ºÚÁϺ£½Ç91Èë¿Ú

Help Center Home > MDM Enrollment for Apple > Un-Enroll Devices from MDM

Un-Enroll Devices from MDM

This article discusses how to un-enroll individual devices from ºÚÁϺ£½Ç91Èë¿Ú MDM and how to remove ºÚÁϺ£½Ç91Èë¿Ú MDM from an organization, which will un-enroll all devices in the organization.

Important:

Removing the ºÚÁϺ£½Ç91Èë¿Ú MDM Enrollment Policy from a device does not remove the enrollment profile.

Tip:

If the device is subject to the MDM Enrollment Policy, removing the profile manually or via command will not be permanent. The device will receive the MDM profile again once the agent checks in again. However, this profile will not be auto-approved. If the device is to remain un-enrolled, the ºÚÁϺ£½Ç91Èë¿Ú MDM Enrollment policy will need to be unbound from the device.

Removing the MDM Configuration from a Device

There are two ways to remove the MDM configuration from a device: via the ºÚÁϺ£½Ç91Èë¿Ú API, or directly on the device via System Settings (System Preferences on macOS 12 and earlier).

Via ºÚÁϺ£½Ç91Èë¿Ú API

You can remove the MDM configuration from a device using the ºÚÁϺ£½Ç91Èë¿Ú V2 API. See .

You'll need 3 values to complete this method:

  • ºÚÁϺ£½Ç91Èë¿Ú API Key
  • MDM ID - this is the identifier of your organization's MDM configuration.
  • MDM Device ID - this is the identifier unique to each device enrolled in MDM.

To gather the required values and remove the ºÚÁϺ£½Ç91Èë¿Ú MDM Enrollment Profile from a device via the API:

  1. Obtain your API key from the ºÚÁϺ£½Ç91Èë¿Ú Admin Portal. See Obtaining Your API Key.
  2. In the macOS Terminal, insert your API key into the command below and run it to gather your MDM ID:

curl https://console.jumpcloud.com/api/v2/applemdms \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: INSERT_API_KEY_HERE'

Note:

The MDM ID is the value in quotes after [{"id":"

  1. Next, obtain the MDM Device ID:
    1. Log in to the .
    2. Go to DEVICE MANAGEMENT > Devices.
    3. Click the desired device from the Devices list.
    4. Go to the Insights tab and scroll down to Device Info.
    5. Copy the ºÚÁϺ£½Ç91Èë¿Ú MDM ID.
  2. Now you can remove MDM enrollment for the specified device by launching the macOS Terminal and inserting the gathered values into the following command:

curl -X DELETE https://console.jumpcloud.com/api/v2/applemdms/INSERT_MDM_ID_HERE/devices/INSERT_MDM_DEVICE_ID_HERE \
-H 'accept: application/json' \
-H 'x-api-key: INSERT_API_KEY_HERE'

  1. Restart the device to ensure removal of the ºÚÁϺ£½Ç91Èë¿Ú MDM enrollment profile.

Via System Settings or System Preferences

You can remove the MDM configuration manually on a device from System Settings (macOS 13 Ventura and newer) or System Preferences (macOS 12 Monterey and prior).

Important:

This method works only for devices that are user enrolled. See Add Company-Owned Apple Devices to MDM with Device Enrollment.

Devices enrolled with Apple's Automated Device Enrollment (ADE) cannot be removed using the following method. ADE devices must be removed either via the API, or by deleting the device from ºÚÁϺ£½Ç91Èë¿Ú entirely (which also removes the ºÚÁϺ£½Ç91Èë¿Ú Agent).

To remove the enrollment profile on macOS 13 Ventura and later:

  1. Go to System Settings > Privacy and Security Profiles to view the MDM Enrollment profile. 
  2. As an admin user on the device, select the MDM Enrollment Profile in the list and click the "-" button to remove it.

To remove the enrollment profile on macOS 12 Monterey and earlier:

  1. Go to System Preferences > Profiles to view the MDM Enrollment profile. 
  2. As an admin user on the device, select the MDM Enrollment Profile in the list and click the "-" button to remove it.

Removing the MDM Configuration from an Organization

Considerations:

Removing the MDM Configuration will result in loss of access to MDM features, including:

  • Security Commands
  • Patch Management

Warning:

This will remove the ºÚÁϺ£½Ç91Èë¿Ú MDM profile from ALL devices in the organization! Deleting the MDM Configuration from your organization will bulk un-enroll ALL devices at their next check-in with ºÚÁϺ£½Ç91Èë¿Ú.

To remove a single device from MDM, follow the steps above for removing the MDM profile from an individual device.

  1. Log in to the .
  2. Go to DEVICE MANAGEMENT > MDM in the left menu.
  3. Click the Delete button under MDM Configuration.
  4. To confirm, enter the amount of macOS and iOS devices that will be removed from MDM management.
  5. Click Delete MDM Configuration.
Back to Top

List IconIn this Article

Notebook IconLearn More

Set up Apple MDM

Add Company-Owned Apple Devices to MDM with Device Enrollment

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case