macOS: API/tool for determining MDM enrollment status

Originator:gregneagle
Number:rdar://35442399 Date Originated:11/9/2017
Status: Resolved:
Product:macOS Product Version:
Classification: Reproducible:
 
In 10.13. Apple is introducing the idea of User Accepted MDM (UAMDM) enrollment.  Certain management functions can only be performed via a User Accepted MDM, and the management functions that require UAMDM is expected to grow over time.

Large organizations need a tool or API to determine if the machines they manage are enrolled in a User Approved MDM so they can take corrective follow-up action if they are not.

This tool should accurately report the current effective MDM enrollment state:

1) Not enrolled in MDM
2) MDM enrolled, but not User Approved
3) User Approved MDM enrolled.

This last state should also be reported if a machine was enrolled in MDM before it was upgraded to 10.13.2 -- since Apple has indicated that such machines will be "grandfathered" in as UAMDM enrolled.

Comments

clburlison

Resolved with 10.13.4b2 17E150f

More info http://www.openradar.me/35442079

By clburlison at Feb. 7, 2018, 7:46 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!