MDM enrollment
An administrative state that lets an organization remotely manage and lock a Mac; commonly missed in private resales and can render the device unusable to the new owner.
MDM (Mobile Device Management) is Apple's framework for centrally managing Macs in a school, business, or fleet environment. A Mac enrolled in MDM is bound to that organization's management server, which can install software, restrict apps, push configurations, and remotely lock or wipe the device. Apple Business Manager and Apple School Manager are the most common gateways.
MDM enrollment matters in the secondary market because a Mac that was sold or donated by an organization without first being released from their MDM tenant will phone home to that MDM on first boot, regardless of who owns it now. The new owner sees configuration profiles installed, possibly restrictions enforced, and in extreme cases a remote wipe.
Releasing a Mac from MDM is the seller's responsibility, and it requires admin access to the org's MDM tenant. Once the Mac is released and signed out of all profiles, the next boot is clean. Until then, no buyer can fully own the device.
Macfax checks both DEP (Device Enrollment Program, the Apple-side flag) and the active MDM profile state on the Mac. Both are surfaced on every report.
See it on a real Macfax report.
Free Basic report in under a minute. Identity, authenticity, spec match. Every check lands on the report, signed.