parameter and value but seems it is not a lot info regarding it.
https://github.com/mosen/macdocs/blob/master/source/DEP/ios-activation.rst?plain=1#L143

photo_2023-11-06_16-56-24

@BXYMartin
Copy link

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air

Need 3 things

  1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
  2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
  3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

  1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
  2. Once installed, go thru the account creation so you have an account
  3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.

On the DEP enabled M1/M2 Mac

  1. Boot to recovery mode
  2. Disk Utility
  3. Erase the internal physical disk
  4. Click on internal disk and use the RESTORE option, FROM the external SSD
  5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.

Once the restore is finished. Remove the External SSD Boot from the internal disk

You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.

Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.

Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.

Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.

Enjoy. took me a while to figure this out after trying many things.

I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.

You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Thanks a lot for your detailed guide, I just tried to remove MDM for M2 MacBook with Ventura 13.6.1 and it works like a charm after some trial and errors. The caveat is to make sure that you wiped your internal disk before restoring the external one to the internal one. Some steps are failing for me for the first time so just reboot your computer when it doesn’t work and try it again. The first time when all the steps were completed, I got an error saying the macOS does not match the one Apple provides, so I just tried everything from scratch again. When trying to restore the disk, I often get the seal broken error and can to be fixed by actually booting into the system. For the last step when we do a “fresh” install and overwrite the disk, you can directly do it via the recovery menu, it doesn’t have to be installed from the external drive if the macOS version matches.

Thanks again for the nice guide and hope this comment is helpful for other people as well on this.

@anthumchris
Copy link

anthumchris commented Nov 11, 2023

Tested with macOS Ventura 13.6.1, Nov 2023. I used this alternative, because the services kept starting after re-activating SIP.

Boot into Recovery Mode from any csrutil status and run:

VOL="/Volumes/Macintosh HD"                                                       # Your HD name
mount -uw $VOL                                                                    # Bypass read-only
cd $VOL/System/Library

mkdir -p LaunchAgents-inactive LaunchDaemons-inactive                             # Remove service configs
mv -v LaunchAgents/com.apple.{ManagedClient,mdmclient}* LaunchAgents-inactive
mv -v LaunchDaemons/com.apple.{ManagedClient,mdmclient}* LaunchDaemons-inactive

bless --mount $VOL --create-snapshot --bootefi                                    # Create bootable, unsigned snapshot
csrutil authenticated-root disable                                                # Boot from unsigned snapshots
reboot

Confirm the services are disabled and show your new bootable snapshot:

diskutil apfs listSnapshots /
sudo launchctl list | egrep -i 'ManagedClient|mdmclient'

@fmodesto30
Copy link

fmodesto30 commented Nov 19, 2023

Hello everyone!

I could resolve it using macOs Ventura 13.6.1. I followed 2 posts. November 2023.

One to get ride of DEP screen and another to get ride of that annoying message every minute.

1 - Many thanks @joshworksit! It worked with macOS Ventura 13.6.1. Amazing stuff you shared it took me 5 minutes. I would be very glad to donate anything. Thanks again.

2 - @pritpalspall I could get ride of that message for good. Thank you so much!

You guys rock.

@BuckLearnsCode
Copy link

Uhh... where is @joshworksit 's post @fmodesto30 ?

@gordi415
Copy link

gordi415 commented Nov 26, 2023 via email

@visionguy55
Copy link

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

  1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
  2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
  3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

  1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
  2. Once installed, go thru the account creation so you have an account
  3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

  1. Boot to recovery mode
  2. Disk Utility
  3. Erase the internal physical disk
  4. Click on internal disk and use the RESTORE option, FROM the external SSD
  5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Thanks a lot for your detailed guide, I just tried to remove MDM for M2 MacBook with Ventura 13.6.1 and it works like a charm after some trial and errors. The caveat is to make sure that you wiped your internal disk before restoring the external one to the internal one. Some steps are failing for me for the first time so just reboot your computer when it doesn’t work and try it again. The first time when all the steps were completed, I got an error saying the macOS does not match the one Apple provides, so I just tried everything from scratch again. When trying to restore the disk, I often get the seal broken error and can to be fixed by actually booting into the system. For the last step when we do a “fresh” install and overwrite the disk, you can directly do it via the recovery menu, it doesn’t have to be installed from the external drive if the macOS version matches.

Thanks again for the nice guide and hope this comment is helpful for other people as well on this.

Hi guys,
I followed this and managed to bypass my MacBook (needed to repeat some steps a few times but finally worked)! Thank you for the great instruction!
I have two questions:
1- Would updating from Ventura to Sonoma void the bypass?
2- I keep getting a pop up message suggesting to enroll again to the original organization. I can press "cancel" and pass it, but I was wondering if there is a way to prevent those occasional pop-ups.

@TomRider22
Copy link

@visionguy55 If you see such a notification, you have not fully bypassed mdm. If you upgrade your OS to Sonoma you will be blocked after reboot or some short time after it.

@fmodesto30
Copy link

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

  1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
  2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
  3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

  1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
  2. Once installed, go thru the account creation so you have an account
  3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

  1. Boot to recovery mode
  2. Disk Utility
  3. Erase the internal physical disk
  4. Click on internal disk and use the RESTORE option, FROM the external SSD
  5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Thanks a lot for your detailed guide, I just tried to remove MDM for M2 MacBook with Ventura 13.6.1 and it works like a charm after some trial and errors. The caveat is to make sure that you wiped your internal disk before restoring the external one to the internal one. Some steps are failing for me for the first time so just reboot your computer when it doesn’t work and try it again. The first time when all the steps were completed, I got an error saying the macOS does not match the one Apple provides, so I just tried everything from scratch again. When trying to restore the disk, I often get the seal broken error and can to be fixed by actually booting into the system. For the last step when we do a “fresh” install and overwrite the disk, you can directly do it via the recovery menu, it doesn’t have to be installed from the external drive if the macOS version matches.
Thanks again for the nice guide and hope this comment is helpful for other people as well on this.

Hi guys, I followed this and managed to bypass my MacBook (needed to repeat some steps a few times but finally worked)! Thank you for the great instruction! I have two questions: 1- Would updating from Ventura to Sonoma void the bypass? 2- I keep getting a pop up message suggesting to enroll again to the original organization. I can press "cancel" and pass it, but I was wondering if there is a way to prevent those occasional pop-ups.

You still have to disable MDM notifications: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4553175#gistcomment-4553175

@visionguy55
Copy link

Thank you @TomRider22 and @fmodesto30 for your replies. Please see mine below:

@visionguy55 If you see such a notification, you have not fully bypassed mdm. If you upgrade your OS to Sonoma you will be blocked after reboot or some short time after it.

@TomRider22 Does it really mean that I have not bypassed mdm? Because I have full control over the machine and there is no other signs other than this advisory message:

Screenshot at Dec 04 09-28-20 copy

Could I be getting this message because I setup my MS Outlook with the same organization account?

BTW, this popping up message seems to be gone after following @fmodesto30 's comment.

@TomRider22
Copy link

@visionguy55 This message about device enrollment is triggered by mdm mechanism, and the only reason for it is that it(mdm) was not disabled. Showing this type of message is a part of mdm and unfortunately, it is not connected with the MS Outlook account. The main idea of the DEP - Device Enrollment Program is that the company enrolls their laptops or laptops of their contractors to the Apple business manager. In the Apple business manager laptops are enrolled by their serial numbers. Macos has a default mechanism of checking Apple mdm servers which the Apple business manager is part of. And if the serial number of the laptop is found in the database first of all it will send and hardcode setting to the laptop that it belongs to some organization and is a part of DEP. Then depending on the OS version it will notify you that you need to enroll your device or if it's Sonoma it will block the screen with an enrolment message so you can't postpone or escape from it. It's a good mechanism to prevent corporate laptops from being stolen but in the case of it being a personal laptop enrolled to some company's mdm and then not unenrolled properly creates a bunch of problems for second market users.

@visionguy55
Copy link

@TomRider22 Thank you for the comprehensive explanation of the MDM mechanism. It appears that my attempt to bypass the MDM was not entirely successful. However, in line with @fmodesto30 's suggestion, the pop-up notification prompting enrollment with DEP has disappeared for now. I just hope that it won't reappear after any future system updates!

@BXYMartin Thanks again for sharing the instruction to bypass the MDM. I believed I exactly followed the instruction, however, it looks like my MDM bypassing was not fully successful. Do you have any comments or suggestions?

@OMeryCoN
Copy link

OMeryCoN commented Dec 5, 2023

I'm running Sonoma 14.1 from a fresh installation. I've bypassed the MDM and added entries to the hosts file.

Is it possible to update it to Sonoma 14.1.2?

@fmodesto30
Copy link

@OMeryCoN Probably.

@followthemoney1
Copy link

In case someone also interested:

  1. Ive go to login to laptop in safe mode(on startup hold Shift)
  2. Login as a normal used account
  3. Create a new admin account in a settings
  4. Delete old one time account created with MDM

@ehsan58
Copy link

ehsan58 commented Dec 13, 2023

greeting i am on sonoma 14 and don't have any mdm notification
can i direct update to 14.2? is it safe? anyone did that direct?

@jeanswiegers
Copy link

greeting i am on sonoma 14 and don't have any mdm notification can i direct update to 14.2? is it safe? anyone did that direct?

i did, and it still works fine.

@ehsan58
Copy link

ehsan58 commented Dec 16, 2023

greeting i am on sonoma 14 and don't have any mdm notification can i direct update to 14.2? is it safe? anyone did that direct?

i did, and it still works fine.

Is there anything need to do before the upgrade? Or just the skipmdm bypass done before?

@nerykell
Copy link

Hi! I've been struggling with MDM quite a lot and found the easiest, but a little long solution to the problem, but you won't get mdm blocking and profile upload notifications. I have described as much detail as possible for different cases, so find your own and follow the instructions.
I'll tell you the pros and cons at the very end, and now let's move on to the beginning:

Preparatory Stages:

  1. If you are on macOS Ventura or Monterey and you have no problems with MDM, then download this utility https://checkm8.info/bypass-mac-mdm-lock and make a Bypass (this is a precautionary measure, without doing this, I cannot guarantee you a successful system update), if you have already done this before, then immediately proceed to the main stages.

  2. If you are on macOS Ventura or Monterey or Sonoma and you did not turn off the Internet during installation, then the MacBook will download the corporate profile and be blocked. In this case, there are 2 possible scenarios ->

Scenario 1: If your data is not on the computer, then feel free to format the disk and install Monterey/Ventura without the Internet, as soon as you have created a user and configured a MacBook, you can connect to the Internet and bypass MDM using this utility https://checkm8.info/bypass-mac-mdm-lock once you have bypassed MDM with this utility, you can proceed to the main stages.
Scenario 2: If you had Monterey/Ventura and received a lock after upgrading to Sonoma, then the data can still be saved if there was still +-100gb of free space on the disk or if you have an external hard drive

If you still have disk space and you need to restore data from a system blocked by your corporate profile, then follow these steps:

  1. Turn off your MacBook
  2. Reboot into recovery mode by pressing the touch id button
  3. Go to Settings
  4. Disk utility
  5. Divide your disk into 2 independent containers, it is important to note that we do not add a VOLUME for the disk, namely a CONTAINER
  6. Install Monterey/Ventura without internet in a new, empty container and bypass MDM using this utility https://checkm8.info/bypass-mac-mdm-lock
  7. Now in the Finder, find your other user from another container and transfer all the files of interest from the old disk container to the new one
  8. You can proceed to the main stages

If you have an external hard drive and you need to recover data from a locked corporate system profile, then follow these steps:

  1. Install Monterey/Ventura without internet and bypass MDM using this utility https://checkm8.info/bypass-mac-mdm-lock
  2. Now find your other user in the Finder and transfer all the files of interest from the internal drive to the external hard drive
  3. You can proceed to the main stages

The main steps:

  1. So, in order to upgrade to Sonoma without problems, we need an external SSD or HDD (we will save our backup copy of all data via time machine to it)
  2. Using the disk utility, format the external hard drive in APFS and in the settings in the main section select Time Machine, and in it select your external hard drive and then create a backup copy of all data
  3. As soon as the backup is created (you don't have to worry about data security, time machine saves literally everything you can), turn off your MacBook
  4. Enter recovery mode by pressing the touch id button.
  5. Disk utility
  6. Format your internal drive
  7. (Pre-create a bootable USB flash drive with macOS Sonoma) Start installing Sonoma without the Internet, configure your MacBook until you are prompted to transfer data from a time machine backup, select this item
  8. Restore all data from the backup and then complete the installation
  9. That's it, you don't need to do anything else, successful bypass!

The advantages of my method:

  1. Personally tested by me on a macbook pro 13" m1 and has been tested without any problems for a week now
  2. An easy way to bypass the regular macos methods
  3. Do you need more advantages besides reliability and simplicity? :)
    Minuses:
  4. Quite a long time

@amylee-codes
Copy link

amylee-codes commented Feb 18, 2024

(This article got hidden because of a problem with my account, so I try again):

I managed getting rid of spyware and worse w/ Sonoma (14.3.1).

System Info (redacted, personal information filtered)

>sudo sysinfo
Software:

    System Software Overview:

      System Version: macOS 14.3.1 (23D60)
      Kernel Version: Darwin 23.3.0
      Boot Volume: Macintosh HD
      Boot Mode: Normal
      Computer Name: <>
      User Name: System Administrator (root)
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: <>

Hardware:

    Hardware Overview:

      Model Name: MacBook Pro
      Model Identifier: Mac15,9
      Model Number: <>
      Chip: Apple M3 Max
      Total Number of Cores: 16 (12 performance and 4 efficiency)
      Memory: 128 GB
      System Firmware Version: 10151.81.1
      OS Loader Version: 10151.81.1
      Serial Number (system): <>
      Hardware UUID: <>
      Provisioning UDID: <>
      Activation Lock Status: Disabled
>sudo profiles list
There are no configuration profiles installed in the system domain

>sudo profiles show -type enrollment
Error fetching Device Enrollment configuration: We can't determine if this machine is DEP enabled.  Try again later.

Approach: Clean Wipe, Router Filter, skipmdm.com Script

This approach assumes you are able to create a bootable installer and wipe your system disk (be sure to have a backup in place!).

Prerequisites

Block Apple URLs

Before starting at all, make sure you block the following URLs in the internet router. I used a Fritz!Box and here the ("Blocked websites" filter) to block these URLs:

iprofiles.apple.com
mdmenrollment.apple.com
deviceenrollment.apple.com
gdmf.apple.com
acmdm.apple.com
albert.apple.com

Make sure the blocker works (i.e. ping from another device)!

Clean Install

In recovery mode, wipe the hard disk and start a clean install with the bootable installer.

Activate the system

Connect to the internet once to activate the system (I could not proceed without). As the installer fails to connect to the enrollment servers, an error message will be displayed indicating that the status of the enrollment could not be verified.

Run the Script

In recovery mode, open Terminal and e.g. try to delete /var/db/ConfigurationProfiles/Settings - you should get a prompt for the installation user (starting w/ "_m...") - which is a good sign (no other users set up so far)!

Now just run the script from the USB stick. Hint: directly enter the username you'd like to use later (instead going w/ Apple:1234 - saves some time). The script should run without any errors (despite the long previous discussions).

Postwork

Block URLs in /etc/hosts

Before you proceed with the installation, reboot in recovery mode and change /etc/hosts by adding:

0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf..apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com

Disable agents

>sudo launchctl disable system/com.apple.ManagedClientAgent.enrollagent
>sudo launchctl disable system/com.apple.mdmclient.daemon
>sudo launchctl disable system/com.apple.devicemanagementclient.teslad
# You might check other services and disable them - know what you do!
>sudo launchctl print system | sort | grep enabled

Little Snitch

Finally a firewall comes in handy to possibly add even more security: I blocked

/usr/libexec/teslad
/usr/libexec/mdmclient

(for both user + system).

This works well for me and shows that it's possible to stop companies from installing spyware on their employees' devices - even on M3. B.t.w. - in many countries these practices are unlawful, so I see following this approach justified as a way of self-defense.

@icarus2712
Copy link

icarus2712 commented Mar 9, 2024

can any brother here guide me for amazon locked mac book pro 2017 non touch model inel model When i bought it used it was working perfectly, i even upgraded it to ventura, however when i formatted it for selling, it now asks for amaon remote. please help step by step.

@ooduck
Copy link

ooduck commented Mar 16, 2024

Hi even after holding on recovery it still opens up this screen, any way to bypass this? 20230423_125104

I have the same issue. I can't boot to recovery mode because of this. Do you have recommendations to go through this?
I have Macbook Pro M1 2021 14"
@aviloveN @predragcvetkovski @Jbb08 @eternalgod @maclover696 @mikevic18

@haohanw
Copy link

haohanw commented Mar 18, 2024

Hi even after holding on recovery it still opens up this screen, any way to bypass this? 20230423_125104

I have the same issue. I can't boot to recovery mode because of this. Do you have recommendations to go through this? I have Macbook Pro M1 2021 14" @aviloveN @predragcvetkovski @Jbb08 @eternalgod @maclover696 @mikevic18

Seems like it has been locked by administrator after being enrolled in the MDM. you need another device with T2 chip to reinstall this one via DFU mode.
Try this:https://www.youtube.com/watch?v=S8r9w4dduEw

@ooduck
Copy link

ooduck commented Apr 11, 2024

Hi even after holding on recovery it still opens up this screen, any way to bypass this? 20230423_125104

I have the same issue. I can't boot to recovery mode because of this. Do you have recommendations to go through this? I have Macbook Pro M1 2021 14" @aviloveN @predragcvetkovski @Jbb08 @eternalgod @maclover696 @mikevic18

Seems like it has been locked by administrator after being enrolled in the MDM. you need another device with T2 chip to reinstall this one via DFU mode. Try this:https://www.youtube.com/watch?v=S8r9w4dduEw

Worked like a charm with my MDM macbook.

Do you happen to know if this would also work with icloud issue macbook?

@c22dev
Copy link

c22dev commented Apr 14, 2024

If someone's interested, I made a gist with some sh scripts that should allow you to setup a MDM locked Mac as brand new;

https://gist.github.com/c22dev/e3a1223fa63b20f1b4e95a7119277cb9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment