The purpose of this article is to provide the steps on how to remove non-removable MDMs. Users may encounter this issue when devices are enrolled into an MDM via Apple Business Manager/Apple School Manager (ABM/ASM), and the enrollment profile is configured to be not removable.
Disabling SIP
- Put the Mac into Recovery Mode:
- On Macs with an Intel Chip:
- Shut down your Mac completely.
- Start up your Mac while holding down command+R until you see the startup screen.
- If you see a lock, enter the password for your Mac.
- If you have multiple volumes on your disk, select the volume you want to recover, then click Next.
- If requested, choose an administrator account, click Next, enter the password for the account, then click Continue.
- On Macs with Apple Silicon:
- Shut down your Mac completely.
- Press and hold the power button on your Mac until the system volume and the Options button appear.
- Click the Options button, then click Continue.
- If asked, select a volume to recover, then click Next.
- Select an administrator account, then click Next.
- Enter the password for the administrator account, then click Continue.
- On Macs with an Intel Chip:
- Go to the Utilities menu and open Terminal and type:
csrutil disable
This will disable SIP (System Integrity Protection). - Reboot into the OS.
Removing MDM profile and configurations
Open the integrated terminal and type sequencelly:
sudo su cd /var/db/ConfigurationProfiles rm -rf * mkdir Settings touch Settings/.profilesAreInstalled
Reenabling SIP
- Boot the Mac into Recovery Mode (see above).
- Go to the Utilities menu, open Terminal and type:
csrutil enable
This will re-enable SIP. - Reboot into macOS.
