kajteklau
commented
2 hours ago To add to mdm behavior (or lack there of) on non-enrolled devices, running sudo profiles show -type enrollment would yield "Client is not DEP enabled". While on enrolled devices, if bypassed correctly, should yield variations of "the device failed to request configuration from the cloud.".
Let me preface this by saying 1) as I'm typing this out, I'm still observing MDM fetching behavior using activity monitor and 2) the script doesn't work outright.
It seems like on macOS Sequoia 15.1, Apple either changed the file paths or the files are located at slightly different places between intel and apple silicon Macs (not too sure, just guessing for the reason behind the discrepancy): From line 60 - 62, the host file location should be at "/Volumes/{system volume name}/private/etc/hosts". From line 66 - 70, I changed the file path to "/Volumes/{data volume name}/private/var/db/ConfigurationProfiles/....".
User profile creation only works when I manually type in the commands. Scripting is not my field so I'm not sure why.
Booting into the system and search for "mdm" in Activity Monitor, "mdmclient" runs periodically before quitting itself with no apparent change or any signs of an mdm profile. This can also be observed on Macs that have never been enrolled in Apple MDM (it just happened as I was ready to submit this issue). Running
sudo profiles show -type enrollmentfrom user space yields "error fetching device enrollment configuration", this is expected behavior and it might be related to "mdmclient" quitting on its own as observed in Activity Monitor.