GoKawiilApple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Apple Business Manager (and Apple School Manager) is foundational to the modern Apple IT management experience. With that said, if a Mac isn’t in it, device management is a different ballgame. You might have a fleet of Macs that were purchased through a consumer channel or inherited from a company merger. If you want them in Apple Business Manager so you can use Automated Device Enrollment, you will generally need to wipe the device. What if you don’t want to? That’s where add2abm comes into play.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
What about Apple Configurator?
If you use Apple Configurator to add a Mac to your organization, you are traditionally forced to erase the entire machine. This is a non-starter for a device that is already in an employee’s hands. It requires a full backup, a complete wipe of the device, and a long morning of restoring data. add2abm is a potential solution for you.
It allows you to re-trigger the Setup Assistant on a Mac that is already configured without wiping any of the data on the hard drive. It works by temporarily removing the Apple setup flag and moving local user records so the system thinks it is brand new.
This is a major unlock for IT administrators who need to enable Automated Device Enrollment on hardware already in use by an employee. The entire process is fully reversible. You run the script to hide the users, add the Mac to your server using your iPhone, and then run the script again to put everything back exactly where it belongs.
How it works
The workflow requires physical access to the device and access to macOS Recovery, but here are the steps:
Shut down the Mac Hold Touch ID/power button to boot into macOS Recovery Authenticate as volume owner Connect to the internet Open Utilities Open Terminal Execute the script to back up user records and reboot Unlock the disk upon boot, if encrypted Proceed in the Setup Assistant to the Country & Region step Bring the iPhone running Apple Configurator in close proximity to the Mac Add the computer to the MDM server of choice in ABM/ASM Shut down Mac on success Hold Touch ID/power button to boot into Options (macOS Recovery) once again Authenticate as volume owner Connect to network (if not connected) Open Utilities → Terminal (or use ⌘⇧T) Execute the script again to restore user records from backup and reboot Unlock disk upon boot, if encrypted Agree to macOS Terms and Conditions Log in to the local user account Run sudo profiles renew -type enrollment (local admin account context required) in Terminal to force Automated Device Enrollment workflow from your MDM
... continue reading