MacOS Process for Erase Device AND release from DEP

gfrick
Here to help

MacOS Process for Erase Device AND release from DEP

Does anyone use the "Erase Device" function with macOS?

 

I have a DEP-enrolled device that is out of state, and I need to completely wipe it and release it from DEP. I know that the latter part has to happen through Apple Business Manager, and I'm prepared for that. But I'm curious about the best order of operations for these steps.

 

When I go to the Meraki SM device page and click "Erase Device", I'm prompted for a 6-digit code that will be needed to access the device after wiping (an awesome feature tied to DEP, I believe). But ultimately this device is leaving my company's ownership, so I need to fully wipe and fully release it from DEP.

 

Has anyone done this? If so, what does the process look like?

 

 

6 REPLIES 6
BlakeRichardson
Kind of a big deal
Kind of a big deal

@gfrick I have never used this function on a MacOS device, iOS yes I have done this many times but obviously they aren't the same. 

 

I can't find any real information explaining the process in detail in Meraki's knowledge base, below is the best I found. At a guess I would say the resetting to factory defaults it refers to is just removing all Meraki loaded profiles and Apps. I don't think it erases the system.

 

https://documentation.meraki.com/SM/Monitoring_and_Reporting/Selective_Wipe_and_Device_Quarantine_in...

 

Screen Shot 2020-03-31 at 8.15.26 AM.png

Thanks for the feedback, @BlakeRichardson! Yeah, this function is not very well-documented, I'm afraid. I also found this article, where it mentions the erase device option at the very bottom, but there's no walkthrough. 

 

https://documentation.meraki.com/SM/Monitoring_and_Reporting/Using_Systems_Manager_to_Locate_a_Missi...

 

Can you explain how the 6-digit code comes into play? I'm guessing that means iOS/macOS will prompt the user for that code upon startup after the erase/reset. But I'm confused about how that works if, as the article above states, "Once wiped, the device will no longer be managed by Systems Manager".

 

So, with iOS devices, do you have to enter that 6-digit code upon startup and then re-enroll that device in SM?

@gfrick I don't recall reading anything about a code. Like any Apple device if it's erased it won't be part of an MDM until you complete the enrolment process. 

 

If the device is enrolled in DEP you can force this otherwise it relies on manual enrolment. 

@BlakeRichardson Yeah, that makes sense. I meant to include this screenshot of the code prompt after clicking Erase. 

 

Screen Shot 2020-03-31 at 8.55.01 AM.png

 

What you said makes total sense, which is why this code thing puzzles me. I guess I'll just need to try this sometime when I have a DEP-enrolled device with me and see how it works.

 

My concern with a code is if you used that option for a device that's been stolen, you enter a code and 3 months later the device is recovered but you don't remember the code, what happens next?

T1
Building a reputation

If you recover the device, Apple will unlock it for you. Device wipe is a great feature, we use it all the time.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels