Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340

Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d

Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac

thanks @gwshaw for the edits!

Here is how you can bypass MDM completely ...

Boot to Recovery

Open Terminal and enable the root user and give it a password:

Enter the command below and press Enter

dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root

There might be a slight directory difference between Intel/Silicon. If the command above does not work try using one of these variations:

/Volumes/Macintosh\ HD\ -\ Data/ or /Volumes/Data/

Enter a new password for root user. Note * If you choose a simple password be aware that the root user will be available as a user that can log into macOS which could present a risk to the security of the device.

Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.

Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.

Click the Apple logo > System Settings -> Users & Groups

Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "root" and use the password you created earlier in Terminal.

Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.

Boot to Recovery again.

Open Terminal and enter the command below and press Enter.

touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone

Then type Reboot and press Enter or force off your Mac again using the steps above.

If you found this helpful please donate! https://pay.siliconbypass.com

Here is how you can bypass MDM completely ...

Boot to Recovery Open Terminal execute "dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root"

Reboot then...

Step through the Welcome and Setup screens At MDM enrollment (or Remote Management) it should prompt to login at some point for MDM - if not go to the Alternate step Highlight any text -> secondary (right) click -> Search Google Safari will open then go to the next step (skip Alternate)

Alternate: if no text to select then try pressing Command & Option & Control & T at the same time to force Terminal open.

Click the Apple logo System Preferences Users & Groups Create your admin user using the Root credentials previously set in recovery with the "dscl" command

Reboot and Boot to Recovery

Use Terminal and execute "touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone"

Reboot, Enjoy!

If you found this helpful please donate! https://pay.siliconbypass.com

Did you try it?

Here is how you can bypass MDM completely ...

Boot to Recovery Open Terminal execute "dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root"

Reboot then...

Step through the Welcome and Setup screens At MDM enrollment (or Remote Management) it should prompt to login at some point for MDM - if not go to the Alternate step Highlight any text -> secondary (right) click -> Search Google Safari will open then go to the next step (skip Alternate)

Alternate: if no text to select then try pressing Command & Option & Control & T at the same time to force Terminal open.

Click the Apple logo System Preferences Users & Groups Create your admin user using the Root credentials previously set in recovery with the "dscl" command

Reboot and Boot to Recovery

Use Terminal and execute "touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone"

Reboot, Enjoy!

If you found this helpful please donate! https://pay.siliconbypass.com

@joshworksit !!! Works nicely, with a minor correction. No quotes on either of the command lines. With the quotes, the escaped spaces are treated literally so the paths are then broken, at least in Ventura recovery terminal. Spaces are not on the allowed double-quoted string pass-through escapes for Bash. I literally spent days drowning in comments and variations that did not work before I just skipped to the end and found this. This took only minutes once corrected.

A few notes for the less adept:

• I started with an erased SSD and installed Ventura from recovery and let it boot up to the country select screen
• I didn't have a network connected after the boot up, but I don't think that mattered.
• rather than risking anything by progressing up to the MDM in setup, I just went straight to the Alternate to launch a terminal to get the Apple logo to get to system settings
• in Ventura it is "System Settings" rather than "System Preferences"
• then Users & Groups
• then Add Account. The authentication comes up as user "System Setup". Change this to "root" and use the password you created.
• the various "restart" and "shutdown" options didn't want to participate in the rouse, so use the power off button for the "Reboot and Boot to Recovery Step"

I'd also guess that after completing this the user root password should be removed, but I haven't done that. Otherwise someone can log into user root at the login screen (Shows as "Other..."). Is this the case @joshworksit ?

hi im using mbp m1 monterey and im new at this how do i bypass mdm pop up without fresh install ?

hi im using mbp m1 monterey and im new at this how do i bypass mdm pop up without fresh install ?

follow the instructions of my gist: https://gist.github.com/lucasmenares/e3dfe5d76a0ad24663d88102cb4dde3d

Currently have a 2023 macbook pro with the m2max with mdm currently cant get passed activation screen mac os venture fmm is off anything on this platform?

Specs don’t really matter…OS version is most important. Follow the steps exactly and it will work.

Restored M1 Macbook with DFU Mode and when all is done shows me up the setup screen with no option for "no internet connection" suppose that is already enrolled by dfu restore that never happened before..
Anyway to bypass at this point with no option for creating a user and blocking on terminal required hosts??

Follow the steps I posted above and you can bypass the MDM with no need to select No Internet Connection - which is no longer an option during setup - an internet connection is required from what I understand it is part of the activation process similar to an iPhone requiring a data connection to activate at first turn on...but you can enable root user using terminal in Recovery and just follow the steps I posted above to get access to the macOS and bypass setup entirely..

opened in terminal at the recovery screen, did this command.. dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root
but it says: Not a known DirStatus..

So you might not be in the right Recovery environment. I think you need to try shutting down fully, or if you did that and started up to recovery and got that message, try simply starting up the Mac fully and then go to the Apple menu and Restart to Recovery without fully shutting down the Mac. OR your volume name is not Macintosh HD - you can look at Disk Utilty to see what the volume name of your Mac HD is ...

@joshworksit I really appreciate everything you've shared so far. When creating a new password in terminal, it's asking me for the old password - which I don't know. Any ideas why it's asking for that? Should it be asking for anything at that point?

Am I better deleting the partition and reinstalling Ventura at this point? Thanks!

Edit: Okay, so I managed to do all of the above, but I'm still getting the MDM screen appearing. Gah, I thought I'd got it!

Yes if it is asking for an old password you never set, simply erase Macintosh HD, and reinstall the OS and then you'll know exactly where every component is at and what to expect.

I tryed on the recovery environment also on first step of setup after the restore from dfu that the volume name is by default Macintosh HD
and still 'not a known dir status'
I put the command with spaces as u described and still not a known dir status.. if u want i can send u photos from my procces.
PLS Help with this situation
I appreciate this

here is my ste1-3 photos
https://ibb.co/x50SN1c
https://ibb.co/VQdrdvc
https://ibb.co/8XVk279

Can someone confirm the list of domains that should be blocked after completing the initial install steps, that prevent re-enrollment and notifications - but allow automated updates (if this is even possible..)?

I have a Ventura install - and block the following domains;

*.gdmf.apple.com
*.acmdm.apple.com
*.albert.apple.com
*.deviceenrollment.apple.com
*.mdmenrollment.apple.com
*.iprofiles.apple.com

But i'm wondering if I can perhaps allow albert and gdmf among others so automated updates will work again, without any negative impact.

I updated to the latest ventura 13.3, coming from 13.1. So far so good. All I have to do was go to the app store, search ventura and download. This will only install the update. It will take some time

Yes, I understand manual updates work - and have done this. I however would like to know if we can re-enable automatic updates.

I got scammed I bought a 2020 M1 MBP under MDM/DEP program,
I updated it to ventura (13.2.1) and I found out that it has a lot of stability problems
I want to format it to fix the stability problem, is there any way to format it safely without it being blocked,

Note: I blocked all these links in my wifi settings

after I didn't receive any notification from DEP/MDM program, when I run this command :
sudo profiles show -type enrollment
I get this error message:
Error fetching Device Enrollment configuration: (34000) Error Domain=MCCloudConfigurationErrorDomain Code=34000 "The device failed to request configuration from the cloud." UserInfo={NSLocalizedDescription=The device failed to request configuration from the cloud, CloudConfigurationErrorType=CloudConfigurationFatalError}

The root user already exists. You are only assigning a password. I typed the new password at the end of the dscl command line.

The root user already exists. You are only assigning a password. I typed the new password at the end of the dscl command line.

Thank you for your reply! I was finally able to figure out. The problem is the this section of the code: /Volumes/Macintosh\ HD\ -\ Data/
That one works only with intel macs, for silicon the correct code is: /Volumes/Data/
Thanks for sharing these information. I am extremely grateful.

I have disabled MDM following the instructions.
Can I sign-in with my Apple ID (iCloud)? Does this allow to detect my device?

Use your Apple ID as you wish, one has nothing to do with the other so it will not affect any iCloud services.

The root user already exists. You are only assigning a password. I typed the new password at the end of the dscl command line.

Thank you for your reply! I was finally able to figure out. The problem is the this section of the code: /Volumes/Macintosh\ HD\ -\ Data/ That one works only with intel macs, for silicon the correct code is: /Volumes/Data/ Thanks for sharing these information. I am extremely grateful.

Thanks for catching this difference I'll add it to my original post!

The root user already exists. You are only assigning a password. I typed the new password at the end of the dscl command line.

Thank you for your reply! I was finally able to figure out. The problem is the this section of the code: /Volumes/Macintosh\ HD\ -\ Data/ That one works only with intel macs, for silicon the correct code is: /Volumes/Data/ Thanks for sharing these information. I am extremely grateful.

Thanks for catching this difference I'll add it to my original post!

So what is the correct final full command for Apple Silicon?
Is it this one "dscl -f  /Volumes/Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root" ?

My MBP M1 bypass MDM completely on MacOS 11.6. Can I upgrade to MacOS 13.3 via Setting? Do I need to bypass MDM again after upgrade?
Thanks.

My MBP M1 bypass MDM completely on MacOS 11.6. Can I upgrade to MacOS 13.3 via Setting? Do I need to bypass MDM again after upgrade? Thanks.

Update, it's already bypassed, so you don't have to do it again.

My MBP M1 bypass MDM completely on MacOS 11.6. Can I upgrade to MacOS 13.3 via Setting? Do I need to bypass MDM again after upgrade? Thanks.

Update, it's already bypassed, so you don't have to do it again.

Really??? Thank you. I will try. :)

Cant bypass mdm on macbook m1 because when its recovered from dfu mode it install automatically ventura and also check on the profile server so the mdm enrollment catches at the beggining..
ANY HELP for bypass mdm to these models

Thanks for all the info @joshworksit I've run into one snag which is bypassing setup assistant. I followed this line:

Open Terminal and enter the command below and press Enter.

touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone

Then type Reboot and press Enter or force off your Mac again using the steps above.

and I get:

touch: /Volumes/Macintosh HD/: Read-only file system
touch: - Data/private/var/db/.AppleSetupDone: No such file or directory

So I'm stuck here and can't figure out any way to bypass the setup assistant. Everything else worked flawlessly. Please let me know if you have any idea what I'm doing wrong here. Thanks again!

Thanks for all the info @joshworksit I've run into one snag which is bypassing setup assistant. I followed this line:

Open Terminal and enter the command below and press Enter.

touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone

Then type Reboot and press Enter or force off your Mac again using the steps above.

and I get:

touch: /Volumes/Macintosh HD/: Read-only file system touch: - Data/private/var/db/.AppleSetupDone: No such file or directory

So I'm stuck here and can't figure out any way to bypass the setup assistant. Everything else worked flawlessly. Please let me know if you have any idea what I'm doing wrong here. Thanks again!

If your macbook is Macbook pro M1 14 inch 2021, you can try this.
Reinstall MacOS 12.4 via usb, active without network. When active successfully, please add these lines into hosts:

0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com

Then update to ventura via OTA

Ok. I guess I'll do that as a last ditch effort. I got through all the other steps of redoing the root password, creating an admin account, and everything else except bypassing setup. I just would rather not start over right now, but I will do that if @joshworksit doesn't know another solution for his last step that isn't working. Thank you @razerduy

Ok, So I figured it out. I went through terminal and just made a .AppleSetupDone folder in the private/var/db folder. So now I'm Logged In and it shows no MDM in Terminal. Still haven't connected to wifi. I'm now trying to restore content from a Time Machine backup. It gave me a warning to update the Mac to Ventura 13.2.1. Am I ok updating to the latest version without an issue or no?

Ok, So I figured it out. I went through terminal and just made a .AppleSetupDone folder in the private/var/db folder. So now I'm Logged In and it shows no MDM in Terminal. Still haven't connected to wifi. I'm now trying to restore content from a Time Machine backup. It gave me a warning to update the Mac to Ventura 13.2.1. Am I ok updating to the latest version without an issue or no?

i think If your content that you backed up included hosts, you can restore. Otherwise, please restore later when you added hosts to block MDM.

Thank you @razerduy my bigger question is, can I update to 13.2.1 now or do I have to do something specific. I thought I did everything I needed, but I got my first enrollment prompt, so I'm going to go through those directions to suppress that. I just don't want to update and then get hit with the remote management screen again.

So weirdly enough, I added those ip addresses to the host file and I'm still getting the notification to enroll, but there are still no profiles on the machine. Anyone know what else is needed to block those popups completely? Also still wondering if I can update to the latest Ventura without any issues.

I could not bypass the remote management on MacBook Pro M2 max Ventura, tried to boot from usb and wipe out all data from recovery mode.
Any luck finding a way to bypass that on MacBook Pro m2 max?

@bagofcig I did it on an M1 Max MacBook Pro with ventura installed. I followed @joshworksit 's directions from march 6 on booting to recovery in Ventura, changing the root password then on reboot choosing Command + Option + Control + T to show the menu bar, go in and make a new admin account. The only part I got stuck on is that the last line didn't work and I couldn't figure out how to bypass the setup assistant. Finally, I looked on my other Mac to find out where the .AppleSetupDone was and discovered it was actually a folder. So in terminal I navigated to the folder and made a new directory called .AppleSetupDone then rebooted and it went straight to the log in screen. I then went and added the ip addresses to the hosts file. Now, I'm still getting the notification to enroll, but I have no profiles and it is not managed. I can't figure out why the ip addresses in the host file isn't blocking the notification but I just click the x like two times a day until I can find a solution.

That's what worked for me on Ventura. I don't think it matters if it's m1 or m2 but more ventura vs Monterey. I never went through and wiped the drive. Mine was fresh from the factory.

I'm still trying to find out if it is ok to update to the latest version of ventura though, that's where I'm currently stuck.

Hope that helps!

@Aooga776 i could not pass the first command I get operation failed with error: not a known Dirstatus
I’m not sure what I’m doing wrong tried both variation.

@bagofcig so you used this command?

dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root

M2 ventura how to remove mdm ?

https://github.com/Kaitiz/Bypass-MDM-Ventura?fbclid=IwAR21FSn00vhU2hNk5sxLRxsAI_XWvgqF1mbyh_OY7T3gdLqHxk0fEnNQs7w

@Aooga776 yes, sure that’s what i have been trying.

Hi folks, I have my MacBook pro 2017 which is running fine using this method. I have updated macos since I did the setup, it is on Catalina. Do you know if I can upgrade my Mac without issue? Thanks Le sam. 15 avr. 2023, 18:41, bagofcig ***@***.***> a écrit :

…

***@***.**** commented on this gist. ------------------------------ @Aooga776 <https://github.com/Aooga776> yes, sure that’s what i have been trying. [image: image] <https://user-images.githubusercontent.com/130602159/232238575-3423e06b-aaeb-4db8-901c-b4b546a9b6d6.jpg> — Reply to this email directly, view it on GitHub <https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd#gistcomment-4537977> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AECU64M6XQ63WIJEKYJAERLXBLFUZBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMBRGYYTCMRSU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

M2 ventura how to remove mdm ?

https://github.com/Kaitiz/Bypass-MDM-Ventura?fbclid=IwAR21FSn00vhU2hNk5sxLRxsAI_XWvgqF1mbyh_OY7T3gdLqHxk0fEnNQs7w

Did anyone check this method with M2 an device and saw if it works?

Would like to know if there is any way to bypass MDM on an M2 MacBook pro.. many thanks

I was able to enter into MacOS after bypassing, but once inside Ventura, I can’t actually add a different user. I tried to use both “System Administrator”, and “root” but neither work. Strangely other settings that need authentication work with the password I created, as well as logging into the machine.

"Will the device still be controlled after disabling DEP? Is it safe not to install the device management profile?"

HI COULD SOMEONE DIRECT ME IN THE RIGHT PLACE I HAVE A MacBook Pro 13-inch, 2020 AND I CANT SEEM TO GET PAST ACTIVATION LOCK AFTER ERASING MAC... ANY HELP IS GREATLY APPRECIATED

What am I doing wrong ? Command not found. I did a reinstall of Ventura .. when is restarted I went into terminal but, I'm getting bash

.. and another prob. In recovery I erased the disc, then proceeded to install Ventura and before the install begins you must join a wifi network .. I guess this bypasses DEP

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

Could you please advise how to prevent/avoid this locking issue? As it happened to me before. Thanks

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

I have another mac, what exactly needs to be done with another mac? I got another MAC and scratching my head apparently

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

Could you please advise how to prevent/avoid this locking issue? As it happened to me before. Thanks

were you able to bypass this ?

My MBP M1 bypass MDM completely on MacOS 11.6. Can I upgrade to MacOS 13.3 via Setting? Do I need to bypass MDM again after upgrade? Thanks.

How did you bypass? Kindly help, thanks in advance

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

I get this on a second apple mac with Apple authenticator

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

I get this on a second apple mac with Apple authenticator

What are the specs of your Macbook Pro? and installed OS version?

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

I get this on a second apple mac with Apple authenticator

What are the specs of your Macbook Pro? and installed OS version?

Specs are m1 MacBook Pro 32GB 14 inch 2021. I am not sure about the installed OS version

Hi even after holding on recovery it still opens up this screen, any way to bypass this?

It's a bit late, your only option is another mac with Apple Configurator.

I get this on a second apple mac with Apple authenticator

What are the specs of your Macbook Pro? and installed OS version?

Ok I did manage to get into DFU mode and revive the OS now I see Hello welcome screen, should I get past it by connecting to internet? I assume no right?

Update: I don't see any option to get past the welcome screen without connecting to internet, if I try connecting to internet it goes to the Organization login page

Have you tried installing Big Sur first, bypass the MDM, and then updating to Monterey?

Have you tried installing Big Sur first, bypass the MDM, and then updating to Monterey?

No I was trying to install Monterey using USB flash drive as the instructions was around Monterey OS. Will installing Big Sur make a difference? As in I wont be forced to connect to internet?

Have you tried installing Big Sur first, bypass the MDM, and then updating to Monterey?

No I was trying to install Monterey using USB flash drive as the instructions was around Monterey OS. Will installing Big Sur make a difference? As in I wont be forced to connect to internet?

Big Sur will let you go to the desktop without a connection to the internet. It lets you skip the internet connection.

Yes

…

On Mon, Apr 24, 2023, 3:23 PM Julien ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ Have you tried installing Big Sur first, bypass the MDM, and then updating to Monterey? No I was trying to install Monterey using USB flash drive as the instructions was around Monterey OS. Will installing Big Sur make a difference? As in I wont be forced to connect to internet? Big Sur will let you go to the desktop without a connection to the internet. — Reply to this email directly, view it on GitHub <https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd#gistcomment-4547105> or unsubscribe <https://github.com/notifications/unsubscribe-auth/A6RDCD7LVH64GQO6QUYECELXC3ONBBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMBRGYYTCMRSU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

Have you tried installing Big Sur first, bypass the MDM, and then updating to Monterey?

No I was trying to install Monterey using USB flash drive as the instructions was around Monterey OS. Will installing Big Sur make a difference? As in I wont be forced to connect to internet?

Big Sur will let you go to the desktop without a connection to the internet. It lets you skip the internet connection.

Got it, I'll try to setup install Bigsur.

Have you tried installing Big Sur first, bypass the MDM, and then updating to Monterey?

No I was trying to install Monterey using USB flash drive as the instructions was around Monterey OS. Will installing Big Sur make a difference? As in I wont be forced to connect to internet?

Big Sur will let you go to the desktop without a connection to the internet. It lets you skip the internet connection.

Got it, I'll try to setup install Bigsur.

Have you tried installing Big Sur first, bypass the MDM, and then updating to Monterey?

No I was trying to install Monterey using USB flash drive as the instructions was around Monterey OS. Will installing Big Sur make a difference? As in I wont be forced to connect to internet?

Big Sur will let you go to the desktop without a connection to the internet. It lets you skip the internet connection.

I tried reinstalling BigSur but after wiping out the disk it shows "Activate Mac" screen. Even though if I choose install Big Sur OS from the USB drive

if you are seeing this screen

It's safe to connect to your network and when the installation is over, better stop your internet, skip the internet setup after first boot, follow the steps from this repo or mine, and then connect your internet.

If I try installing Big Sur I see this error

if you are seeing this screen

It's safe to connect to your network and when the installation is over, better stop your internet, skip the internet setup after first boot, follow the steps from this repo or mine, and then connect your internet.

This as I read in a blog doesn't work for Ventura and only for Monetery or Big Sur. I'm not sure why I'm not able to install lower OS version on the volume.

I was having this problem until I contacted @appletool on telegram and he was able to bypass activation lock and I installed the os with no problems

…

On Tue, Apr 25, 2023, 1:31 PM aviloveN ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ if you are seeing this screen [image: image] <https://user-images.githubusercontent.com/66158548/234362252-bd9ff2da-5a80-4eef-8519-3aa44a38c2c8.png> It's safe to connect to your network and when the installation is over, better stop your internet, skip the internet setup after first boot, follow the steps from this repo or mine, and then connect your internet. This as I read in a blog doesn't work for Ventura and only for Monetery or Big Sur. I'm not sure why I'm not able to install lower OS version on the volume. — Reply to this email directly, view it on GitHub <https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd#gistcomment-4548296> or unsubscribe <https://github.com/notifications/unsubscribe-auth/A6RDCD2CZXQF6CEFZDAMKQ3XDAJ6LBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMBRGYYTCMRSU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

I was having this problem until I contacted @appletool on telegram and he was able to bypass activation lock and I installed the os with no problems
…
On Tue, Apr 25, 2023, 1:31 PM aviloveN @.> wrote: @.* commented on this gist. ------------------------------ if you are seeing this screen [image: image] https://user-images.githubusercontent.com/66158548/234362252-bd9ff2da-5a80-4eef-8519-3aa44a38c2c8.png It's safe to connect to your network and when the installation is over, better stop your internet, skip the internet setup after first boot, follow the steps from this repo or mine, and then connect your internet. This as I read in a blog doesn't work for Ventura and only for Monetery or Big Sur. I'm not sure why I'm not able to install lower OS version on the volume. — Reply to this email directly, view it on GitHub https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd#gistcomment-4548296 or unsubscribe https://github.com/notifications/unsubscribe-auth/A6RDCD2CZXQF6CEFZDAMKQ3XDAJ6LBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMBRGYYTCMRSU52HE2LHM5SXFJTDOJSWC5DF . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub .

Thanks for reference friend, I'll contact him as well. I am not able to understand what wrong I'm doing or is it just I can't bypass this ever and it's just a brick.

I've been having a very hard time, can I request you to help me over WhatsApp or any sort of messaging channel which might be suitable for you. 😥

if you are seeing this screen

It's safe to connect to your network and when the installation is over, better stop your internet, skip the internet setup after first boot, follow the steps from this repo or mine, and then connect your internet.

What is your model?

What is your model?

My model is M1 Pro 14inch 2021.
The good news is I was able to bypass the login page while installing Monetery following a YT video.

The weird part is if I'm trying to add the apple domains in terminals it says denied.

I swear this took like 3 days seriously 😂

Attached picture.

Have you tried with sudo in front of the command?

Have you tried with sudo in front of the command?

Yes tried with both

Are you joking? Put sudo in front of echo like "sudo echo ..."

Are you joking? Put sudo in front of echo like "sudo echo ..."

I added and connected to WiFi and check with enrollment. Is it safe now?
And can it be updated to newer versions of OS?

Apart from that I'd like to thank you and everyone who helped me since past 3 days 😊🙏

It's safe now, you can update till Ventura.

It's safe now, you can update till Ventura.

Got it mate, updated to Ventura successfully. 🙏

Is this solution supposed to block the device enrollment popup as well?
I have followed all the steps in this guide and I still get the annoying popup once in a while...
My hosts file looks like this:

cat /private/etc/hosts  
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com

My MBP M1 bypass MDM completely on MacOS 11.6. Can I upgrade to MacOS 13.3 via Setting? Do I need to bypass MDM again after upgrade? Thanks.

How did you bypass? Kindly help, thanks in advance

Sorry. My English is not good enough. I mean I did Disable Device Enrollment Program (DEP) notification on MacOS 11.6 already. After that can I upgrade to MacOS 13.3 via Settings? Do I need to do Disable Device Enrollment Program (DEP) notification again after upgrade?

It's safe now, you can update till Ventura.

Got it mate, updated to Ventura successfully. 🙏

Do you need to do Disable Device Enrollment Program (DEP) notification (bypass MDM) again after upgrade to Ventura? Do you get the annoying popup MDM?

It's safe now, you can update till Ventura.

Got it mate, updated to Ventura successfully. 🙏

Do you need to do Disable Device Enrollment Program (DEP) notification (bypass MDM) again after upgrade to Ventura? Do you get the annoying popup MDM?

No, you don't.

It's safe now, you can update till Ventura.

Got it mate, updated to Ventura successfully. 🙏

Do you need to do Disable Device Enrollment Program (DEP) notification (bypass MDM) again after upgrade to Ventura? Do you get the annoying popup MDM?

No, you don't.

Thank you.

i got a 16inch m2 max mbp , im try to lift the mdm dep :

Venturo is pre-installed in the system, and I try to downgrade to Monterey, but it shows that it cannot be installed on the original hard disk; at “Choose your country/location” dialogue, there is no choose “continue without an internet connection” select , must be connect WIFI

Warn everyone, m2 pro & m2 max has no way to lift the mdm restriction

anyone unlock mdm success?

Hi all.. I have an M2 MacBook Pro with Ventura OS installed. Any tips on how to bypass MDM completely? If you can please advise that would be highly appreciated

M1 / M2 are locked down at a hardware level the only reason M1’s can be bypassed was through the internet connection  loophole in Monterey M2 are shipped with Ventura and as of now there is no way to downgrade the OS it shipped with They have patched the internet bypass in Ventura so I’m afraid unless someone else knows different there is no way to bypass it on an M2.Don’t waste your money on paying for a “bypass” program either as these just automate the process listed at the start of this gist.Sent from my iPhoneOn 28 Apr 2023, at 08:42, shepered ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.Hi all.. I have an M2 MacBook Pro with Ventura OS installed. Any tips on how to bypass MDM completely? If you can please advise that would be highly appreciated—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

@spiralz23 Many thanks for your reply. Did you check @joshworksit earlier method? They mentioned it works and successfully managed to bypass MDM on Ventura, but the steps are not clear to me.

Anyone else managed to bypass it using Ventura with the M2 machine?

@joshworksit @gwshaw could you please advise? Many thanks in advance

@spiralz23 Many thanks for your reply. Did you check @joshworksit earlier method? They mentioned it works and successfully managed to bypass MDM on Ventura, but the steps are not clear to me.

Anyone else managed to bypass it using Ventura with the M2 machine?

No sorry I haven't checked recently I may well be wrong it was my understanding of it is all, apologies if I've given incorrect information.
If there is a workaround fro M2 mac's thats great news. Good luck.

@shepered you can try this way:

Setup DNS for block these domain:

deviceenrollment.apple.com
mdmenrollment.apple.com
iprofiles.apple.com
gdmf.apple.com

Apply DNS for your router. Purpose, it will block request to MDM server of Apple. Then you can renew install ( erase and reinstall) MacOS Ventura normally. After install, you can active your mac without network and after that, you should add these line below into etc/hosts:

0.0.0.0 deviceenrollment.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 iprofiles.apple.com
0.0.0.0 gdmf.apple.com

Maybe helpful

@shepered you can try this way:

Setup DNS for block these domain:

deviceenrollment.apple.com mdmenrollment.apple.com iprofiles.apple.com gdmf.apple.com

Apply DNS for your router. Purpose, it will block request to MDM server of Apple. Then you can renew install ( erase and reinstall) MacOS Ventura normally. After install, you can active your mac without network and after that, you should add these line below into etc/hosts:

0.0.0.0 deviceenrollment.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 iprofiles.apple.com 0.0.0.0 gdmf.apple.com

Maybe helpful

@duyjack many thanks for your reply. The problem is that Ventura requires an internet connection during setup.

@spiralz23 Many thanks for your reply. Did you check @joshworksit earlier method? They mentioned it works and successfully managed to bypass MDM on Ventura, but the steps are not clear to me.
Anyone else managed to bypass it using Ventura with the M2 machine?

No sorry I haven't checked recently I may well be wrong it was my understanding of it is all, apologies if I've given incorrect information. If there is a workaround fro M2 mac's thats great news. Good luck.

Thanks for trying to help @spiralz23 .. @ALL Has anyone successfully fully bypassed M2 or Ventura? Please advise

Is this solution supposed to block the device enrollment popup as well? I have followed all the steps in this guide and I still get the annoying popup once in a while... My hosts file looks like this:

cat /private/etc/hosts  
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com

I have the same issue, were you able to get it to stop?

Is this solution supposed to block the device enrollment popup as well? I have followed all the steps in this guide and I still get the annoying popup once in a while... My hosts file looks like this:

cat /private/etc/hosts  
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com

I have the same issue, were you able to get it to stop?

Unfortunately I have not been able to stop the popups...

@donkelonio I ran sudo profiles remove -all and I haven't received notifications since.
Got the instructions from: here

here

@shahriar-shojib I did not have any profiles to remove... You may want to wait a few hours to see if you truly got rid off it... in my case the popup comes up at random times...

stop the popups...

Im no expert, but I added one more entry in my host file. Hope this helps

STEP 1: open terminal and type:
sudo profiles show -type enrollment (press enter)
Type in your password.

This will show you the current enrollment configuration your Mac has
.
STEP 2: copy the domain mentioned in "ConfigurationURL" by selecting the address without the (").

STEP 3: type:
sudo pico /etc/hosts (press enter)
Type in your password
you should see something like this...
.##
.# Host Database
.#
.# localhost is used to configure the loopback interface
.# when the system is booting. Do not change this entry.

127.0.0.1 localhost
... broadcasthost
::1 localhost

STEP 4: use your arrow key to go down to the bottom, press "return" twice and type:
127.0.0.1 iprofiles.apple.com (press enter) and you are about to paste the configuration url copied in step 2.
 127.0.0.1 paste the "ConfigurationURL" you copied in step 2 (press enter)
Below is an example of what it looks like in my case...

.##
.# Host Database
.#
.# localhost is used to configure the loopback interface
.# when the system is booting. Do not change this entry.
.##
127.0.0.1 localhost
... broadcasthost
::1 localhost

127.0.0.1 iprofiles.apple.com
127.0.0.1 https://jss.client-******************
Use control+ O to write then the "Return" key so that it writes over that file, then control+ X to exit.

STEP 5: Clear the cache by typing:
sudo dscacheutil -flushcache (press enter)

STEP 6: proceed to delete the profile by typing:
sudo profiles remove -all
Keep in mind that this command will delete all other profiles you may have.
Finally, you can check for the enrollment profile again (STEP 1), you should get an error saying that it could not be retrieved given that you blocked the domain from where it's retrieved:
sudo profiles show -type enrollment

Error fetching Device Enrollment configuration: (34000) Error Domain=MCCloudConfigurationErrorDomain Code=34000 "The device failed to request configuration from the cloud." UserInfo={NSLocalizedDescription=The device failed to request configuration from the cloud., CloudConfigurationErrorType=CloudConfigurationFatalError}

And the notification is gone for good.

Has anyone successfully fully removed the MDM from M2 Ventura MacBook Pro? Thanks

stop the popups...

Im no expert, but I added one more entry in my host file. Hope this helps

STEP 1: open terminal and type: sudo profiles show -type enrollment (press enter) Type in your password.

This will show you the current enrollment configuration your Mac has . STEP 2: copy the domain mentioned in "ConfigurationURL" by selecting the address without the (").

STEP 3: type: sudo pico /etc/hosts (press enter) Type in your password you should see something like this... .## .# Host Database .# .# localhost is used to configure the loopback interface .# when the system is booting. Do not change this entry.

127.0.0.1 localhost ... broadcasthost ::1 localhost

STEP 4: use your arrow key to go down to the bottom, press "return" twice and type: 127.0.0.1 iprofiles.apple.com (press enter) and you are about to paste the configuration url copied in step 2.
 127.0.0.1 paste the "ConfigurationURL" you copied in step 2 (press enter) Below is an example of what it looks like in my case...

.## .# Host Database .# .# localhost is used to configure the loopback interface .# when the system is booting. Do not change this entry. .## 127.0.0.1 localhost ... broadcasthost ::1 localhost

127.0.0.1 iprofiles.apple.com 127.0.0.1 https://jss.client-****************** Use control+ O to write then the "Return" key so that it writes over that file, then control+ X to exit.

STEP 5: Clear the cache by typing: sudo dscacheutil -flushcache (press enter)

STEP 6: proceed to delete the profile by typing: sudo profiles remove -all Keep in mind that this command will delete all other profiles you may have.
Finally, you can check for the enrollment profile again (STEP 1), you should get an error saying that it could not be retrieved given that you blocked the domain from where it's retrieved: sudo profiles show -type enrollment

Error fetching Device Enrollment configuration: (34000) Error Domain=MCCloudConfigurationErrorDomain Code=34000 "The device failed to request configuration from the cloud." UserInfo={NSLocalizedDescription=The device failed to request configuration from the cloud., CloudConfigurationErrorType=CloudConfigurationFatalError}

And the notification is gone for good.

Let me start by mentioning that I had connected to a VPN that may have bypassed the host file and thus correctly resolved the IP of the domains mentioned in the original post. Thus, by clearing the DNS cache, the popup is no longer showing up.
There are a few things that may not be correct with your post. First, you should follow the process discussed in the original post to edit the host file. However, I dont think you need to add the additional URL (in your case "127.0.0.1 https://jss.client-***"). The host file should not contain mentions of protocols such as https, but only the domain name that needs to be resolved statically to an IP.

@donkelonio Are you M2 Ventura? Thanks

@donkelonio Are you M2 Ventura? Thanks

@Vicki-Olesen I am on an Intel Core i5 running Ventura 13.0

@donkelonio Thanks for your reply and kind help and assistance; much appreciated. So you did the whole MDM process on Ventura? Or earlier OS and then upgraded to Ventura?

stop the popups...

Im no expert, but I added one more entry in my host file. Hope this helps

STEP 1: open terminal and type: sudo profiles show -type enrollment (press enter) Type in your password.

This will show you the current enrollment configuration your Mac has . STEP 2: copy the domain mentioned in "ConfigurationURL" by selecting the address without the (").

STEP 3: type: sudo pico /etc/hosts (press enter) Type in your password you should see something like this... .## .# Host Database .# .# localhost is used to configure the loopback interface .# when the system is booting. Do not change this entry.

127.0.0.1 localhost ... broadcasthost ::1 localhost

STEP 4: use your arrow key to go down to the bottom, press "return" twice and type: 127.0.0.1 iprofiles.apple.com (press enter) and you are about to paste the configuration url copied in step 2.
 127.0.0.1 paste the "ConfigurationURL" you copied in step 2 (press enter) Below is an example of what it looks like in my case...

.## .# Host Database .# .# localhost is used to configure the loopback interface .# when the system is booting. Do not change this entry. .## 127.0.0.1 localhost ... broadcasthost ::1 localhost

127.0.0.1 iprofiles.apple.com 127.0.0.1 https://jss.client-****************** Use control+ O to write then the "Return" key so that it writes over that file, then control+ X to exit.

STEP 5: Clear the cache by typing: sudo dscacheutil -flushcache (press enter)

STEP 6: proceed to delete the profile by typing: sudo profiles remove -all Keep in mind that this command will delete all other profiles you may have.
Finally, you can check for the enrollment profile again (STEP 1), you should get an error saying that it could not be retrieved given that you blocked the domain from where it's retrieved: sudo profiles show -type enrollment

Error fetching Device Enrollment configuration: (34000) Error Domain=MCCloudConfigurationErrorDomain Code=34000 "The device failed to request configuration from the cloud." UserInfo={NSLocalizedDescription=The device failed to request configuration from the cloud., CloudConfigurationErrorType=CloudConfigurationFatalError}

And the notification is gone for good.

Hi @pritpalspall thanks for this info. Are you M2 or Ventura? Thanks

Hi All, Any updates on fully removing the MDM from M2 Ventura MacBook Pro? Thanks

I don't think it's possible at the moment. Since you can't downgrade new Macs (M2) to Big Sur.

@alucardness really :/? I saw heard that some people managed to bypass it on M2.

Hi, OP here. This is how I bypassed MDM/DEP on my M2 Macbook Pro with Ventura:

1. Blocked iprofiles.apple.com, mdmenrollment.apple.com and deviceenrollment.apple.com in my router.
2. On first install, I could skip internet connection
3. On first login (still without network), I opened a Terminal and updated my /etc/hosts:

echo 0.0.0.0 iprofiles.apple.com | sudo tee -a /etc/hosts
echo 0.0.0.0 mdmenrollment.apple.com | sudo tee -a /etc/hosts
echo 0.0.0.0 deviceenrollment.apple.com | sudo tee -a /etc/hosts

4. Removed any lingering profiles just in case:

sudo profiles remove -all

Done. I haven't seen any MDM/DEP requests, even after upgrading to later versions of Ventura.

I have also done some additional stuff, but I don't believe it's necessary:

• Bought and installed the Little Snitch firewall, and blocked incoming and outcoming network for /usr/libexec/teslad and /usr/libexec/mdmclient, as well as the hosts in pt. 1.
• Disabled teslad and mdmclient services:

  sudo launchctl disable system/com.apple.devicemanagementclient.teslad
  sudo launchctl disable gui/501/com.apple.mdmclient.agent
  

Hi, OP here. This is how I bypassed MDM/DEP on my M2 Macbook Pro with Ventura:

1. Blocked iprofiles.apple.com, mdmenrollment.apple.com and deviceenrollment.apple.com in my router.
2. On first install, I could skip internet connection
3. On first login (still without network), I opened a Terminal and updated my /etc/hosts:

echo 0.0.0.0 iprofiles.apple.com | sudo tee -a /etc/hosts
echo 0.0.0.0 mdmenrollment.apple.com | sudo tee -a /etc/hosts
echo 0.0.0.0 deviceenrollment.apple.com | sudo tee -a /etc/hosts

4. Removed any lingering profiles just in case:

sudo profiles remove -all

Done. I haven't seen any MDM/DEP requests, even after upgrading to later versions of Ventura.

I have also done some additional stuff, but I don't believe it's necessary:

• Bought and installed the Little Snitch firewall, and blocked incoming and outcoming network for /usr/libexec/teslad and /usr/libexec/mdmclient, as well as the hosts in pt. 1.
• Disabled teslad and mdmclient services:

  sudo launchctl disable system/com.apple.devicemanagementclient.teslad
  sudo launchctl disable gui/501/com.apple.mdmclient.agent
  

Awesome.. many thanks for the update @henrik242 .. Could you please share the output when you do the below command in Terminal (to verify the DEP status) using your method in M2? Thanks

$ profiles status -type enrollment

@henrik242 I am doing your steps now .. Could you please advise how you skipped the internet connection on the first install? Many thanks for your kind help and assistance; much appreciated

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air

Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did
On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.

On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.

Once the restore is finished.
Remove the External SSD
Boot from the internal disk

You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.

Now you boot again using the USB BOOT Ventura disk.
REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.

Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.

Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.

Enjoy. took me a while to figure this out after trying many things.

I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.

You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air

Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.

On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.

Once the restore is finished. Remove the External SSD Boot from the internal disk

You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.

Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.

Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.

Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.

Enjoy. took me a while to figure this out after trying many things.

I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.

You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Many thanks @maclover696 for your method... Could you please share the output when you do the below command in Terminal (to verify the DEP status) using your method in M2? Thanks

$ profiles status -type enrollment

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Many thanks @maclover696 for your method... Could you please share the output when you do the below command in Terminal (to verify the DEP status) using your method in M2? Thanks

$ profiles status -type enrollment

here you go

Enrolled via DEP: No
MDM enrollment: No

The screens for MDM enrollment never showed up because I completely bypassed it thru the first computer. Yes, it does require another M1 computer that' Non-DEP but that process is just once to build the External SSD OS once.

I did find some videos about disabling wifi, login, enable wifi, download some software (is that sofware safe? Something about Checkm8) but I don't want to install software - I'm sure it's fine since people are using it but I don't want to run csrutil either, terminal etc.

Anyway, I felt it was too much babysitting the process so I rather just instal lit twice with my method cuz I can just go to sleep after part 1 started and just do part 2 and set it and forget it.

Much easier and requires no real attention to watch it install.

And the benefit of my method is that my external SSD can be updated with latest software so any new Macs I install would have all of the software I normally want on it. Visual Studio code, nodejs, docker etc. It's an "golden image" for my own base build!

Glad I was able to contribute to this new method! I've been using the csrutil editing hosts tricks for many years. Frustrated a long time that I cannot do the same on M1 and Carbon Copy and SuperDuper are all failing also. My method can also help you dupe an working mac completely if you ever say upgrade to a new computer and co not want to reset- everything from scratch. I don't think Migration Assistant will migrate stuff I installed manually via GIT etc in various directories so I rather just copy it all as is in the future.

@maclover696
Thank you for your detailed guide.

I was wondering if this guide works, if i only have a Macbook Pro Late 2017 model or do i need a macbook with the new M1/M2 architecture ?

very good,thank you.

I have a M1 devices that I'm pretty sure I was able to disable the mdm profile off of, I don't see it popping up anymore and I have admin access, I ran the sudo script to see if there was any profiles listed and it said no profiles found. I was able to update to Ventura, will I be good to update in the future?

检查命令路径，可以使用TAB按键补全 发自我的iPhone

…

------------------ Original ------------------ From: thrashingkitten ***@***.***&gt; Date: Sun,May 7,2023 1:39 AM To: thrashingkitten ***@***.***&gt; Cc: Comment ***@***.***&gt; Subject: Re: henrik242/Disable Device Enrollment Program (DEP) notificationon macOS Monterey.md @thrashingkitten commented on this gist. I have a M1 devices that I'm pretty sure I was able to remove the mdm profile off of, I don't see it popping up anymore and I have admin access, I ran the sudo script to see if there was any profiles listed and it said no profiles found. I was able to update to Ventura, will I be good to update in the future? — Reply to this email directly, view it on GitHub or unsubscribe. You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS or Android. &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;

I have a M1 devices that I'm pretty sure I was able to disable the mdm profile off of, I don't see it popping up anymore and I have admin access, I ran the sudo script to see if there was any profiles listed and it said no profiles found. I was able to update to Ventura, will I be good to update in the future?

Yes

On restart after big sur install I pull the power from my router to stop it picking up wifi. Don’t let it get to the region screen. Other than that it worked a treat.

…

On Fri, 28 Apr 2023 at 6:36 pm, Vicki ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ @joshworksit <https://github.com/joshworksit> @gwshaw <https://github.com/gwshaw> could you please advise? Many thanks in advance — Reply to this email directly, view it on GitHub <https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd#gistcomment-4551597> or unsubscribe <https://github.com/notifications/unsubscribe-auth/A7LNH23BI3TDU73GGG7N6S3XDN6QZBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMBRGYYTCMRSU52HE2LHM5SXFJTDOJSWC5DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Many thanks @maclover696 for your method... Could you please share the output when you do the below command in Terminal (to verify the DEP status) using your method in M2? Thanks
$ profiles status -type enrollment

here you go

Enrolled via DEP: No MDM enrollment: No

The screens for MDM enrollment never showed up because I completely bypassed it thru the first computer. Yes, it does require another M1 computer that' Non-DEP but that process is just once to build the External SSD OS once.

I did find some videos about disabling wifi, login, enable wifi, download some software (is that sofware safe? Something about Checkm8) but I don't want to install software - I'm sure it's fine since people are using it but I don't want to run csrutil either, terminal etc.

Anyway, I felt it was too much babysitting the process so I rather just instal lit twice with my method cuz I can just go to sleep after part 1 started and just do part 2 and set it and forget it.

Much easier and requires no real attention to watch it install.

And the benefit of my method is that my external SSD can be updated with latest software so any new Macs I install would have all of the software I normally want on it. Visual Studio code, nodejs, docker etc. It's an "golden image" for my own base build!

Glad I was able to contribute to this new method! I've been using the csrutil editing hosts tricks for many years. Frustrated a long time that I cannot do the same on M1 and Carbon Copy and SuperDuper are all failing also. My method can also help you dupe an working mac completely if you ever say upgrade to a new computer and co not want to reset- everything from scratch. I don't think Migration Assistant will migrate stuff I installed manually via GIT etc in various directories so I rather just copy it all as is in the future.

@maclover696 Do you know if this method works on a Mac that is not M1/M2?

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Many thanks @maclover696 for your method... Could you please share the output when you do the below command in Terminal (to verify the DEP status) using your method in M2? Thanks
$ profiles status -type enrollment

here you go
Enrolled via DEP: No MDM enrollment: No
The screens for MDM enrollment never showed up because I completely bypassed it thru the first computer. Yes, it does require another M1 computer that' Non-DEP but that process is just once to build the External SSD OS once.
I did find some videos about disabling wifi, login, enable wifi, download some software (is that sofware safe? Something about Checkm8) but I don't want to install software - I'm sure it's fine since people are using it but I don't want to run csrutil either, terminal etc.
Anyway, I felt it was too much babysitting the process so I rather just instal lit twice with my method cuz I can just go to sleep after part 1 started and just do part 2 and set it and forget it.
Much easier and requires no real attention to watch it install.
And the benefit of my method is that my external SSD can be updated with latest software so any new Macs I install would have all of the software I normally want on it. Visual Studio code, nodejs, docker etc. It's an "golden image" for my own base build!
Glad I was able to contribute to this new method! I've been using the csrutil editing hosts tricks for many years. Frustrated a long time that I cannot do the same on M1 and Carbon Copy and SuperDuper are all failing also. My method can also help you dupe an working mac completely if you ever say upgrade to a new computer and co not want to reset- everything from scratch. I don't think Migration Assistant will migrate stuff I installed manually via GIT etc in various directories so I rather just copy it all as is in the future.

@maclover696 Do you know if this method works on a Mac that is not M1/M2?

Yes, it works. I tried it on couple of Intel x86 Macbooks.

What you do need to do is--- make sure you go into Secure Boot and enable boot from external USBs. That seems to be something that was off by default on couple of my Intel Macbooks and I had to allow it to boot from external drives.

Otherwise it works the same way I did it on the M2 or M1 Macbook Air.

Note you have to create a new image off of another Intel x86 macbook first that is Non-DEP Enabled. You cannot use the M1/M2 OS replica on Intel x86. Just want to make sure I clarified that point.

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air

Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.

On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.

Once the restore is finished. Remove the External SSD Boot from the internal disk

You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.

Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.

Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.

Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.

Enjoy. took me a while to figure this out after trying many things.

I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.

You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Do you know if this method works on macbook Pro M2 max 2023?
And also, do I have to use m1/m2 mac or any older Mac devices? Because I have an older Macbook 2015

Question for those who have tried to bypass DEP via the "install the OS on a second machine" method that's been detailed above. After the install, has anyone tried to setup (or use their existing) Apple ID on the new machine, if so — where there any issues?

I bought an as-is MBP 16" 2019 model for parts, surprisingly  — I was able to get it back up and running but I'm getting the "The xxx can automatically configure your Mac" popup.

@aviloveN Could you write steps you went through, please? May I contact you somehow?

Question here.....So I have paid for a service prior to seeing these months ago on my wife's laptop and iMac....I cannot do Auto updates I have to download the full OS and run it that way.
I just did another MacBook Air 2020 using the echo "0.0.0.0..." method mentioned and seems to have worked, but again, no MacOS updates OTA...I have to go into the AppStore and download them 100% all 12GB of them. Kind of annoying if ya ask me! Any way to get OTA back up and working?

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Do you know if this method works on macbook Pro M2 max 2023? And also, do I have to use m1/m2 mac or any older Mac devices? Because I have an older Macbook 2015

It should work on M2 Pro Max. I built the image on M1 Pro Max. the deployed it on M2 Air and M1 Pro and M1 Air.

You must use M1/M2 as the first Mac non-DEP in order to get the proper image for Apple Silicon.

Your 2015 Macbook is Intel chipset and will not work.

Question here.....So I have paid for a service prior to seeing these months ago on my wife's laptop and iMac....I cannot do Auto updates I have to download the full OS and run it that way. I just did another MacBook Air 2020 using the echo "0.0.0.0..." method mentioned and seems to have worked, but again, no MacOS updates OTA...I have to go into the AppStore and download them 100% all 12GB of them. Kind of annoying if ya ask me! Any way to get OTA back up and working?

no idea since we have no idea what this paid-service did to your computer to bypass DEP. It sounds like some weird method as I was able to run updates in the Intel bypass methods for many years.

Question for those who have tried to bypass DEP via the "install the OS on a second machine" method that's been detailed above. After the install, has anyone tried to setup (or use their existing) Apple ID on the new machine, if so — where there any issues?

No issues, I've done this like 4 times already. It will ask you to authenticate again (because I didn't log out when I built the image from the first Apple Silicon non-DEP machine)

I bought an as-is MBP 16" 2019 model for parts, surprisingly  — I was able to get it back up and running but I'm getting the "The xxx can automatically configure your Mac" popup.

You can use the old DEP bypass method on the Intel MBP 16. Or you can do exactly what I did. I replicated the built image from non-DEP then deploy to DEP-enabled machine method using Intel Macs also. It's the same procedure but you do need to make sure the intel Macbook are set to allow external USB boot. It's in recovery mode secure boot utilities.

Question here.....So I have paid for a service prior to seeing these months ago on my wife's laptop and iMac....I cannot do Auto updates I have to download the full OS and run it that way. I just did another MacBook Air 2020 using the echo "0.0.0.0..." method mentioned and seems to have worked, but again, no MacOS updates OTA...I have to go into the AppStore and download them 100% all 12GB of them. Kind of annoying if ya ask me! Any way to get OTA back up and working?

no idea since we have no idea what this paid-service did to your computer to bypass DEP. It sounds like some weird method as I was able to run updates in the Intel bypass methods for many years.

So, this is with the Paid service...and also, using the method at the top of the page and still won't update the MacOS. I might try the method before...However I will say I have bypassed them with installs before and a few days later that popup comes up...wondering if that depends on the MDM?

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Are you saying that this method completely rids the Mac of any DEP going forward? So if I wanted to do a clean install a year from now or update to whatever comes after Ventura, I'll no longer have to jump through hoops ever again?

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air

Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.

On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.

Once the restore is finished. Remove the External SSD Boot from the internal disk

You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.

Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.

Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.

Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.

Enjoy. took me a while to figure this out after trying many things.

I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.

You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

How to Bypass Activation Lock on Mac:

5/14/23 - another successful bypass of DEP on M1 2020 MacBook Air with Ventura (credit goes to @maclover696 👏👏👏)

Here is an updated version that works (modified steps to erase internal physical drive, which forces device restart into Activation screen):

Pre-requirements:

• Mac with Activation Lock
• Unlocked Mac laptop or desktop (e.g., M1, M2, Pro, Mini, Studio, etc.) - not enrolled in Device Enrollment Program (DEP) / Mobile Device Management (MDM)
• USB Flash Drive (14GB+ USB3.x/USB-C/Thunderbolt) - To create a USB Boot installer for macOS
• External SSD (50GB+ USB3.x/USB-C/Thunderbolt) - To install and boot from external drive

Step by step instructions on:

Unlocked Mac

1. Create a bootable installer with macOS Ventura on USB Flash Drive, see instructions at https://support.apple.com/en-us/HT201372
2. Restart and boot from USB Flash Drive with macOS Ventura
3. Install macOS Ventura on the External SSD
4. Finish installation and create a user account
5. Boot from External SSD to make sure it is working

Congrats 🎉🎉🎉 now you have a bootable external SSD

Mac with Activation Lock*

1. Boot into Recovery mode, see instructions at https://support.apple.com/en-us/HT201255
2. Open Disk Utility > select Internal Drive (or Macintosh HD) > click Restore > select External SSD (this process will fail, nothing to worry about)
3. Erase Internal Drive (all volumes)
4. Repeat step 3 above, select Internal Drive (or Macintosh HD) > click Restore > select External SSD. Be patient, the restoration speed varies depending on the type of External SSD and connectivity - some 45-60min on Samsung 980Pro 1TB NVMe in Sabrent USB-C enclosure. (this time the operation will succeed)
5. Shut down > remove External SSD
6. Boot from Internal Drive (this process will fail, and it will restart into Recovery mode, nothing to worry about)
7. Restart and boot from USB Flash Drive with macOS Ventura
8. Connect to WiFi/LAN, macOS Ventura requires internet connection for installation (no need to block ports on your router or /etc/hosts hacks, csrutil, etc.)
9. Install macOS Ventura from USB Flash Drive to Internal Drive (this time do not erase internal drive)
10. Restart after the OS installation is complete and login with the user credentials created on External SSD installation (step 4 from unlocked Mac)

Congrats 🎉🎉🎉 you've just 🔗‍💥 bypassed DEP/Business Manager

*Depending on the state of your Mac, you may need Apple Configurator to revive / restore your Mac to bring it back to life. See instructions at https://support.apple.com/guide/apple-configurator-mac/revive-or-restore-a-mac-with-apple-silicon-apdd5f3c75ad/mac and Apple Silicon M1/M2 macOS IPSW Firmware Restore Files Database https://mrmacintosh.com/apple-silicon-m1-full-macos-restore-ipsw-firmware-files-database/ alternatively Apple Configurator will download automatically the latest version.

Question here.....So I have paid for a service prior to seeing these months ago on my wife's laptop and iMac....I cannot do Auto updates I have to download the full OS and run it that way. I just did another MacBook Air 2020 using the echo "0.0.0.0..." method mentioned and seems to have worked, but again, no MacOS updates OTA...I have to go into the AppStore and download them 100% all 12GB of them. Kind of annoying if ya ask me! Any way to get OTA back up and working?

no idea since we have no idea what this paid-service did to your computer to bypass DEP. It sounds like some weird method as I was able to run updates in the Intel bypass methods for many years.

So, this is with the Paid service...and also, using the method at the top of the page and still won't update the MacOS. I might try the method before...However I will say I have bypassed them with installs before and a few days later that popup comes up...wondering if that depends on the MDM?

Hi @mabearce1 @maclover696 .. would I be able to do updates normally? Thanks

Question here.....So I have paid for a service prior to seeing these months ago on my wife's laptop and iMac....I cannot do Auto updates I have to download the full OS and run it that way. I just did another MacBook Air 2020 using the echo "0.0.0.0..." method mentioned and seems to have worked, but again, no MacOS updates OTA...I have to go into the AppStore and download them 100% all 12GB of them. Kind of annoying if ya ask me! Any way to get OTA back up and working?

no idea since we have no idea what this paid-service did to your computer to bypass DEP. It sounds like some weird method as I was able to run updates in the Intel bypass methods for many years.

So, this is with the Paid service...and also, using the method at the top of the page and still won't update the MacOS. I might try the method before...However I will say I have bypassed them with installs before and a few days later that popup comes up...wondering if that depends on the MDM?

Hi @mabearce1 @maclover696 .. would I be able to do updates normally? Thanks

I’ve never been able to that was my question

@Vicki-Olesen @mabearce1 updates are working fine, you can login with an Apple ID, access appstore to get, install or update any software, including system updates.

Alternatively, in case you don't want to login, you can always update macOS, and any installed software on your External USB, however you will need to repeat the process above on both devices, as suggested by @maclover696

If you are interested to learn how DEP/MDM works, and what happens to a device without DEP (run profiles status -type enrollment to confirm), these are good links:
Apple Guide
Device with DEP
Using DEP

Things to remember your device hits different Apple servers:

• during macOS Ventura installation to check DEP status (MDM servers)
• when you run profiles status -type enrollment (MDM servers)
• login with Apple ID (Discover Authentication Servers)

Apple device without DEP is like Twitter tweet with Elon's 🔬

Many thanks @predragcvetkovski for your kind assistance; much appreciated. So can you confirm that you can update your Mac OS normally via General -> Software Update in system settings? No DEP notifications are sent to you after this without blocking hosts written in earlier threads and comments?

One last thing, what does the below command line show when you write it in the terminal?

sudo profiles show -type enrollment

@maclover696 I would highly appreciate it if you can advise as well.

Many thanks again for both of you

@predragcvetkovski @maclover696 Could you please advise? Many thanks

For Inel based MacBooks (Air and Pro), I was able to validate the method given by @predragcvetkovski and @maclover696

Note, if you connect to internet during the restore process from an external SSD having clean ventura 13.3.1 installed along with a created super user, then it restores quickly without any errors and boots into internal mac also without any errors.

Output of DEP/MDM:
% sudo profiles show -type enrollment
Error fetching Device Enrollment configuration: Client is not DEP enabled.
% sudo profiles status -type enrollment
Enrolled via DEP: No
MDM enrollment: No

Again thanks @predragcvetkovski and @maclover696 for detailing the steps. This is the most easiest and safest method to bypass MDM/DEP on Intel based MacBooks.

OTA updates worrk, I was able to install Ventura macOS Security Response 13.3.1 (a) at the time of this writing without any issues.

Update: Continued testing the external SSD having Venrtura 13.3.1 with super user which was created by non-MDM/non-DEP Intel based MacBook on M1/Apple silicon based MacBook Pro (with MDM/DEP)

And it still works!

Restore option fails but manages to replicate the external SSD onto the internal SSD.
Fails to boot up using intenral SSD and complains that the OS has to be reinstalled
Installed via bootable USB having Ventura OS (this was also created by non-MDM/non-DEP Intel Macbook)

Took a long time to repair and install.

Finally booted into user prmpt which was created on external SSD.

Output of DEP/MDM:
% sudo profiles show -type enrollment
Error fetching Device Enrollment configuration: Client is not DEP enabled.
% sudo profiles status -type enrollment
Enrolled via DEP: No
MDM enrollment: No

Kudos to @predragcvetkovski and @maclover696 for the base method of restoring internal HD with external HD :)

Update: Resetting the mac/erase all settings - brings back the DEP/MDM/Activation so please refrain from doing so.

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air

Need 3 things

1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
2. Once installed, go thru the account creation so you have an account
3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.

On the DEP enabled M1/M2 Mac

1. Boot to recovery mode
2. Disk Utility
3. Erase the internal physical disk
4. Click on internal disk and use the RESTORE option, FROM the external SSD
5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.

Once the restore is finished. Remove the External SSD Boot from the internal disk

You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.

Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.

Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.

Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.

Enjoy. took me a while to figure this out after trying many things.

I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.

You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Is it possible to upload the image file for download at all? for others that don't have access to another M1 Mac? is that at all possible?

I am very new to all of this, updated to Ventura and then wiped Mac without reading anything, so having to learn pretty fast ... ha!

@dutton241-9 : Image is over 12GB, Its better you ask someone in your networking circle to install macOS on an external SSD.

Awesome @eternalgod
So I have an M2 MacBook Pro that has DEP removed. But it is still linked to MDM.

I was waiting for another M1/M2 MacBook before trying @maclover696 method.
Then I saw that you used a non MDM/DEP Intel Mac to create the Ventura SSD to use to restore from.

So I tried that.
Created the Ventura SSD, booted into recovery (held power button) used disk utility to wipe internal drive, however in doing so it asked me to Activate the Mac which needed an internet connection (not seen that on here) I did that.
It restarted but of course the internal drive was empty.
Went back into recovery and got back to disk utility to carry on with the restoring from SSD to the internal drive.
This took like 5 mins, it was super quick as my drive was 9gb installed.
It rebooted. Then the issue with authorisation of the User. So it rebooted back into recovery. This time added the USB Ventura Installer, and booted from that for installing Ventura over the top of the internal disk.
This took about 35 mins. However installed Ventura requires the internet, so again I turned Wi-Fi on (as it failed this first time because I had it off) once finished it then booted from the internal disk to my user prompt perfectly.

All seemed fine until terminal checks returned the following-

sudo profiles status -type enrollment
Enrolled via DEP: No
MDM enrollment: No

all good right?

but
sudo profiles show -type enrollment
Returns the MDM company details and Apple pushes a message asking if I want to enrol the MacBook to that MDM…

does this mean I am going to get those messages periodically now?
Why does status say NO to both, but show brings up the MDM?

have I done something wrong?

@Jbb08 : You did all the steps correctly. Can you please confirm if the external ventura SSD was created indeed from a non-mdm mac?

Is it possible for you to use the previous non-mdm mac and reboot from the external ventura ssd. Log into the admin account and run the same sudo profiles command to make sure you get "Error fetching Device Enrollment configuration: Client is not DEP enabled"?

I rechecked on the MDM enabled M1 Mac at my end and I am still getting the above correct message with sudo profiles show command. I also pigned iprofiles.apple.com, mdmenrollment.apple.com, deviceenrollment.apple.com, gdmf.apple.com and I was able to ping all the servers with DNS correctly providing their ip addresses back. Rechecked again with the command with the same correct response.

I am not sure what went wrong at your end but I strongly suspect the external ventura SSD you created. Both bootable usb ventura installer and external ventura installed ssd should be done with non-mdm/non-dep Mac.

At no point I had turned off the internet when I was restoring. Could you please redo all the steps without turning off internet?

Thanks @eternalgod
So I did discover my USB Ventura Installer was created on an Intel DEP/MDM MBP.
So I recreated it on the non DEP/MDM Intel MBP
At the same time also wiped the SSD and installed Ventura onto it from the Intel non DEP/MDM Intel MBP.

Started whole process again, all with internet fully on.
All went smoothly.
Profiles - status = DEP No , MDM No
Profiles - show = Full company MDM info.
I’m thinking that this computer must call home when ever I sent the request for showing of enrolment detail, and again the mac pushes me to allow it to install the MDM profile of course I don’t.
My last attempt will be to create a Ventura USB installer and SSD installed build on my mates personal M1 MBP which is guaranteed not to have had DEP or MDM on it. Otherwise I have no clue why it’s not working.

also when I tested the SSD Ventura on the non dep/MdM Intel MBP to make sure my admin profile worked, both status and show came back as you describe so that build is free of anything.
Restoring that build then overwriting the build with a fresh install seems to be where it’s going wrong OR
It’s phoning home in the ‘show’ call who knows.

any further thoughts?

@Jbb08 : I honestly don't know why your computer is homing when called for showing of enrollment details. Let us know how the external SSD from M1 non-MDM goes.

Another note: After using Intel based Mac's generated external SSD on a M1 Mac (which worked on my end), the external SSD boots no more and cannot be used to flash any other Macs (both Intel and Apple silicon). So I think its best to create an Intel's external SSD AND Apple silicon's external SSD. Appropriately storing the contents in a separate HD (backup) for future references or copies. It takes a while to build these SSDs especially with custom software etc.

@eternalgod I wonder if you think the external hard drive method is more reliable/convenient over the long term or the host blocking method? Thanks

Thanks @eternalgod
So M1 non dep/mdm machine, created new Ventura USB, then used that usb to create a Ventura ssd with admin profile. Tested working.

completed all steps again with M1 produced ssd restore then usb installer over top.
Rebooted and admin profile appeared.

Status - No Dep and No MDM
Show - full company MDM details…

I have no clue why when it calls iprofiles.apple.com that is must use the serial number and phone the Apple database. I know it’s not DEP enabled but the MDM side is live and these steps don’t work for me I am afraid
Not even @maclover696 method works for me on M2 MBP :(

Hello, this thread was very useful for turning off DEP notifications on a few of my intel macs running Monterey (or earlier), but I am not clear how to do this on an intel mac running Ventura. There are some comments in this thread with M1/M2 macs with Ventura so is the process the same with intel macs? I would prefer no erasing my system internal disk.
Using ikecanvas's post above worked well in Monterey but those instructions don't work for me in Ventura.

@Jbb08 I am sorry it didn't work for you. I guess, the best path going forward is to block the host servers for your case.

@Vicki-Olesen : I found the external SSD restore method to be far more efficient.

For example, for latest MacBook which come with Ventura, an MDM enabled device doesn't have an option to choose "no internet" during setup. This can, however, be bypassed by enabling root user and creating .AppleSetupDone file, and then blocking the host file. But I find this method a bit tedious. Not to mention, in future the host names can always change. Say for example, 13.5 Ventura OS may start polling from a different host server (just saying). So I still believe writing off a MacBook without any client enabled DEP is better than blocking hostnames in host file.

Many thanks @eternalgod for your kind assistance. I actually thought the opposite that if we did it via the SSD method, we have a greater risk of having it caught by any future update from Apple since hosts are not blocked. I will be doing it on my M2 Ventura Macbook Pro this week and will let you know if it worked.

@GeorgeDuke1971 : It is the same prodcedure for Intel macs running on Ventura. Please follow @predragcvetkovski post where the steps are clearly outlined.

Has anyone tested the process @predragcvetkovski detailed using a macOS Monterey Setup on an intel mac, or is this just for Ventura?Just curious to know if anyone has had any success with that.

Thanks to everyone here that's been providing info and feedback. I'm working on a MBP 2019 with t2 chip and using a MBP 2015 as my non-DEP/MDM device to create the installers.

@Jbb08 I am sorry it didn't work for you. I guess, the best path going forward is to block the host servers for your case.

Thanks @eternalgod
I’ve modified the host file to 0.0.0.0 profiles.apple.com
The status returns No for both DEP and MDM, and show returns an error reaching Apple servers I believe, however it’s not the ‘error fetching device enrolment’ one.

do you believe I should do anything else?

@Vicki-Olesen : I found the external SSD restore method to be far more efficient.

For example, for latest MacBook which come with Ventura, an MDM enabled device doesn't have an option to choose "no internet" during setup. This can, however, be bypassed by enabling root user and creating .AppleSetupDone file, and then blocking the host file. But I find this method a bit tedious. Not to mention, in future the host names can always change. Say for example, 13.5 Ventura OS may start polling from a different host server (just saying). So I still believe writing off a MacBook without any client enabled DEP is better than blocking hostnames in host file.

Also @eternalgod you mention a Mac coming default with Ventura can’t skip internet.
My MDM MacBook Pro is a brand new M2 Max 32gb unified memory 1TB and whilst it does not have DEP confirmed, it does have MDM and as previously mentioned despite all attempts I can’t get it to stop phoning home once I use the ‘show’ enrolment terminal check. So my only option is blocking using the host file. But as you say for how long will that work.