Is buying a used m2 with mdm bad?

[TurboJobo]

Someone on my local offerup has a M2 air for 400 dlls, but once i checked it out it had a lot profiles with "cisco". After a quick google search I notice mdm came up, what are the disadvantage of having a laptop with that? iCloud was logged out if that helps. Thanks in advance.

 

[Nermal]

Do not buy a Mac with MDM; in the worst case it doesn't belong to the seller, and in the best case you'll have to liase with the previous owner if you want to do various things (e.g. reinstall the OS). Avoid it.

 

[chrfr]

Someone on my local offerup has a M2 air for 400 dlls, but once i checked it out it had a lot profiles with "cisco". After a quick google search I notice mdm came up, what are the disadvantage of having a laptop with that? iCloud was logged out if that helps. Thanks in advance.

Odds are very good that a computer that new is stolen if it's still enrolled in a corporate management system.

 

[throAU]

Someone on my local offerup has a M2 air for 400 dlls, but once i checked it out it had a lot profiles with "cisco". After a quick google search I notice mdm came up, what are the disadvantage of having a laptop with that? iCloud was logged out if that helps. Thanks in advance.

Unless MDM has been removed from any device, do not buy - MDM can wipe the machine, render it inoperable, etc.

If it is being sold with MDM enabled, it is quite probably STOLEN - and not only are you buying stolen goods, even if you aren't traced and end up with a police visit it will likely stop working when the legitimate owner turns it off and remote disables/deactives it - could be days/weeks/months before the company owning the device determines that one of their users has sold it or it has otherwise gone missing.

Essentially it's like buying an iPhone that has been stolen - the legit owner can have apple block the hardware. Same with MDM.

 

[Fishrrman]

STAY AWAY from any Mac with MDM on it.
It's probably stolen.

If the deal looks too good to be true, it almost certainly is.
Consider yourself as having been duly warned by reading this post.

 

[Ambrosia7177]

What is MDM?

 

[chrfr]

What is MDM?

Mobile Device Management. It's used by organizations to manage their devices.

 

[hobowankenobi]

MDM tools (there are several competing brands) allows low level access (essentially firmware), to manage devices. They are intially set up by Apple directly to allow complete management of devices. You cannot remove them yourself...erasing the drive won't change or remove the managed status.

As mentioned, there are two ways a managed Mac ends up outside of the controlling organizaion:

1. It is stolen, or ownership is otherwise in question
2. It was sold from the institution that owned and manage it, and they forgot to remove control from it.


If it was stolen, it won't be yours to keep, as you essentially bought stolen property. When you contact the controlling institution, they won't unlock it, and will likely ask for it back or send the police your way to collect it.

If it was forgotten or fell through the cracks, when you contact the controlling institution, they will de-actiave their MDM tools remotely, and you will be free to then erase the Mac normally...like any retail-purchased Mac. This is done via a web portal, so they don't need the Mac back to release it. Here is what happens, for example, to release a device from Apple School Manager for machines owned by educational institutions:

Release devices in Apple School Manager

In Apple School Manager, you can remove an Apple device if it’s been sold, lost, or can’t be repaired.

support.apple.com

The Cisco profiles are a likely sign the machine is still enrolled in an MDM...but it is possible to have profiles installed without an MDM connection. Odds arre very low; most likely it is still managed.

 

[Ambrosia7177]

Mobile Device Management. It's used by organizations to manage their devices.

I understand the concept, but didn't know the acronym. Thanks!

 

[Ambrosia7177]

MDM tools (there are several competing brands) allows low level access (essentially firmware), to manage devices. They are intially set up by Apple directly to allow complete management of devices. You cannot remove them yourself...erasing the drive won't change or remove the managed status.

So they are below the OS, or in this case the iOS?

Why can't you get around the MDM?

How expensive are MDMs?

Is that something a consumer could install for added protection against theft?

 

[hobowankenobi]

So they are below the OS, or in this case the iOS?

Why can't you get around the MDM?

How expensive are MDMs?

Is that something a consumer could install for added protection against theft?

Apple has a process that links a device (Mac, iPad, ATV, etc) to an institution. It is not on the drive, so wiping or replacing the drive won't change a thing. I would guess it is a firmware/EFI change...but that is just speculation. It must be firmware...somewhere.

MDM vary quite a bit. Used to be a few free tools out there for limited/small org use, including MacOS Server. 😢

Jamf and Mosyle are 2 of the big brands... Most charge per device managed. Can vary on feature set, number of devices, and market. Likely $3 to $10 per month per device for enterprise tools.

Consumers have some options to track a device like LoJack.

 

[hobowankenobi]

I see Fleet has an open source/community MDM that is free for Mac and Win. There is chatter about other open souce solutions, but what I see look pretty basic, and pretty CLI heavy.

 

[Fishrrman]

OP disappeared. Might have been "a buyer". Or... could he have actually been "the seller" seeing how he could defeat MDM...?

 

[chrfr]

OP disappeared. Might have been "a buyer". Or... could he have actually been "the seller" seeing how he could defeat MDM...?

The OP has been a forum member for 14 years!

 

[chrfr]

So they are below the OS, or in this case the iOS?

Why can't you get around the MDM?

How expensive are MDMs?

Is that something a consumer could install for added protection against theft?

The problem here is that without having access to either Apple Business Manager or Apple School Manager, MDM enrollment can be removed by anyone who has the computer. You can only get access to those Apple services if you have a DUNS number, which requires having a legally defined business, or you're a school/academic institution.

 

[Ambrosia7177]

The problem here is that without having access to either Apple Business Manager or Apple School Manager, MDM enrollment can be removed by anyone who has the computer. You can only get access to those Apple services if you have a DUNS number, which requires having a legally defined business, or you're a school/academic institution.

But could you use MDM if you were a small business?

And would it make financial sense?

 

[chrfr]

But could you use MDM if you were a small business?

And would it make financial sense?

You could but it depends if it's worth the time to you to learn how to properly use the system to manage your computers. For businesses with just a couple of employees it's unlikely to be worthwhile.

 

[hobowankenobi]

But could you use MDM if you were a small business?

And would it make financial sense?

I would add that it also depends how much devices need to be managed per org policies. A good MDM, once setup, can remove the work of at least one tech.

For those with less management requirements, Munki is free and pretty damn good at pushing out software automatically, as well as download portal where users can safely grab whatever is made available. Munki can be used alone, or coupled with an MDM. If I were responsible for an SMB with Macs and a tight budget, Munki would be the tool to beat.

A nice list of open-source MDM-like tools here.

 

[gilby101]

Why can't you get around the MDM?

The purpose of MDM is to allow that IT admins (or whoever) to control the configuration of Mac and NOT the user of the Mac. So an MDM you (the user) can get around would not be very good.