What is a Macbook MDM?
It’s basically a Macbook/iPad/iPhone, but with software to control the corporation (supported by Apple). MDM is a relatively broad concept, I only mentioned two main purposes, which are easiest to understand for ordinary users:
1. Remote Software Deployment. For example, a corporation in the US opened a branch in Singapore (50 employees). Instead of ordering 50 Macbooks to headquarters in the US, then sending 1-2 IT staff to bring those 50 machines to Singapore and then install them, they can directly order those 50 Macbooks in Singapore and have them shipped to Singapore. branch. IT staff in the US only need to add the serial number of 50 new machines to order into the MDM system (in fact, they can also order from the MDM system). In Singapore, ordinary employees turn on their computers, those 50 machines will automatically connect to Apple’s server for confirmation, then will be redirected to the corporation’s server to install the necessary software. This process takes place without the intervention of professional IT staff. That process saves a large amount of time and costs of travel, labor, etc. for the corporation.
2. Lock the device, erase data remotely: Due to different living conditions, Macbook is for Vietnamese people a significant asset, for foreign companies it is just a working tool. Therefore, when losing a computer, Vietnamese people tend to worry about the value of the Macbook itself, and companies worry about the data in that Macbook being leaked, leading to irreversible loss. Therefore, MDM was born to remotely lock and erase data. Even erasures are unrecoverable by even the most professional recovery companies.
Is the Macbook MDM a steal?
YES, up to 99% of MDM machines are stolen, because of this delicate issue, I was going to write this article a few years ago but still hesitated. The MDM machine is not meant to be re-sell, so it can only be obtained from the following sources:
- Stolen goods.
- Goods that are smuggled out by employees of the company for sale (personally or through a management loophole) without the company’s permission (still essentially stolen goods).
There is another explanation that MDM goods are goods that the company liquidates in batches when the project is over…. such as Google, Facebook, Amazon, Uber… This explanation is very popular and accepted by ordinary users because it sounds very comfortable. But in reality It’s not happened, let’s not say it’s a big company that respects security like Google, Facebook, Amazon…, if you’ve ever worked in IT for a medium-sized company, you understand that liquidating assets is not so easy, especially when it comes to safety information. In order to liquidate an IT asset, there is a clear process, which must be confirmed by many parties (end users, IT, accountants, managers…). In which, the confirmation of removing confidential information from the IT department is indispensable. Therefore, if the goods are actually liquidated by the company, it will delete the data and remove the MDM carefully. Especially companies that have implemented MDM already have an extremely strong sense of security, there is no reason for them to skip this process. Some companies are even more careful, they hire a third party to monitor this, to avoid data leakage. Talking about data security, this is my job, those of you who know me well, when I was in Vietnam, I was hired to audit similar cases like this (same thing, because at that time MDM just came out. ).
The people who give this type of explanation are very knowledgeable about Vietnamese psychology, when the machine is not used for the project, it must be liquidated, if the assets are so large, they will be wasted if they do not liquidate. Big companies don’t have the same vision, computers are just tools, when data is lost, it can’t be recovered. Therefore, each computer leaves the company separately official have to go through a very cumbersome IT review process, let alone forgot to remove MDM. Not to mention, if any of you work in IT systems, there’s still a case of wiping the computer and Re-Assign – transfer the device to the new employee used until the end of the life cycle, rather than liquidating it again for Vietnamese friends who have MDM machines to use.
Therefore, the explanation of “liquidated goods” is not correct, merely solving psychological problems for buyers.
What are the risks of using an MDM machine?
1.Locked and erased data remotely. As explained above MDM is its sharp blade, born to do this, and does it very well. So the risk is Yes. However, you rarely see them for the following reasons:
- Employees of the company smuggled out to sell, of course they will not report on the company that the device is lost. Therefore, from the side of the MDM system looking down, it is still an MDM machine used by the employee, so there is no data deletion, remote locking.
- The machine has been bypassed by changing the serial, in essence, it is already a different machine, so MDM is also not applicable.
- Depending on the company’s policy, depending on whether the lost device belongs to an outside employee or a central employee (open parentheses a bit, even in the US, if the computer is owned by an outside employee, the MDM handling is also a bit looser) , if the lost device is the boss’s view, the device has not been returned to VN, the exam has been deleted a few times already.
2. Legal risks:The damage analyzed above, the nature of MDM is a stolen machine, if you use it in Vietnam, it’s OK, but if you accidentally bring it abroad (travel, study abroad, work …) it should not. For example, you buy an ordinary machine even though it is 100% stolen, when it comes to legal issues, you just need to explain when you bought it that you didn’t know it was a stolen machine, that’s it. But with the MDM machine, it can’t be explained like that, it is essentially a stolen machine, and the foreign police are also too familiar with this type of machine, they handle thousands of such cases every year. So, no matter how well you explain, it will not avoid legal trouble.
3. Frustration: to use MDM you must relatively well versedeach time you reinstall MacOS or update to a newer MacOS. Especially updating to the new MacOS. The reason, for the MDM machine to be used normally, you have to perform some operations to bypass (fool MacOS, fool Apple). Every time a new MacOS is released, Apple will try to block that bypass option. Of course, mages will probably find a new bypass very quickly. The magicians win, you have a good machine, the magicians lose, you nag. This process is similar to the iPhone lock / sim transplant – the war between magicians and Apple. The level of trouble here is for you to judge for yourself, do not distort the words. Because bypass is a complicated process, depending on the model, even the store, big hands don’t dare to pat the chest, so I can handle it both 100% and forever. Every time Apple releases a new macOS update, a new story begins.
How to test Macbook MDM?
- Fast test: you can type this command: profiles status -type enrollmentIn Terminal, if one of the two results is YES, it’s ok, and No/No is relatively good. To be careful, you still have to reset the device (slow test)
- Slow test:reset the computer online, preferably at Internet Cafe, or at your home (to limit DNS interference only). At the first Internet login, Macbook will connect to Apple’s server to confirm the machine’s status. Here’s your chance to get it! verified by Apple itself. So the accuracy is close to 100%.
So should I use MDM?
The question is extremely difficult because it depends on many factors: your income, the nature of the job (do you need the machine 24/24 or sometimes it rolls out for a few days is still OK), the level of risk you can take self borne, computer level.
For example, you are a computer literate, backup data regularly, with a modest budget but want to experience a high configuration machine, MDM may be right for you.
For those of you who still have to ask what an MDM machine is, I advise you not to use it.
Q: Are Sealed Machines likely to suffer from MDM?
A: Yes, it’s a stolen machine by nature, so the question is when was it stolen? while the Seal is intact or in use.
Q: Can a clean machine automatically become an MDM machine?
A: Actually, to create an MDM machine is not as easy as you imagine, firstly, you must have admin rights granted by Apple, your corporation may have thousands of IT employees, but only 1-2 people have this right. The second is that you must have a Proof of Purchase (which must come directly from Apple). That way, the serial you put into the MDM system is approved by Apple. But it’s not as you imagine that the user is sitting around or IT is typing nonsense for a while, but it can become an MDM machine.
If you are subtle, you will see a few rumors similar to the fact that when buying the device, the corporation has not deployed MDM, only after a while, the machine will suddenly become an MDM machine. Sound reasonable? The reality is not so, simply if that Macbook is liquidated according to the correct process, then the serial of that computer has been removed from the inventory list (list of devices) of the corporation, where is there to put it in the system? MDM system. I think this is just a rumor to save the recent MDM cases that have been revealed, there are many types of rumors, but they all explain one thing: A clean machine that takes a while to turn into an MDM machine. It is understandable that rumors like this come from people who are very knowledgeable about Vietnamese psychology, but do not understand anything about the system.
Q: Does the MDM machine have a warranty?
A: Yes and of course. Because the MDM machine is a company product, Apple employees cannot determine whether the MDM machine is used by that company’s employees, or has been stolen.
By the way, the recent MDM seal removal cases are that users have to buy MDM machines at the price of a clean machine, still confident that they buy a clean machine. A few years later, when I reinstalled the machine, I discovered it. But for those of you who sell decent goods, clearly stating that MDM goods, customers know that, then it is a matter of buying, selling, and unmasking.
If you have any questions, feel free to ask below, I will try to answer. If this question is of interest to many people, I will update the article. Thank you guys so much
By: Andy Pham – Vietnamese Macbook Association