Can MDM enrollment to be "turned off" on 2019 16" macbook pro laptop?

[lovecd]

Bought a used 2019 16" macbook pro from a local buyer recently, found it has small pop up windows shows up occationally, displaying "enrollment with xxx (company name), cancel or allow? It looks like this laptop has MDM lock on it, but if I choose "cancel" from that pop up window, should MDM lock be temporarily "turned off", and it won't affect using it? Can some one give some comments here?

Thanks,

 

[hg.wells]

It can only be removed by the company that enabled it. My concern would be if seller sold the laptop to you legitimately.

I would contact the seller and ask them to contact their employer / previous employer to get the MDM removed from the laptop.

 

[lovecd]

It can only be removed by the company that enabled it. My concern would be if seller sold the laptop to you legitimately.

I would contact the seller and ask them to contact their employer / previous employer to get the MDM removed from the laptop.

So, selecting “cancel” from that pop up enrollment window won’t turn this lock off at all, the remote can still do some thing to my laptop in this case?

 

[Fishrrman]

Sounds like you might have bought stolen property, or a Mac that was supposed to be returned (to the company that owns it) by the previous owner, but was not.

You'll have to contact the company that "owns" the Mac (and MDM) and see if they will remove it.

If they won't -- or if they're impossible to find (gone out of business) -- then you will either:
- have to learn to live with it
or...
- put it into the closet, write it off, and NEXT TIME buy a Mac from a "known good" source that is actually usable.

There might be tools that can remove mdm software.
But you'll have to look for them yourself.

 

[Hicksmat1976]

might not be stolen

we tend to sell on old laptops to a 3rd party who in turn sells them to the general public, however before we do that we have to make sure the device is not still in ASM/ABM and also not enrolled into an MDM (such as JamfPro) else the purchaser will end up with a device that auto enrols into our MDM. Even if they wipe it the Mac would still do the same behaviour as its in one/both of ASM/ABM and an MDM.

 

[lovecd]

might not be stolen

we tend to sell on old laptops to a 3rd party who in turn sells them to the general public, however before we do that we have to make sure the device is not still in ASM/ABM and also not enrolled into an MDM (such as JamfPro) else the purchaser will end up with a device that auto enrols into our MDM. Even if they wipe it the Mac would still do the same behaviour as its in one/both of ASM/ABM and an MDM.

So, what kind of problem I may encounter if I continue using it, even NOT selecting “allow” from that pop up window?

 

[hg.wells]

The worst could be that the company is able to remote wipe the laptop. So it’s worth getting it checked out.

 

[lovecd]

The worst could be that the company is able to remote wipe the laptop. So it’s worth getting it checked out.

Noted, thanks!

 

[Hicksmat1976]

So, what kind of problem I may encounter if I continue using it, even NOT selecting “allow” from that pop up window?

check under system preferences, is there a "profiles" icon? if so go inside it and look for anything that looks like its got MDM in the name, select it, and then click on the remove option.

as someone else posted, if the mdm profile isn't installed then you are fine, however its going to carry on being annoying for you as I suspect this device is in apple school/business manager.

 

[chrfr]

check under system preferences, is there a "profiles" icon? if so go inside it and look for anything that looks like its got MDM in the name, select it, and then click on the remove option.

as someone else posted, if the mdm profile isn't installed then you are fine, however its going to carry on being annoying for you as I suspect this device is in apple school/business manager.

For what it’s worth, it’s no longer possible to remove the MDM profile in the several most recent versions of macOS.

 

[Wokis]

The sneaky answer is yes, you can. But you'll have to compromise on SIP settings and won't be able to use system drive encryption. There are several steps to get this working and they have to be redone everytime you get an OS update.

This comment on stackexchange outlines all the steps. There are other "shorter" guides that try to take shortcuts but I found them not to work very well.

During negotiations with my IT dept regarding what (draconic) MDM rules they got to have on my MBP, this is how I went by so I could actually get my work done in the meanwhile.

 

[lovecd]

The sneaky answer is yes, you can. But you'll have to compromise on SIP settings and won't be able to use system drive encryption. There are several steps to get this working and they have to be redone everytime you get an OS update.

This comment on stackexchange outlines all the steps. There are other "shorter" guides that try to take shortcuts but I found them not to work very well.

During negotiations with my IT dept regarding what (draconic) MDM rules they got to have on my MBP, this is how I went by so I could actually get my work done in the meanwhile.

Thanks a lot! By the way, for the second one mentioned in that article, should those mv commands performed under terminal after logged in or under recovery mood before booting up? And also, is there a way to check on settings if remote enrollment has been turned off?