How can I get rid of unauthorized MDM connotations @Roikins

Apple did this by design. Errors happen, but it is incredibly rare. I manage thousands of devices and have for years (almost a decade actually), and I have never seen a device get mistakenly added to my environment. It's not possible to do remotely without the user's knowledge unless the device was enrolled by the reseller. For the reseller to be able to enroll a device, both the org and reseller exchange specific information that allows the information about devices to sync. A random reseller cannot add the device to a random org. If you do get tricked into manually enrolling your device, you can simply remove the profile. Apple has checks and balances both ways. If you bought a device used, you run the risk of getting a device that was stolen, not returned, lost, or improperly released by an org.

Your issues could be related to iCloud. They have nothing to do with MDM. If you think someone has access to your iCloud account, see this document on Safety Check, a new feature in iOS 16 that can allow you to help remove access to your account quickly: Stop sharing with people and apps with Safety Check on iPhone - Apple Support

You can also look into utilizing Lockdown Mode: Harden your iPhone from a cyberattack with Lockdown Mode - Apple Support

Only if they own the device or account. Source: Me. Someone who manages thousands of devices for a living. I cannot manage a device not owned by the org without physical possession. If the org owns the device, there is nothing the user can do to prevent me from managing it.

Barre2022 wrote:

any advice on this matter would be helpful. I’m in the same situation and do not know where to start.

Could you elaborate? Advice with what?

If you have an MDM profile loaded and cannot remove it, then you have a supervised device, and you will want to contact the owner of the device to relinquish the supervisory lock. The owner of a supervised device is not the user of the device.

If you have a managed device and no longer wish it to be managed, then delete the associated MDM profiles.

If you have indications of civil or criminal activity, contact a lawyer, or contact police.

If you believe you are being monitored, or are being tracked, and if you have had ongoing issues for many months or for years, and if you have already had multiple previous discussions with the Apple Support folks or with other knowledgeable security folks or with digital forensics specialists, conversations seeking to identify and resolve your reported issues, and have gone through (for instance) the Apple personal safety and privacy guide without meaningful results, then it is exceedingly unlikely that you will receive any new or different suggestions, or any sort of new path to resolution, here, today, if ever. Your issues are just beyond what assistance can be offered in a forum.

What your describing is not MDM, but rather Exchange security protocols which apply to all platforms. You'll need to talk to your IT department about that.

This is happening to me as well and it has been done remotely. I am not sure if it is thru hidden files on iCloud or what but I had a falling out with my brother where I worked in a family business for the last decade. My former employer (Dad and brother) have used some kind of software or inventory protection service, MDM etc and remotely infected all the devices in my household ( I have four daughters - 2 of them have MacBooks and all 6 of us have iPhones as well as an iMac 27" 2015. All of these devices have been basically hacked and I cannot restore them to a normal version of Monterey. One of the older Macbooks that I purchased and upgraded the Ssd drive has a version of BIG SUR and will not let me update to or install from usb drive to Monterey. I have spent the last 6 weeks researching and monitoring web activity. I purchased a new 13 pro max after I left the company and there are apps that are contacting malicious domains after deleting all files and settings several times I guess I am going to try a new Apple ID. This really sucks because I have had this for 15 ish years with over 45 thousand photos and videos. All of my email accounts were compromised (GMAIL) so I have moved to encrypted email hence the name change on my Apple ID. What the heck am I supposed to do? This should be illegal and I thought Apple was supposed to be secure. I am blown away and I have finally found someone with a similar story..,,,,,,,,,,,,,,,,,,

I cannot see or manage devices that are not enrolled in management if they are not on my network. I cannot manage devices that are not enrolled in management, but I can see them if they are on my network. In theory, a company could harvest traffic, but I can tell you that 1) we don’t have time to do it, and 2) we don’t care to do it unless we have to do so for legal reasons, at which point, you would be informed as well because legal reasons. Now, there are some nefarious orgs out there using MDM profiles that they trick users into installing in order to harvest data through a VPN, but again, that must be approved by the user (even if it is a trick), and it can always be removed by the user.

Trae3d wrote:

Same thing happened to me by a family member. I had a falling out with my brother and Dad. I was running a large department of a family business. All of my children had worked there at one time or another. They also used their own macbooks at work. What I didnt realize was we had given Drop Box full access to our drives. My Dad was upset and thought I was going to take his info on drop box and use it or something so he hired a firm out of india with access to Apple Servers and literally took over all of the devices in my home. I cant even wipe them and reinstall IOS due to the serial numbers being entered on some kind of device management system from Apple. I get a modified version of IOS with all kinds of crap on with stuff showing up having acccess to my drive like BT Server and shenkey etc etc. The only way I can use them is to download Little snitch and block all of the crap that tries to connect etc etc. which is a pain in the ***.

This is a civil or potentially a criminal matter, and not something that can be addressed through technical means.

Particularly not after what has already reportedly transpired.

Contact a lawyer.

This is also entirely unrelated to MDM and supervised devices.

The company in India does not have access to add devices that weren't purchased personally by you to Apple Business or School Manager. It's just not possible. There are tons of reasons why, starting with privacy. It would make my job easier if this was possible, but I also value user privacy, so I'm glad it's not possible.

Trae3d wrote:

I used Little Snitch and systematically blocked all the bull **** they system was set up to do in order to track and manage the device. It is tedious and took a few times but I did get a solid outcome after a few tries. This is the only way I could secure my devices and get them to work right.

That approach often leads to more issues, and more intractable issues when integrated components of macOS can no longer communicate, or when Little Snitch itself gets tangled. Little Snitch is a useful app for an experienced user with networking expertise and specific problems (usually) with specific questionable,apps, and it’s also a means to self-create subtle or obscure problems when disabling parts of macOS.

DistressedDame wrote:

Unfortunately this is the reaction I’ve gotten from people who could be in a position to help me, “It’s not possible”…

While you might not want anyone ”explaining for the 100th time how my phone performs”, consider that by your own description here, you’ve tried the same reporting techniques a hundred times.

Absent a change in your strategy and presentation and particularly absent collected forensic evidence, the 101st trip through this loop is unlikely to appreciably differ from previous loops.

And to be absolutely clear, yes, iPhone and iPad can be hacked. Whether yours has been hacked? Or your passwords compromised? Or gaslighting? Or whatever… That involves collecting and presenting evidence. Or the loop repeats.

Any issue that has been ongoing for a hundreds reports or stretching over years with multiple efforts toward remediation is exceedingly unlikely to be resolved here, now, if at all, ever.

mandell_liam wrote:

celliott147, Thank you for all of your insight as just rereading this thread in the last 4 min answered questions that Apple refused to answer over hours and hours of on phone support. I completely understand what you are saying, especially the 'if the org owns the device , there is nothing the user can do to prevent me from managing it', so , that being the case, How does one determine without a doubt IF their device is managed and by what org.

Unfortunately I believe you are saying that a device not managed that someone gets temporary access to, either physically OR virtually (vnc etc) can then be enrolled in ABM, making it 'owned' by the organization. How about if someone received the serial numbers of a number of purchased systems before they were ever set up? Let me guess, a device not enrolled yet is 'fair game' and the first one to do it , like you said, OWNS IT, forever.

Taking this to it's natural conclusion, and not that you would ever get involved in this, but considering what laws would be violated at that point, why on earth is Apple seemingly unwilling to produce information that would help literally everyone involved in something like this?

There’s no MDM shown here.

There’s no secret MDM.

If there’s no MDM here, then there’s nothing to be removed.

If you’re subject to malware of the sophistication and persistence that you’re claiming, nobody here can help you with that anyway. Not short of direct physical access and digital forensics, and nobody is going to do that work for free. Nor can anybody here reasonably help you with your whole approach to digital security, given the scale of the investments deployed by your claimed and unknown adversary here, whoever that adversary might be and for whatever they might want.

Which means you’re either wrong about all of this, or your value and your threats and the assistance you require here are so great that further discussions here are basically futile.

Only the organization managing your device can remove your profile.