> Very amusing worldview.
It’s ironic that you’re displaying the exact behavior pointed out by the GP:
> This is how you behave when you think you're so much smarter than everyone around you that consequences don't apply to you.
MDM is implemented to protect company assets regardless of the actions of the users. It would not be due diligence on the part of the director to trust you to wipe your own device.
It’s not clear to me what the point of your comment is other than illustrating that you’re smarter than your director.
Considering the MDM was not implemented properly (particularly in an environment where one hires cybersecurity professionals, who are more likely than most to be able to figure out workarounds to it), it would actually be much more prudent to hire trustworthy staff who can be trusted not to steal company assets, trade secrets, and so on versus thinking you can conduct a zoom call on said company asset and then fire off a command via the MDM to wipe the laptop when the call is over.
I actually think the director was pretty smart, since he managed to avoid having an extended conversation about the lack of working MDM and ability to follow the procedure in front of the other person on the zoom call. Sometimes it's very important to be able to read between the lines of what someone is telling you.
Relying on remote wipes to secure company data is not a particularly strong plan, either (as this Apple saga should make clear); a determined person would simply be either constantly exfiltrating data, disconnect a machine from the network before it can be wiped, or other various plans (and do so without detection). I should know, since my job duties there were to advise customers on how to move towards a zero trust environment.
Either way, everything still worked exactly as before, just now my Mac wasn't reporting back to the company at all. This went on for over a year until eventually I left the business, handed my laptop in physically and went on my way. I assume they noticed at that point, but before then they apparently had no idea.
I probably should have told someone, but since I hadn't done anything I didn't feel bad about it, and it was a lot easier to get stuff done without the corp stuff breaking everything
Which is hilarious. They've fixed (or at least made it more robust), but until at least Ventura, you want to know how to circumvent MDM entirely on Apple Silicon?
Do a fresh install with Internet access. When the machine goes to do the first reboot during the process, null route three hostnames on your router/DNS: deviceenrollment.apple.com, mdmenrollment.apple.com and iprofiles.apple.com.
Complete setup and get logged in.
You can now remove the null routing. Your machine will never phone home again for MDM enrollment. You can upgrade, all the way to Tahoe. No issues.
As of the more recent releases, the installer does do some checks to ensure connectivity to those hosts, that I haven't bothered or needed to try to circumvent... but yeah, the idea of Apple ensuring their MDM to be unbreakable, durable, robust is laughable.