Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340

Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d

Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac

I just tried it on my test MacBook Pro, and the enrolment message popped up. ### 🚀 Bypassing MDM/DEP Enrollment on macOS Tahoe (Apple Silicon)

This guide provides a technical walkthrough for removing persistent "Remote Management" or "Device Enrollment" notifications on a MacBook Pro with Apple Silicon (M1/M2/M3) running macOS Tahoe.

Warning

This process requires disabling System Integrity Protection (SIP). Proceed with caution as this reduces certain system security layers to allow for the modification of enrollment records.

---

1. Enter Recovery Mode & Disable SIP

On Apple Silicon, the standard keyboard shortcuts have changed.

1. Shut down the Mac completely.
2. Press and hold the Power Button (Touch ID) until "Loading startup options" appears.
3. Select Options > Continue.
4. Navigate to Utilities > Terminal in the top menu bar.
5. Execute the following command:

   csrutil disable

6. Type y, then enter your admin password.
7. Restart the Mac.

---

2. Wipe Local Enrollment Records (Recovery Terminal)

To ensure the OS doesn't "remember" its corporate status, you must gut the local configuration directory. It is most effective to do this while still in Recovery Mode Terminal.

1. Identify your main drive name (usually Macintosh HD):

   ls /Volumes

2. Navigate to the configuration directory and wipe it:

   cd "/Volumes/Macintosh HD/var/db/ConfigurationProfiles/"
   rm -rf *

3. Create "Bypass Flags" to trick the Setup Assistant:

   mkdir -p Settings
   touch Settings/.cloudConfigHasBeenApplied
   touch Settings/.cloudConfigRecordFound

4. Restart the Mac and log in to the desktop.

---

3. Block Apple Enrollment Servers (Network Muzzle)

Even with local files deleted, macOS Tahoe will attempt to "phone home" to Apple’s servers. Editing the hosts file redirects these requests to a dead end.

1. Open Terminal on your desktop.
2. Open the hosts file for editing:

   sudo nano /etc/hosts

3. Append the following lines to the bottom of the file:

   0.0.0.0 iprofiles.apple.com
   0.0.0.0 mdmenrollment.apple.com
   0.0.0.0 deviceenrollment.apple.com
   0.0.0.0 gdmf.apple.com
   0.0.0.0 acmdm.apple.com
   0.0.0.0 albert.apple.com
   

4. Save and exit (Ctrl+O, Enter, Ctrl+X).

---

4. Disable the Enrollment Daemon

Stop the background service responsible for triggering the "Device Enrollment" pop-up.

sudo launchctl disable system/com.apple.ManagedClient.enroll

---

5. Verification

To confirm the Mac is no longer communicating with the enrollment servers, run:

profiles status -type enrollment

Success Criteria:

• Enrolled via DEP: No
• MDM enrollment: No

---

📝 Important Notes

• Updates: Major macOS Tahoe updates may reset the /etc/hosts file. If the pop-up returns, simply re-add the domains listed in Step 3.
• Factory Resets: Performing "Erase All Content and Settings" will restore the enrollment status. You will need to repeat this guide if the machine is wiped.
• SIP Status: If you choose to keep SIP disabled, your core system files remain modifiable. To re-enable security, return to Recovery Mode and run csrutil enable.

I just tried it on my test MacBook Pro, and the enrolment message popped up.

Can you still use the device if you get the enrol message?

Works fine without any problem , you may need to install old macos then do the process i also prefer to do mount -uw / to remov ethe read only on hosts file

anybody knows if i can update to Tahoe? im on 15.2 or something

anyone able to upgrade to Macos Tahoe from the AppStore?

Waiting for the same question as well.

one of us has to be brave and do this. for research lol

I just tried it on my test MacBook Pro, and the enrolment message popped up.

do you meen that you upgraded to tahoe and got the mdm dep profile message? or were you safely able to upgrade?

I have a Macbookpro 2023 M2 Chip

I installed MacOS Sequoia.

Hello I used this script by https://github.com/eudy97/MDM-bypass

4 months ago and bypassed the mdm perfectly but, now I want to do it again but getting this Not a known DirStatus please help.

I have a Macbookpro 2023 M2 Chip

I installed MacOS Sequoia.

Hello I used this script by https://github.com/eudy97/MDM-bypass

4 months ago and bypassed the mdm perfectly but, now I want to do it again but getting this Not a known DirStatus please help.

i think you have to go back to the version OS that the script supports. you cant do it with another version. other people say they have needed to downgrade (install and older version of mac os, the one the script supports) and run it then upgrade again.

How do I go back? I download it on a usb flash drive from a computer and then plug it in and download it?

Thanks so much for your feedback by the way : )

So has anyone successfully moved to macOS 26 with the dep still being bypassed? It’s crazy how easy it is to block dep and profile install on an iPad, but the Mac is so much more complicated.

How do I go back? I download it on a usb flash drive from a computer and then plug it in and download it?

Thanks so much for your feedback by the way : )

follow the instructions on here at the top. you'll need a second mac. there are a few other gists that explain how to do it just google dep disable m1 macbook pro and follow the gists. you need a second mac, restor the otherone or something to an older version then follow the steps to run the script or type ocmmands in yourself.

Anyone knows a good place to buy MBPs with these blocks? All I can think is local Surplus

Anyone know if once you've been able to bypass MDM whether or not you can restore to factory settings and then trade the device in?

Has anyone found a way around this: https://www.kevinmcox.com/2025/01/prevent-users-from-skipping-automated-device-enrollment-in-macos-ventura-and-later/

Seems like clearing NVRAM with nvram -c doesn't actually clear everything. The moment your Mac goes online it gets 'infected' forever. There must be something that can be done?

So previously I was able to download the latest OS in the Mac App Store to update, then follow the regular directions to upgrade it. I'm currently on Sequoia and want to go to Tahoe. I noticed that Tahoe isn't in the App Store and Software Update doesn't work because everything is blocked in the hosts file. So on one of Apple's sites it says to use Terminal, but even that doesn't work I'm assuming because it's blocked in the hosts file. So, the question is, how do you update from Sequoia to Tahoe? Can I remove one of the things from the hosts file to get the update then put it back? I've held off a while, and now that I'm ready to do it, it seems they've made it even more complicated. Any assistance to figure out how to download the update would be helpful. Thanks all!

So previously I was able to download the latest OS in the Mac App Store to update, then follow the regular directions to upgrade it. I'm currently on Sequoia and want to go to Tahoe. I noticed that Tahoe isn't in the App Store and Software Update doesn't work because everything is blocked in the hosts file. So on one of Apple's sites it says to use Terminal, but even that doesn't work I'm assuming because it's blocked in the hosts file. So, the question is, how do you update from Sequoia to Tahoe? Can I remove one of the things from the hosts file to get the update then put it back? I've held off a while, and now that I'm ready to do it, it seems they've made it even more complicated. Any assistance to figure out how to download the update would be helpful. Thanks all!

Hi,

Updated mine but had to temporarily # out the host file entry #0.0.0.0 gdmf.apple.com
save the file, keep terminal open.
Go to software updates, download and install update, but just before it restarts, I remove the # and save the host file then block internet access to my MACID in my router.
Restart, it will install and should allow you back in no issues.

this is my path but it might be different for others, so I can’t promise it works, I’ve done the last 3 major OS jumps and it’s worked.