/
What should I do if my Mac is displaying a Device Management/MDM notice?

What should I do if my Mac is displaying a Device Management/MDM notice?

What is the "Device Management/MDM wants to make changes" prompt?

This prompt, often showing a padlock icon, appears on your Mac computer when an administrative change is being initiated by Device Management or Mobile Device Management (MDM) software.

  • MDM (Mobile Device Management) is the system used by DoIT (Department of Information Technology) to securely configure, manage, and update your work computer according to organizational policies.

  • The prompt is asking you to authenticate that this change is allowed by entering your user password. This is a security measure to confirm that only authorized users can permit MDM to modify the system.

Is this an allowed and normal configuration?

Yes, this is a normal and allowed configuration.

When an MDM system needs to install software, apply certain security settings, or perform system updates, it often requires administrator-level access on the local machine. By default, MDM is configured to require the user's password for this level of access to ensure a highly secure, user-approved management process.

It does not mean your device is compromised or that something is wrong; it means MDM is doing its job and is asking you to confirm its actions.

How can I make this password prompt stop appearing (automate the authorization)?

If you find this password prompt disruptive, DoIT can help automate the authorization for many MDM actions. This process allows MDM to make authorized changes without requiring your password every time.

This automation is achieved by changing the system's management status from "User Approved" to "Automated Device Enrollment" (or a similar fully managed state), which grants the MDM solution the necessary privileges to manage the machine silently.

However, this process requires wiping the computer's hard drive and reinstalling the operating system.

What is the full process for automating MDM authorization?

To convert your computer to a fully automated MDM state and eliminate these repetitive password prompts, follow these steps:

  1. Back Up All Local Files: This is the most critical step. Since the computer's hard drive will be erased, you must back up all documents, photos, and any other files stored locally on your machine. Use DoIT-approved backup methods (e.g., cloud storage, external drives).

  2. Contact DoIT Support: Inform the DoIT Help Desk that you wish to have your machine re-enrolled in Automated Device Enrollment to remove the frequent MDM password prompts.

  3. DoIT Re-Enrollment: DoIT will guide you through or perform the steps to:

    • Wipe the computer's hard drive.

    • Reinstall the macOS operating system.

    • Re-enroll the device in MDM using the fully Automated Device Enrollment method.

  4. Restore Your Files: Once the re-enrollment is complete, you will restore your backed-up files to the newly configured computer.

⚠️ DoIT cannot be responsible for lost files if you do not perform a proper backup before the enrollment process. Please ensure your files are backed up before initiating this process.

Request Help | Correct or Suggest an Article