MacOS Sonoma locked via remote management enroll on device given to me by previous company

Question

Level 1

0 points

MacOS Sonoma locked via remote management enroll on device given to me by previous company

Hello I was gifted my work computer as part of my severance package when I was layed off.

This is not a second hand or resold device.

I am on macOS Sonoma and had no issues for quite some time then was prompted to enroll in remote device management.

I thought this doesn’t apply to me as I am no longer an employee and also am the sole admin user on this machine (after the company had done work via remote management to wipe the machine clean and have it set up for me as a personal or non corporate owned / managed machine)

my concern is that I have pictures of my dog I would like to recover. Specifically my photos App Library that holds sentimental photos for me. Would I be able to work with the company IT to get this machine released from their network or so that I can back up the photos via a temporary user they can provide if needed to be wipe?

I have already emailed what I believe is their IT email and reached out to a colleague/peer that still works at the company so that I can go about resolving this without a wipe or clean install

Any insights are appreciated

MacBook Pro 15″, macOS 14.3

Posted on Mar 16, 2024 8:43 AM

Reply

Answer 1

Best reply

Strontium90

Level 5

4,893 points

Mar 16, 2024 9:32 AM in response to JLee23

You are experiencing retroactive MDM enforcement. This is a feature of Sonoma on supported hardware and is listed in this Apple Kbase article in the 14.0 section: "Automated Device Enrollment can be enforced after Setup Assistant."

What has happened is that the organization that you worked for did not decommission the device properly. The proper order of operations is to first release the asset from Apple Business/School Manager and then erase the device. If they unscoped it from a pre-stage then erased, or if they issued an unmanage command to the device from the MDM but did not release the asset, or if they unmanaged the asset and then released the asset from ABM/ASM but did not erase the unit, then the device will seek enrollment once on Sonoma via retroactive enrollment.

You will need to work with your prior employer to determine what state the unit is in within their infrastructure. Your best case is that the device has not been released from ABM/ASM, that it is still scoped to an MDM, and that you can simply allow the enrollment to complete. Then request an unmanage from their MDM followed by a release from ABM/ASM. This will allow you the opportunity to backup your device (since you will now be able to use it) and then erase it, allowing it to go through Setup Assistant and talk to Apple's Activation Servers. Yes, an erase is required. With the asset released from ABM/ASM, the erase will allow the unit to activate as a retail device and not seek enrollment in an MDM, not at time of setup or retroactively in the future.

And, while the intention is not to rub salt into your wound, this in the opportune retrospective time to point out that a reliable and validated backup is critical to any computer system. Yes, Apple devices are reliable, stable, and dependable. Humans are not.

Hope this is helpful. Good luck.

Reply

MacOS Sonoma locked via remote management enroll on device given to me by previous company

Similar questions