Remove a non-removable MDM profile from macOS without a complete wipe
Non-removable MDM profiles cannot officially removed without doing a full system wipe. This is a problem when you restore a system from Time Machine after you enrolled it into the MDM, as the MDM will break, leaving you unable to re-enroll the machine.
Here's how to remove a non-removable MDM profile
- Boot the Mac into Recovery Mode (hold down command+R during startup).
- Go to the Utilities menu and open Terminal and type:
csrutil disable. This will disable SIP (System Integrity Protection). - Reboot into the OS.
- Open the integrated terminal and type:
cd /var/db/ConfigurationProfiles
rm -rf *
mkdir Settings
touch Settings/.profilesAreInstalled
- Reboot.
- Boot the Mac into Recovery Mode (hold down command+R during startup).
- Go to the Utilities menu and open Terminal and type:
csrutil enable. This will re-enable SIP. - Reboot into the OS.
The profile will be now removed and you will be able to re-enroll the Mac to your MDM.