Hi all, I am not extremely well versed in the Apple ecosystem, but recently I was able to acquire a 2018 MacBook Pro from my company’s surplus and wanted to play around with it. However, when I go to do a recovery on it, it forces me to connect to the company’s device management and installs a bunch of junk I don’t want. I spoke to our IT, and they said they won’t remove it from the device management pool until it is out of their warranty period which evidently is still a year or so.
My question is, if I were to be able to install from USB instead of from the internet, would it allow me to bypass the device management, or will it still prompt once I’ve got everything installed and connected?
If I CAN install from USB, how would I go about getting a Ventura install image without another Mac to download from? I currently only have Windows systems otherwise.
Essentially I am trying to see if it is possible to use it without the device management stuff, because if not I am just going to return it to our surplus.
Thanks!
Installing from USB is trivial. Apple provides a bunch of reliable tools to do that. It’s rarely done, because USB install is pretty slow compared to other install options, but the option is there. Essentially the regular MacOS installer from Apple comes with a bundled script to create a USB install disk.
Bypassing MDM, however, is another matter entirely.
MDM is a firmware feature, not a software feature, and exactly how it works has changed significantly in the last several years. Honestly I don’t remember how it works on the 2018 model years - but I would expect it’s either impossible to bypass or there are going to be very strict restrictions.
You’re probably better off just accepting whatever “junk” they install. Or alternatively, offer to buy it off them. If it’s surplus, then surely they’re willing to sell it cheap? I doubt they’re going to find anyone else willing to buy it. Once you own it, you won’t have to deal with the MDM at all.
Sadly they only have two things they do with surplus here, either let you take it for free (but still keep track of it in inventory and you have to return it if you ever leave the company), or send them out for destruction. They don’t sell anything as far as I know.
I plan on trying a few more things but I have a feeling in the end it’s just not going to be useful and I’ll end up taking it back to surplus. Maybe I can find an older model that is usable that does not have the MDM.
If it’s running macOS Ventura and was previously enrolled into their MDM, every time you install the operating system (OSX Ventura), you will be prompted to connect to the internet which evidently means it will be enrolled into their MDM once again.
You can burn a MacOS Monterey image to a thumb drive, install it on the Mac, and when it asks you to select a network, you skip it, which bypasses the enrollment into the company’s MDM.
Burning MacOS on a thumb drive from Windows: Since Windows doesn’t have native APFS support, I assume you will need to first set up a MacOS virtual machine (others feel free to correct me, I never had done this due to access to a plethora of Macs I have) , passthrough a USB thumb drive to it, burn MacOS Monterey to it from within the virtual machine and then use it on your 2018 MBP.
This will require some trickery, and the solution itself is a bit hacky, but it’s managable.
Yes, it is possible, but it requires that you use a Monterey (or earlier) USB installer. A Ventura USB install won’t work; Apple explicitly “fixed” this workaround in Ventura.
Follow the instructions here: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd
Essentially, what you’re doing here is blocking the machine from ever connecting to the Apple MDM servers. Once you’ve completed the Monterey installation it is safe to upgrade to Ventura.
Like some have pointed out there are ways to circumvent this, but it doesn’t make for a great experience, might cause issues down the line in particular with updates and there’s no guarantee it’ll keep working.
If you’ve purchased this form your company’s surplus and they refuse to unenroll from MDM I’d just give it back and ask for my money back, it’s not worth the hassle and the warranty is a nonsense reason since they can take the MBP off of their warranty service plan.
No, this won’t work. It’s based on the computer’s serial and the device management profile will be pushed out any time you go online. You’ll have to wait for IT to remove it.
The above assumes you want to use Mac OS. You could likely install Linux or Windows and use it just fine.
Not really, in OSX earlier than Ventura, when it prompts to select network you can skip it and then once you’re inside the host block Apple’s ABM in /etc/hosts
You CAN install OS X from a USB but I am not sure if it would bypass that restriction. When I restored my 2013 Mac, I had to install OS X Lion and keep updating it from there, but they may have fixed that issue