Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340
Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d
Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac
I don't recall the reasons to actually disable SIP for MDM bypass discussed here. And though I might be wrong, it's not obvious.
Is't true that with the SIP on, macOS stops giving up on timeouts, in the middle of operations crucial to Apple's opinionated look on the system consistency thus improving the security, effectively considering multi-step operations transactional. Thus, some things can block indefinitely, causing deadlocks in some services. E.g just OS log-in can cause deadlock if some files are inaccessible for write (e.g. "chflagged"). In theory it might be the case when trying to access MDM-related resources, in the middle of something critical.
It can also be the other way around and SIP is definitely capable of ultimately dark evil things as, e.g. reverting literally everything seen "non-revertible", to its vanilla state, without even the OS reboot. Sometimes even reverting such ultimately "permanent" things which do require user interaction normally (e.g.
chflags uchg,schg
being wipable in a blink of an eye, without OS reboot by SIP / rootless interventions. That's been for a long while, obviously before 'Cryptexes' recently appeared in Ventura*But it's important to know that SIP is there for a reason and significantly improves the quality of security response in case of real security threat, no matter if one likes it or not.**