How to Detect MDM presence in my Mac.
I want to detect the Presence of MDM in my MAC.
But the conditions are:-
1. The device is in recovery mode.
2. OS is completely removed.
You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
I want to detect the Presence of MDM in my MAC.
But the conditions are:-
1. The device is in recovery mode.
2. OS is completely removed.
That is because those Macs call home through the system firmware. You have confirmed your Mac is being managed by an MDM. There is absolutely nothing you can do about it unless the company managing this Mac removes it from their MDM. This is one of the big dangers of buying used Macs these days, although it can also occur if you purchased the Mac through your school or employer since devices purchased by a school or business are usually automatically enrolled into an MDM these days. If you purchased a personal Mac through your school or employer, then ask them to remove it from their MDM, otherwise there is nothing you can do about it.
That is because those Macs call home through the system firmware. You have confirmed your Mac is being managed by an MDM. There is absolutely nothing you can do about it unless the company managing this Mac removes it from their MDM. This is one of the big dangers of buying used Macs these days, although it can also occur if you purchased the Mac through your school or employer since devices purchased by a school or business are usually automatically enrolled into an MDM these days. If you purchased a personal Mac through your school or employer, then ask them to remove it from their MDM, otherwise there is nothing you can do about it.
A completely accurate technical explanation would require objecting to the concept of an MDM "presence" on the Mac, or any other remotely managed device for that matter. Device enrollment exists elsewhere, so it's not helpful or correct to think of it as something that can be determined absent an operating system.
HWTech's explanation is correct. Without any operating system to complete a communications framework for that MDM enrollment, you're out of luck.
To cite an example, there are extremely rare cases in which a brand new Mac purchased directly from Apple was found to have been enrolled in MDM. Presumably, this occurred as a result of some regrettable error on the part of an MDM Administrator. "Extremely rare" means I know of only one such case. That Mac had to be returned to Apple.
I'm not aware of any method, but I also have never researched it.
Have you checked out Apple's MDM documentation?
https://it-training.apple.com/tutorials/deployment/dm005/
Intro to mobile device management profiles - Apple Support
This particular Apple MDM training article only mentions what we have already told you:
https://it-training.apple.com/tutorials/support/sup530/
Keep in mind that the macOS installer is a very limited environment that is missing many basic commands & utilities so it is doubtful you would be able to discern too many details anyway.
Since no one else has chimed in here besides the three of us and your thread has been viewed almost 200 times, it would tend to imply no one has any better answers. That means you will need to perform your own analysis to determine if the macOS installer environment has any method of detecting whether that Mac is being managed or you may need to use @varjak paw's suggestion of using a network sniffer to see if it will show any signs of the device being managed.
Keep in mind you already noticed that you are notified of the MDM presence only after you are running Setup Assistant for the first time after installing macOS. Also keep in mind devices can be configured a many different ways....some MDMs may have a very strict lockdown policy while another may be more of a "suggestion". So this could potentially play a role in any information you may notice when trying to detect a presence of an MDM. Sometimes you must be the first one to do all the heavy lifting which means scouring the Internet for little bread crumbs & trying to analyze a Mac controlled by an MDM. Apple is not one to provide much in the way of low level details...people must analyze the little tidbits provided. I think the only people who would want this information are ones who are acquiring used Macs. People/organizations who are using MDMs already can identify which Macs are enrolled in their MDMs.
But if i reinstall OS, MDM automatically enroll again in the device, so it means there is a connection somewhere? so i only want to detect that. Is there any commands or APIs that would help to detect MDM presence (although 99% of commands won't work in recovery mode when OS is removed).
Thanks for your response , But i am doing research work on topic "Detecting MDM presence in mac, which is in Recovery mode with absolute no OS present" so i don't want to remove mdm from mac , i only have to find a way to confirm its presence in my device that's all.
It's going to be difficult to know for sure - though if you see it automatically enrolling that would seem to be proof to me - since there are a number of MDM solutions and they may differ in how the device is set up and/or due to the version of macOS. But when macOS is installed and operational you can look in System Settings -> General -> Device Management. If you see a profile there, then it's confirmed, and it would give you a clue as to what MDM is in use. Not setting a profile there will not, however, be proof that your device is not managed.
Absent a network sniffer, I don't know of any way to confirm that an MDM installation is being attempted when the device is in Recovery Mode or in the process of installing macOS.
Regards.
Thanks for your response.
Automatic enrolling happens when i start the process of reinstalling OS. But in my research work i have to find a way to detect the presence of MDM in recovery mode itself because of this i can't go outside of recovery mode and start the process of reinstallation of OS. Although in recovery mode in terminal we can enter commands and APIs that could help to detect MDM traces in the device (but obviously i have to find that command or APIs).
If the Mac's drive was completely erased, then any MDM profile would have been removed.
Regards.
So, there is no way possible to detect MDM presence in mac without OS ?
Thanku for your time and Guidance. I felt really Greatful that u guys helped me. Now, i will continue my research and see where it ends.
How to Detect MDM presence in my Mac.