- Jamf Nation Community
- Products
- Jamf Pro
- Personal mac enroll
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Personal mac enroll
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thursday
Hi, our company has canceled the BYOD option. I have my own mac and two options. Enroll your mac or start working on a company laptop with windows. Honestly, I'd rather stay on a mac, but I'm afraid that if the company blocked my laptop via jamf, I wouldn't be able to use it for my private purposes.
I can think of a solution:
Bual boot, when I would have 2 systems on the mac (both under the same apple ID), but I would only enroll one, so in case of potential blocking, I could still use the mac on the other system.
Does anyone have any experience with this?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thursday
If your company canceled BYOD, then you cannot enroll your personal mac as that is literally BYOD. Sounds like you may not understand the communication correctly as it does not sound like you have the two options you think you have. It sounds like you move to a Windows device, or you resign.
As far as being someone who is experienced in managing Macs. I would under no conditions ever enroll my personal Mac into MDM. Apple does not have the same farmwork build into macOS that is has in iOS for keeping your personal data safe from the MDM on a BYOD. Never do work on your personal computer, period.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
Are they managing their Windows devices in Intune? It might be they just want to cut costs(at the wrong places) cutting Jamf out of the picture.
MAM enrollment using Company Portal might be an option, if allowed. If not, fully enrolling your personal device in a company owned Apple Business Manager and MDM is risky at best. If they 'forget' to release when/if you leave, the device is managed even after a reinstall. I would not do this in a US company setting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
I was thinking they may also lack the experience to properly manage and support Macs. Could also be a security gap that they don't have the manpower, skill set, or tools to cover. Some organizations just don't feel it's worth it to deal with macOS in their environment, it's better to not do it at all then to do it wrong.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
Thank you all for your reply! I got it that enrollment is ricky.
In my company we still can use our own devices, but in that case we have to enroll it because there will be SSO to all applications we are using. This happened after US corporation bought our company.
Correct me if I'm wrong, but when I have all my personal stuff saved on iCloud, they can not access it, so I think this will be safe. The problem could become when they block my laptop, so I can not use it.
I'm really used to use mac, and I'm more effective on it more than using windows.
I'm thinking to create two partitions on my Mac and install two macOS. First I will use for my personal work and the other I can enroll. In case my company block my account, I will be able to use other partition with other macOS. But the question is, if it is safe to use my own Apple ID for enrolled macOS?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
Anything in iCloud would not be visible to them, but iCloud syncs back locally to your Mac and any files synced WILL be visible to them.
If they disabled (manual) Device Enrollment, it does not matter how many VM's or separate partitions you make, you cannot manually enroll a device. It is just a checkbox they uncheck. If they are using Automated Device Enrollment (which they should be using), that goes off of the serial number of the device and if that serial number is registered in Apple Business Manager for that organization. This enrolls the device as macOS activates and would check later with DDM to force an enrollment and would auto enroll any partition you have on the device.
Not to sell short the value of user preference, but Windows is a far more efficient operating system than macOS in the enterprise space.
To me, your choice is pretty clear. Move to using Windows or find a new job. If you managed to "force" enroll your device, you will very likely be fired when its discovered. My org would likely look press charges on you in addition to firing you. Play with fire and get burned.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday - last edited Friday
Unless they offer user enrollment of some kind, two partitions will not work. Once you boot the other partition the first time, it will enroll that side too. Device enrollment using ADE is based off the serial number, and with the introduction of Apple silicone, is 'not that easy to spoof or hide'/ near impossible to hide from enrollment.
