Jamf Nation Community

@Snabi You bought a stolen computer. Ask for a refund.

@LAJAAMS2020 The instructions that CasperAdminNet referred to are not a "fix", just a work around. As well, they will no longer work moving forward in Big Sur and laster and the profiles command will not be able to perform the actions that they can today. In addition, the profiles command can only remove Profiles that are marked as removable -- however, most Automated Enrollment Profiles are not marked as removable (and cannot be on newer versions of macOS and iOS).

I would highly recommend reviewing my post in this thread for full details on the situation you're in, how things work, options available to you, etc.

@Snabi As Pat mentioned, that device was very likely stolen.

I saw a case where the device was misdelivered by FedEx and not discovered for weeks while it sat on the inventory shelf. FedEx replaced the device to the company they should have delivered the package.

I HAVE removed / unassigned my devices from our DEP system - and our users are STILL getting that pop-up with no way to remove it. I inherited the DEP system from an employee who is no longer at our organization. After a long, arduous process with Apple, I was able to get / reset the Apple ID associated with our account and unassigned all devices from our DEP - and our users are STILL getting the pop-up. Help! How do I remove the pop-up? I do not want to have to totally wipe the laptops and re-install in order for it to go away. Any thoughts / suggestions would be very, very appreciated! Thanks!

and unassigned all devices from our DEP

@PW7 I hope these devices are not still institutionally owned. If so, you've just crippled yourself when it comes to device management.

If you review my post above, I go into great detail on this. But, in short:

A device checks Apple's activation servers and caches whether it has a Device Enrollment configuration record. Once the device caches that information, it's cached locally on the internal disk. The device will always prompt with the ADE Nag notification (it does not check to see if it no longer has a Device Enrollment configuration record). The only way to resolve this is to delete the cached information. (Again this is all described in my earlier post with resolution instructions.)

@MLBZ521 can you please advise where exactly you entered this command:

rm /Volumes/Macintosh HD/var/db/ConfigurationProfiles/Settings/.cloudConfig*

I tried in the Recovery disk -> Utilities -> Terminal, however got back the "File not found..." message. I also tried without the "" sign and then again with replacing the "" with "/", same result. When I run the "ls" command in the same place, I don't see the Volumes directory. I am on MacOS Catalina.

@Acovid It is entered in to Terminal from within Recovery. I've only ever used it on Catalina to be honest, so I know it should work on that.

The spaces and forward/back slash are important. You can try to start typing the words and then pressing the TAB key to autocomplete the text. That has helped several end users get it typed correctly that are remote.

Are you saying, that executing ls /Volumes does not return any mounted volumes? Ensure that your disk is unlocked and mounted (see Disk Utility).

@MLBZ521 Thank you for in-depth post above, very helpful!

I won't go into my boring/long story but essentially I have a 3rd/4th-hand 2018 macbook pro (off of a third party seller) which has the 'Allow Device Enrolment?' pop up coming up and am currently unable to get hold of the original owner or FB (obviously).

The bit in your post where you say "For those that have legit purchases... Seeing this message/notification does not mean the device is enrolled and no, the organization cannot access your files/device."

From this pop up, would you agree that my device isn't actually enrolled with FB? I.e. am I at any risk of them being in a position to control/wipe my device? Or are there any long term implications/downsides of being in my current set-up? So far all I have noticed is the lack of access to 'Profiles' in system settings

If so then fine - the pop ups don't bother me too much and I can always try to follow your advice in removing them. I just obviously don't want to be in a position where I'm at risk of that happening.

Thanks so much for any insight you can offer and anyone else!

@emyj18 It's not enrolled until you click "allow" and the MDM profile installs. So no, they can't control or wipe.

While the correct fix it to get removed from DEP another thing you can do and this is only on the first boot after imaging. This is where DEP starts the process. You can bypass all the prompts by setting the mac up off network. This stops it from being able to check with apple and get directed to a MDM server.

As DEP is designed to run the first boot if there is a network it will keep looking for the MDM server as Apple told it to. However off network you will bypass this. After setup completes DEP will not run again. This will skip DEP setup. It will come back next time you get imaged.

What Pat said above.

@MikeF That's not completely true. A device can check-in to Apple's activation servers after device setup. We've had plenty of our devices do that because an end user went and purchased something themselves, didn't involve IT, set it up off network and then later get prompted to enroll. Then we get questions from their IT support going "How do we make this go away?" Answer: "Enroll it, that's how." :)

Hello all,

Thank you for all the information everyone shared. I purchased a 2017 MBP when I was in US and got this MDM pop-up for the last 3 years. Found some code on web to run in recovery to prevent pop-ups just like someone suggested above.

But with the macOS 11 Big Sur, I can't see updates. For ex; I'm on 11.3.1 now and don't see 11.4 in Software Update. I suppose this happens because Apple changed the way MDM devices handle updates. So Amazon handles when my Mac get macOS updates. Up until now I had to download the whole macOS setup from App Store (12 GB or so everytime!) even for minor updates.

So my question is; when I contact Amazon.com and ask them to remove this from DEP, if this is a stolen device and they figure it out (REALLY REALLY HOPE I DIDN'T GIVE HUNDREDS OF DOLLARS FOR A STOLEN DEVICE!!) will they be able to lock, wipe or do something to my Mac although it's not enrolled? I couldn't take this chance until now because there is no way I can afford to lose this Mac or buy another one anytime soon. If someone can tell me what can happen when I contact them, I'd really appreciate it. This was a big lesson to me to not to buy used electronic devices outside of my home country.

This was purchased through Amazon, or it’s in Amazon’s DEP account?

If it was purchased through Amazon, but via a third party seller, Amazon is not going to be able to remove it from DEP. It’s probably stolen in this case. Only the company that is on the enrollment can remove it. You should have returned it as soon as you saw the problem.

If it’s actually in Amazon’s DEP account, you’re going to have to try getting ahold of someone in their IT Dept, but it’s probably still stolen so they might not release it.

I am faceing same problem to remove Device enrollment from my MacBook device plz help me to remove it guys just gave me correct information to remove it ranjitranapal42@gmail.com

Just want to pop in here to see if anyone has insight. I’ve had my MacBook for 2 years I got from a swappa.com It was added cleanly to my iCloud account and apple sold me applecare+ for it. Last nov they replaced the logic board and factory fresh when I got it. I’m trying to wipe it to trade it in and I get this remote management thing from AVC auctions. I can log in and remove the profile but it’s weird after 2 years and many updates and at least 2 full reinstalls it’s never had this pop up before. Any ideas what happened?