At Human-I-T, we believe that enterprise technology donors play a key role in creating a world where everyone has equal access to the limitless opportunities available online.
However, sometimes we receive devices in donations that we just plainly cannot use to their full potential. Why? Because of MDM locks which prevent us from refurbishing the devices.
So, we wanted to write this short blog about what MDM locks are, why they’re used, how to find out if your devices have an MDM lock, and how you can go about removing them.
It’s our hope that, by the end of this blog, you’ll be able to ensure that any devices you donate to Human-I-T are free of MDM locks. That way you have the best chance at using your decommissioned technology to make a positive impact on the people in your community.
Table of Contents
- What is a Mobile Device Management system?
- Why should you remove MDM locks before donating technology
- How are MDM systems installed?
- What is Apple’s DEP?
- Why does Apple provide a native MDM solution?
- How to tell if your Apple device has an MDM solution installed
- How to tell if your Windows device has an MDM solution installed
- How to remove an MDM lock from your Apple device
- How to remove an MDM lock from your Windows device
- Make it easy for us to make it easy for you to do good. Remove MDM locks from your devices.
What is a Mobile Device Management system?
Mobile Device Management (MDM) is a software system that allows IT administrators to manage and secure mobile devices used in an organization.
It provides central management for mobile devices, including smartphones and tablets, and allows IT staff to enforce security policies, deploy software updates, wipe data from lost or stolen devices, and manage access to corporate resources.
The goal of MDM is to ensure the security and compliance of corporate data on personal mobile devices, while allowing employees to use their preferred devices for work purposes.
Why should you remove MDM locks before donating technology
If you are considering donating your Apple or Windows device to an organization like Human-I-T, it is important to understand the potential harm that an MDM lock has on your donation’s ability to make an impact. An MDM lock is typically used to prevent unauthorized access to corporate data and resources on the device, but it can also make it difficult or impossible for the refurbishment team to prepare the device for redistribution.
If you donate a device with an MDM lock to us, our refurbishment team may not be able to access the device or clear its memory, which is necessary to protect your sensitive information. This means that the device cannot be refurbished and redistributed to people in need, and instead must be sent to an e-waste recycler.
By removing the MDM lock from your device before donating it, you can help ensure that it can be properly refurbished and redistributed to people in need. This allows you to make a positive impact on your community and our planet by reducing e-waste and providing access to technology to those who may not otherwise have it. In short, if you want to help us empower people with access to technology and protect the planet from e-waste, please follow the steps on how to remove MDM locks from your devices.
How are MDM systems installed?
MDM solutions are typically installed on a device by an IT administrator or someone else who has administrative access to the device. The process of installing an MDM solution varies depending on the specific solution being used, but typically involves the following steps:
- Register for an MDM service: The IT administrator must first sign up for an MDM service and create an account with the MDM provider. They will then be provided with a unique URL or server information that will be used to enroll devices.
- Enroll the device: The administrator must enroll the device by entering the URL or server information provided by the MDM provider. This will initiate the device enrollment process, which typically involves downloading an enrollment profile and installing it on the device.
- Configure settings: Once the device is enrolled, the administrator can configure various settings and policies to manage and secure the device. This can include things like setting up email accounts, configuring Wi-Fi settings, installing apps, and enforcing security policies.
- Manage the device: With the MDM solution installed, the administrator can manage the device remotely and make changes as needed. This can include things like pushing out updates, modifying settings, and wiping the device if it is lost or stolen.
It is important to note that the specific process of installing an MDM solution may vary depending on the provider and the device being used. Additionally, some MDM solutions may require additional configuration or integration with other systems in order to function properly.
What is Apple’s DEP?
Apple provides a native MDM solution called Apple Device Enrollment Program (DEP) that allows IT administrators to enroll devices into the management system and enforce various security policies. This includes the ability to enforce password policies, restrict device access to corporate resources, remotely wipe data from lost or stolen devices, and install enterprise applications. Apple leverages the DEP program as a native feature to provide a streamlined and secure way for IT administrators to manage and deploy Apple devices in an enterprise setting.
DEP provides a secure and automated enrollment process that allows IT administrators to supervise and configure devices remotely, without the need for physical access to the device. This helps organizations ensure the security and compliance of their data and network by allowing them to enforce device-level policies and manage access to corporate resources.
By providing a native MDM solution, Apple aims to help organizations manage their devices effectively and securely, and maintain control over their sensitive data and intellectual property. Additionally, DEP integrates with other Apple services and technologies, such as Apple Business Manager and Apple School Manager, to provide a comprehensive solution for managing Apple devices in the enterprise.
Why does Apple provide a native MDM solution?
Apple has a long history of prioritizing security and privacy in its hardware and software design. This focus can be traced back to the company’s early days and has been a core part of its brand identity and marketing strategy. Apple has consistently made privacy and security a key selling point for its products.
One specific moment in Apple’s history that marked a shift towards a stronger focus on security and privacy was the introduction of the iPhone in 2007. After launch, the iPhone made it more popular to use mobile devices for work purposes which created a need for a comprehensive solution for managing and securing these devices in the enterprise. DEP was introduced as a way for IT administrators to enroll and manage Apple devices in a secure and automated manner, and has been updated and improved over the years to keep pace with the changing needs of the enterprise.
Another notable moment was the launch of the Apple Pay mobile payment system in 2014, which required Apple to secure sensitive financial data in a manner that was both user-friendly and secure. The company also became more vocal about privacy issues, particularly in the wake of high-profile data breaches and the increasing use of personal devices for work purposes.
In 2018, Apple introduced the iOS 12 update, which includes new privacy features, such as password management and protection against online tracking, and has continued to improve its privacy and security measures in subsequent iOS updates. Again, the DEP program was updated to reflect these changes, providing IT administrators with new capabilities to manage and secure Apple devices, while respecting the privacy of their users.
How to tell if your Apple device has an MDM solution installed
To find out if an Apple device has MDM on it, follow these steps:
- Open the Settings app on your device.
- Tap on “General”.
- Scroll down and look for “Device Management” or “Profiles & Device Management”. If you see this option, it means that your device is being managed by an MDM solution.
Note that the location of the “Device Management” or “Profiles & Device Management” option may vary depending on the version of iOS or iPadOS you are using.
How to tell if your Windows device has an MDM solution installed
To find out if a Windows device has MDM on it, follow these steps:
- Open the Settings app on your device.
- Click on “Accounts”.
- Look for “Access work or school” or “Work or School account”. If you see this option, it means that your device is being managed by an MDM solution.
Note that the location of the “Access work or school” or “Work or School account” option may vary depending on the version of Windows you are using.
If you are still unsure whether your device has MDM on it or not, you can check with your IT administrator or the device manufacturer for more information.
How to remove an MDM lock from your Apple device
If an Apple device is managed by an MDM solution, it may be subject to certain restrictions and configurations set by the administrator. To remove the MDM lock from an Apple device, the following steps can be taken:
- Contact the administrator: If the device is owned by an organization, the first step is to contact the IT administrator and request that the MDM profile be removed. The administrator has the ability to remove the profile and restore the device to its original state.
- Restore the device: If the device is no longer associated with the organization, or if the administrator is unable to remove the MDM profile, restoring the device to its original state may remove the MDM lock. To do this, the device can be reset to factory settings using iTunes or the device’s Settings app.
- Consult an Apple Authorized Service Provider: If the above steps are not successful, an Apple Authorized Service Provider may be able to help. They can provide support and technical assistance in removing the MDM lock from the device.
It is important to note that removing an MDM profile from a device may impact its functionality and access to certain resources, and should be done with caution. Additionally, some MDM solutions may have security measures in place that prevent unauthorized removal of the profile, so it may not be possible to remove the lock in some cases.
How to remove an MDM lock from your Windows device
If your Windows device is enrolled in an MDM program, it may be subject to certain restrictions and policies enforced by the program, such as a passcode requirement or restricted access to certain apps or features.
Removing an MDM lock from a Windows device typically requires administrative access to the MDM program, as well as permission from the organization that manages the program. In most cases, users cannot remove MDM locks from their devices without the consent of the organization that enrolled the device in the program.
If you believe that your Windows device is subject to an unauthorized MDM lock or if you need to remove an MDM lock for legitimate reasons, you should contact the IT department or administrator of the organization that manages the program to request assistance. They can help you determine the appropriate steps to take to remove the lock, or provide alternative solutions that will allow you to use the device within the guidelines set by the organization.
Make it easy for us to make it easy for you to do good. Remove MDM locks from your devices.
Facts are facts: every device that we receive with an MDM lock on it is another device we can’t use to empower people with access to technology.
That’s why we hope that you’ll not only heed the instructions of this blog, but also share them with your colleagues who are interested in donating technology.
The more common this knowledge is, the better chance we have of creating a world where every device donated to organizations like Human-I-T has the best potential of being reused by somebody in need.
