The purpose of this article is to provide the steps on how to remove non-removable MDMs. Users may encounter this issue when devices are enrolled into an MDM via Apple Business Manager/Apple School Manager (ABM/ASM), and the enrollment profile is configured to be not removable.

Disabling SIP

  1. Put the Mac into Recovery Mode:
    1. On Macs with an Intel Chip:
      1. Shut down your Mac completely. 
      2. Start up your Mac while holding down command+R until you see the startup screen.
      3. If you see a lock, enter the password for your Mac.
      4. If you have multiple volumes on your disk, select the volume you want to recover, then click Next.
      5. If requested, choose an administrator account, click Next, enter the password for the account, then click Continue.
    2. On Macs with Apple Silicon:
      1. Shut down your Mac completely. 
      2. Press and hold the power button on your Mac until the system volume and the Options button appear.
      3. Click the Options button, then click Continue.
      4. If asked, select a volume to recover, then click Next.
      5. Select an administrator account, then click Next.
      6. Enter the password for the administrator account, then click Continue.
  2. Go to the Utilities menu and open Terminal and type:
    csrutil disable
    This will disable SIP (System Integrity Protection).
  3. Reboot into the OS.



Removing MDM profile and configurations 

Open the integrated terminal and type sequencelly:
sudo su
cd /var/db/ConfigurationProfiles
rm -rf *
mkdir Settings
touch Settings/.profilesAreInstalled

Reenabling SIP

  1. Boot the Mac into Recovery Mode (see above).
  2. Go to the Utilities menu, open Terminal and type:
    csrutil enable
    This will re-enable SIP.
  3. Reboot into macOS.