How can I get rid of unauthorized MDM connotations @Roikins

Your issues could be related to iCloud. They have nothing to do with MDM. If you think someone has access to your iCloud account, see this document on Safety Check, a new feature in iOS 16 that can allow you to help remove access to your account quickly: Stop sharing with people and apps with Safety Check on iPhone - Apple Support

You can also look into utilizing Lockdown Mode: Harden your iPhone from a cyberattack with Lockdown Mode - Apple Support

Happy to help. If your accounts are using your personal company email address, your org can take control of those accounts with many vendors (I know I've done it with Zoom, Box, Dropbox, Asana, and more). VPN is essentially the same as being on the corporate network. There is a lot of visibility.

@Roikins and @RobynGreen, I AM SUFFERING THE EXACT SAME THING! I have had 13 phones in the past year and a half, three of them Apple and they CONTINUE to get managed! I could write a book right now about everything he has accomplished to do on my iPhones, including using accessibility, shortcuts, etc. At first I was added as a child in a family, had screen time locked and couldn’t download apps etc, then he moved on to MDM when I caught on. You CANNOT see a profile or messsge saying it is managed, have NO IDEA how this is accomplished but I am SICK of people not believing me ,including all phone customer service reps at Apple… I would tell them what was happening and they would say, “well THATS just NOT POSSIBLE”, and I’d say it WAS because it WAS HAPPENING. Aaaaargh! I will go postal on any rep that tells me to simply change my password, that’ll do it , yeah…I can’t even get into my email now. I could really use connecting with others in the same predicament:)

Suzy q

[Email Edited by Moderator]

Barre2022 wrote:

any advice on this matter would be helpful. I’m in the same situation and do not know where to start.

Could you elaborate? Advice with what?

If you have an MDM profile loaded and cannot remove it, then you have a supervised device, and you will want to contact the owner of the device to relinquish the supervisory lock. The owner of a supervised device is not the user of the device.

If you have a managed device and no longer wish it to be managed, then delete the associated MDM profiles.

If you have indications of civil or criminal activity, contact a lawyer, or contact police.

If you believe you are being monitored, or are being tracked, and if you have had ongoing issues for many months or for years, and if you have already had multiple previous discussions with the Apple Support folks or with other knowledgeable security folks or with digital forensics specialists, conversations seeking to identify and resolve your reported issues, and have gone through (for instance) the Apple personal safety and privacy guide without meaningful results, then it is exceedingly unlikely that you will receive any new or different suggestions, or any sort of new path to resolution, here, today, if ever. Your issues are just beyond what assistance can be offered in a forum.

A developer account doesn't manage a device. An enterprise account does. If you reset a device to factory settings and don't see a remote management screen come up when you try to set the device up, it is not managed by MDM and cannot be managed by MDM without physical access to the device or your explicit actions to install the profile.

What you could be experiencing is a compromised Apple ID. In that case, iOS 16 has a feature called Safety Check that you should use immediately along with immediately changing your password.

If you think your Apple ID has been compromised - Apple Support

How Safety Check on iPhone works to keep you safe - Apple Support

Change your Apple ID password - Apple Support

Adding a device to MDM happens 1 of 4 ways:

1. Automatically because the device was purchased through Apple or an Authorized Reseller that is connected to an Apple Business/School Manager account. Errors can happen here when purchasing through Authorized resellers because some resellers manually key in the serial number rather than automating the process. This is the only way a consumer device can be enrolled without their consent. It is not malicious.
2. Manually by the org owner using Apple Configurator. This requires physical access to the device.
3. Manually by the user going to the enrollment page of the MDM and actively enrolling themselves.
4. Manually by the user going to VPN and Profiles in Settings and logging in with a managed Apple ID linked to the MDM platform.

As you can see, there is only 1 possibility for enrollment without your consent, and because the reseller has no idea who has a given device, they are not malicious.

The processes that concern you are tied to option 1 and are for the security of the organization using the platforms. If the device truly does not belong to the org, they should remove the MDM profile for you.

If, however, you bought the device used or through a less common third party seller, your device could actually belong to the org and they have rights to it.

is Apple working to fix this? Here is the proof asked for

You cannot have a MDM remotely installed on your device.* technically not true

Nor can you be enrolled in a developer program at Apple without your Apple credentials. * So what

?(even if you are enrolled in such a program, and a configuration profile was installed, it would indicate Apple* not true

Further, a MDM cannot migrate anything on your device to anyone else. ****the op is not talking about the Migration out of Syria to more fertile lands a long time ago

It's not letting someone off the hook. It's that this didn't happen in a way the OP suggested. I do have physical control of my device at all time. Physical control includes keeping it locked when not using it. These posts happen often here, and are often a result of an error or of someone who purchased a device that was used.

Only if they own the device or account. Source: Me. Someone who manages thousands of devices for a living. I cannot manage a device not owned by the org without physical possession. If the org owns the device, there is nothing the user can do to prevent me from managing it.

Not necessarily. If a device is removed from MDM or misses MDM somehow on the setup, it can still be tied to the Apple Business/School Manager. This is what determines ownership and the ability to remotely manage a device without user permission. If a device is not in ABM/ASM, then remote management without user permission or physical access is not possible.

MDM can be remotely installed without user consent if the business purchased the device. This protects the business from device theft by employees. MDM cannot be remotely installed without user consent if the business did not purchase the device. User consent or physical access to the device is required to install MDM when the business did not purchase the device. Manually installed MDM is always removable by the user. If you do not see Profiles in System Preferences on macOS or a MDM profile in Settings > General > VPN & Device Management, then you are not managed by MDM. Period.

ClusterConifertree wrote:

Are companies able to communicate and see other devices on home networks?

Apps can request access to a local network yes, as many apps would be less useful without access to, for instance, printers or external displays.

Reviewing this thread, it’s not clear if there’s even provisioning happening here, past a stale certificate from what looks to be an MDM vendor, and a Microsoft Google account display from somewhere else, and an entirely benign and default Directory Utility display.

In other threads, there have been apparent cases of folks that have purchased pre-provisioned iPhone, iPad, Mac equipment (whether that was from a fraudulent sale or from an improperly-decommissioned device?), and there are certainly ways to get provisioning profiles loaded, and not the least of which are some semi-common scams that claim the target user needs to also accept and have the profile loaded for using some app.

If there’s been a breach sufficient to load a management profile, then the usual response is to wipe and reload with current versions and to change all passwords to new and unique values, migrating only documents and preferences and not apps, and related security- and privacy-focused steps. Loading a rogue profile is not a “hey, cute” breach, it’s a security-catastrophic breach.

Neither macOS, nor iOS, nor iPadOS are invulnerable to breaches and exploits, though breaches of current versions without user involvement—phishing scams, shoulder surfing, gaslighting, etc—are fairly rare. If you’re a higher-profile target of some organization with a whole lot of money, sure, but securing against that is also a whole ‘nother discussion. And those more expensive exploits don’t typically use profiles, from what little has been seen. Profiles… are usually either sketchy equipment purchases, or decommissioning mistakes by the seller or a previous employer, or jailbreaks or phishing, or are otherwise and regrettably loaded by user.

As for these threads… Posting normal, benign, default displays from, for instance, Directory Utility, is counterproductive for claims of breaches. Same holds for posting great swaths of log file chatter, as has happened in other threads around here.

Posting normal log chatter or normal displays and “am I breached?” is sufficiently open-ended to be unanswerable, to be blunt. Not past a generic “probably not”. Proving a negative is… difficult.

If you’re interested in learning more about the operations and internals, the new OS X Internals book (search for “newosxbook”) is a good start. For security, that’s a bit tougher when starting out, but detection is also heavily dependent on knowing what is and is not “normal”, as well as knowing which sorts of breaches are more common, and those that are less common.

I cannot see or manage devices that are not enrolled in management if they are not on my network. I cannot manage devices that are not enrolled in management, but I can see them if they are on my network. In theory, a company could harvest traffic, but I can tell you that 1) we don’t have time to do it, and 2) we don’t care to do it unless we have to do so for legal reasons, at which point, you would be informed as well because legal reasons. Now, there are some nefarious orgs out there using MDM profiles that they trick users into installing in order to harvest data through a VPN, but again, that must be approved by the user (even if it is a trick), and it can always be removed by the user.

Yea my MacBook was brand new. I am pretty aware of phishing as well. I think like you stated it was a fake certificate which authorized. I noticed my personal email was linked to company zoom, teams etc. not sure how that was done. Crazy when I did a complete wipe I started getting weird messages to connect to my phone to bluetooth. In addition to browsing my work computer I found some of the same programs that were on my personal laptop and someone was recording my google session.