Add the option to `undo` or `renable` previous mdm secrets when MDM is turned OFF

[PezHub]

Problem

With the new APNs & ABM certificates workflow, users can now Turn OFF MDM from the UI which (soft) deletes all of their existing mdm secrets. An Admin may do this in error or simply want to revert back to the old config to avoid having to manually reenroll their hosts.

Potential solutions

It would be great to add an undo or renable option that would bring the old config back

This happened recently with our QA Wolf instance where they accidentally turned off MDM which then generated new certs and forced us to reenroll all of their hosts.

Scenario:

1. Turn on MDM in the UI
2. Turn on MDM on the hosts
3. Turn off MDM in the UI
4. Turn on MDM again in the UI

Note: this warning is in place when admins turn off MDM but mistakes still happen...

[noahtalerman]

Thanks for tracking this @PezHub!

This happened recently with our QA Wolf instance where they accidentally turned off MDM which then generated new certs and forced us to reenroll all of their hosts.

I'm glad someone ran into this scenario. Was the warning correct? Did QA wolf have to upload a new APNs certificate and turn MDM off and back on for all hosts? Did they have to do anything else?

If the warning isn't correct we should fix that quickly and separately from this feature request.

[PezHub]

Warning is correct, humans just have a tendency to ignore them even when warned in RED BOLD letters and asked to confirm action ;)

Correct, new certs were needed and MDM had to be turned back on for the hosts