Enrolling a U-M device in Apple's Mobile Device Management (MDM) profile

Tags mac Solution

Apple updated their security requirements for computers and mobile devices managed by organizations. Under the new security requirements, devices running macOS 10.13.3 or higher need to be enrolled in a Mobile Device Management (MDM).

Symptoms

A pop-up notification prompting you to allow your device to enroll in the U-M Device enrollment after logging into the device.

Environment

Devices running macOS 10.13.3 or higher

Resolution

Starting Tuesday, November 13th, 2018, when you log into a U-M Mac, you may be prompted to enroll your device in the university’s Mobile Device Management (MDM) profile. All older machines will be phased into this process.

Apple’s newer versions of macOS requires devices to be enrolled in MDM in order to be managed by LSA TS. MDM enrollment enables LSA TS to deploy university software to Macs and ensure compatibility with other U-M systems.

If and when you receive the prompt (as shown in the screenshot) please approve the MDM Profile by performing the following steps:

  1. Click, "Open System Preferences" on the prompt.
  2. In the menu on the left, scroll to select MDM Profile.
  3. Click "Approve."
 
 Note
Approval will only work with a connected mouse, keyboard, or trackpad. If you are using a Bluetooth peripherals or a dock, you might have to use a plugged in mouse or if it's a laptop, the built-in trackpad.

You will receive reminder prompts until you accept enrollment. Only one user per a device needs to accept the prompt for the device to be enrolled — it's a one-time enrollment. There's no further action necessary after clicking Accept and there will be no changes in how the computer operates.

Troubleshooting

"Profiles that were installed without user consent must be approved manually using the computer’s connected mouse, keyboard or trackpad."

First, try using the built-in trackpad on the laptop or if it's an iMac, connecting your mouse by the USB cable. If this doesn't work, please try the steps below.

  1. Shut down the computer.
  2. Hold the Shift button and turn on the computer. This will boot the computer into Safe Mode.
  3. Sign into the computer as normal and you should receive the MDM notification.
  4. Follow the previous section above's steps to approve the enrollment.
  5. Shut down the computer and start it back up normally. You're all set!

Additional notes

MDM enrollment will be required to receive macOS Mojave when it is released as an optional upgrade in Managed Software Center.

All new iMacs and MacBooks are automatically enrolled into the MDM.

Details

Article ID: 1515
Created
Tue 5/26/20 6:05 PM
Modified
Wed 9/9/20 7:20 AM