0

I’m new to working with Macbooks and need to quickly provision one for a contractor. I need to setup MDM (something like Jamf or Mosyle) on the device. But I don’t have an Apple Business Manager account and won’t be getting one (it’s just one laptop I’m provisioning).

From my reading, it seems like the way to do MDM without ABM on a Macbook is as follows:

  1. Create an admin account on the Macbook
  2. Add the MDM to the Macbook using the admin account
  3. Setup the user as a standard user account and manage it with the MDM
  4. Never give the user the login for the admin account

Am I correct that this is the best way to add and enforce MDM on the device without an ABM account?

My understanding is that this method still allows the user to perform a full reset of the device and then do what they want with it. But if they don’t reset the device, is their ability to circumvent the MDM blocked?

Any pointers for this situation would be greatly appreciated.

Improve this question

1 Answer 1

Reset to default
0

It’s simpler than you describe:

  1. Set up your MDM.
  2. Create an enrollment profile from the MDM.
  3. Enroll your Mac using any admin account. 1

1 You can mail the enrollment profile, download it from the MDM, host it on any web server, host it from the MDM, really doesn’t matter how the small file gets to your Mac.

MDM is not activation lock or firmware password. You can layer those on or not as you please. Some MDM allow you to automate both of these and audit for compliance when the device checks in and does an inventory.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.