Mobile Device Management (MDM) is a protocol used by corporations and schools to control, monitor, and restrict Apple devices issued to employees or students. If you bought a used iPad or Mac and it says "Remote Management" during setup, it is MDM locked.
Just like iCloud Activation Lock, completely formatting the device via a DFU restore with an IPSW will not remove the MDM lock.
Apple uses the Automated Device Enrollment (ADE) program. When the device connects to Wi-Fi during setup, it checks its serial number against Apple's servers. Apple's servers then redirect the device to the corporation's MDM server, forcing it to download the restriction profiles.
Because MDM is a software profile downloaded after the device boots, there are software tools that can bypass it. They do this by modifying the setup files to skip the ADE server check during the initial "Hello" screen.
However, an MDM bypass is temporary. If you ever Factory Reset the device or update it using an IPSW file, the bypass will be erased, and the device will immediately lock itself back to the corporation upon reboot.
If a device has an MDM lock, it mathematically belongs to an enterprise organization. Often, these devices are stolen, or an employee sold a company laptop they didn't own. Bypassing MDM on a device you do not legally own is a legal gray area. The only permanent fix is to have the IT department of the organization release the serial number from their Apple Business Manager portal.
Was this guide helpful?