Skip to main content
Question

Unenroll Option Available for MDM Profile

  • April 28, 2025
  • 7 replies
  • 113 views
T
Forum|alt.badge.img+5

We’ve recently noticed that some new devices enrolled via Prestage are showing the unenrollment option in the MDM profile on Sequoia OS. I reached out to the Jamf Support team, but unfortunately, I didn’t receive a satisfactory response. They did share the article linked below, but I don’t believe this was the case previously.

In our environment, we add devices to ABM using Apple Configurator and then assign the server for Prestage enrollment. I’m looking for a better understanding of this issue from the group.

https://support.apple.com/en-gb/guide/apple-business-manager/axm200a54d59/web

 

    7 replies

    PaulHazelden
    Forum|alt.badge.img+12
    • PaulHazelden
    • Jamf Heroes
    • April 28, 2025

    Any device added to ABM/ASM via Configurator, will have the ability to Unenroll for 30 days after the device was added to ABM. After 30 days this feature will stop and the Unenroll will no longer be available.
    Devices added to ABM/ASM by a Vendor will not have this Feature, it is only devices added via Configurator.

    T
    Forum|alt.badge.img+5
    • tahir
    • Author
    • Contributor
    • April 28, 2025

    Any device added to ABM/ASM via Configurator, will have the ability to Unenroll for 30 days after the device was added to ABM. After 30 days this feature will stop and the Unenroll will no longer be available.
    Devices added to ABM/ASM by a Vendor will not have this Feature, it is only devices added via Configurator.


    I remember previously it was not like that as we uncheck this option in prestage enrollment "Allow MDM Profile Removal"

     

     

    PaulHazelden
    Forum|alt.badge.img+12
    • PaulHazelden
    • Jamf Heroes
    • April 28, 2025

    I remember previously it was not like that as we uncheck this option in prestage enrollment "Allow MDM Profile Removal"

     

     


    That will apply after the 30 day time limit for Configurator added devices, or straight away for Devices addes via prestage.
    The 30 day limit is a feature that is there by design from Apple, nothing we can do to change it.

    Every time I run into it, the device gets added and then gets dumped in a cupboard for 30 days before it goes out.

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • April 28, 2025

    When you manually add a device to ABM/ASM, users have a 30 day window to unenroll the device and that is how Apple presents it.

     

    To "fix" this have two options:

    • Hold on to your devices for 30 days after adding them to ABM/ASM before deploying them to wait out this window.
    • Start getting your devices from an authorized reseller and having them automatically added to ABM/ASM.

     

     

    The link you provided what is going on in the second paragraph.

     

    After you’ve set up the device or devices, they behave like any other device already in Apple Business Manager, with mandatory supervision and mobile device management (MDM) enrollment. The device can then be shut down and stored until needed or sent to the user. If the device is given to a user, they have a 30-day provisional period to release the device from Apple Business Manager, supervision, and MDM. This 30-day provisional period begins after the device is successfully assigned to and enrolled in:

    • A third-party MDM server linked to Apple Business Manager.


    mark260958
    Forum|alt.badge.img
    • mark260958
    • New Contributor
    • April 30, 2025

    Yeah, It feels good to go with opinion of AJPinto.

    howie_isaacks
    Forum|alt.badge.img+23
    • howie_isaacks
    • Esteemed Contributor
    • May 2, 2025

    When you manually add a device to ABM/ASM, users have a 30 day window to unenroll the device and that is how Apple presents it.

     

    To "fix" this have two options:

    • Hold on to your devices for 30 days after adding them to ABM/ASM before deploying them to wait out this window.
    • Start getting your devices from an authorized reseller and having them automatically added to ABM/ASM.

     

     

    The link you provided what is going on in the second paragraph.

     

    After you’ve set up the device or devices, they behave like any other device already in Apple Business Manager, with mandatory supervision and mobile device management (MDM) enrollment. The device can then be shut down and stored until needed or sent to the user. If the device is given to a user, they have a 30-day provisional period to release the device from Apple Business Manager, supervision, and MDM. This 30-day provisional period begins after the device is successfully assigned to and enrolled in:

    • A third-party MDM server linked to Apple Business Manager.



    I have added several Macs to ABM using Configurator and then enrolled them in Jamf Pro right after. I have never seen this option appear in Profiles/Device Management.

    sternen
    Forum|alt.badge.img+3
    • sternen
    • New Contributor
    • August 19, 2025

    I am seeing this on devices that we have owned for several years.  They came from Apple already enrolled into DEP.  Configurator has never touched these devices.

    Is this a new thing I missed?  I try to keep up with the release notes, but I may have missed something.

     

     

    Terms & ConditionsCookie settingsAccessibility statement