We have an employee who was let go and hasn’t logged out of their expensive MacBook laptop. We paid for it but the laptop was mailed to their house in their name. Apple said whoever it’s mailed to owns it and they won’t unlock or reset it for us. HD is encrypted. Suggestions?
248
28
53
288
Going forward, you guys don’t have apple mdm setup? Otherwise your employees essentially do “own” the devices if you let them bind their apple id
1
2
Yeah, finding that out thanks to this experience and thread! Definitely going to set one up. We were spoiled at my last firm, employed a bunch of ethical hackers (most with clearances) and never once had an issue. Realizing that’s not reflective of our current setup.
1
1
Replying to @JSyversen
Get Apple Business Manager. You get a discount on devices, they’re registered to your company but shipped to employee, and they will auto-enroll into MDM, giving you remote capabilities, such as remote wipe, lockout, etc (I suggest using JAMF). apple.com/business/it/

Business - Enterprise - IT

Apple Business Manager makes it easy for IT teams to deploy devices, manage configurations, distribute apps and content, and secure corporate data.

apple.com

Aug 2, 2022 · 7:29 PM UTC

3
2
Replying to @bilcorry
Yes, that’s the best advice I’ve gotten in this whole thread. We don’t have an IT department yet and I didn’t even know Apple finally had a solid business management platform now. Definitely signing up for the future, thanks.
1
2
more replies
Replying to @bilcorry @JSyversen
This is definitely the best answer you've received in this thread so far IMO. Jamf may be overkill, a lightweight MDM like SimpleMDM/Mosyle/Kandji might work for your setup, but will still give you administrative capabilities over your Apple products.
1
1
Replying to @bilcorry @JSyversen
Jamf is pretty great with iOS/Mac but I’d argue VMware workspace one provides more for full enterprise control (gps tracking, app management, device wipe, profiles, remote assist etc.)
1