Jamf Nation Community

Since the Hackintosh breaks Apple's EULA, I would report this to your leadership and have them enforce this as a policy for all employees. I'd also suggest having regular hardware inventory audits so that this couldn't happen again. If that end-user has the means to create a Hackintosh, they are able to circumvent any policy you enforce to keep them compliant with your company's policies. This could put your organization in hot water when it comes to compliance, especially regarding software.

Check Section 2 part I --> Apple Software License Agreement

@Sims_ Agree, if it was done by an employee employed by the organization, I sick infosec on them.
This case was done by some random person in another country, outside the organization, that just happened to guess one of our Serial Numbers.

@jstillio Wow! Thats crazy. The only thing I can think to do if I were in your shoes would be to reach out to your Apple TAM and see if they can give some suggestions.

@jstile I'll suggest put some authentication on your PreStage enrollment with LDAP or Enrollment Customization (SSO) to further prevent those enrollments by any unknown users.

Sorry for the delay.

@txhaflaire - The ability to create a account was disabled from the setup wizard. The machine is renamed and bound to AD. However, did notice they installed an older 10.13 version of macOS.

Here some of the strategies we've implemented / used, appeared to dissuade them from using our SN.

Apple a crazy locked down profile, it was in Supervised state.
Created policies which deleted the initial software that pushed down to the mackintosh via jamf cloud bistro.

For detection, here's some things we used / implemented

Smart Groups that help us ID a potential mackintosh
- Lab Devices that are reporting "Last Reported IP (like) 192.168" - (We do have non-lab devices being used at home due to Covid)
- Any device showing GitHub Clover software App