KI 2653 Enroll unmanaged mac with UiB setup

2024-11-07 (updated 2025-05-09)

This guide decribes how to enroll an unmanaged Mac with UiB management setup.
The procedure itself normally only takes a few minutes to complete, but you should allow at least half an hour for the Mac to be left for further configuration after the enrollment procedure is completed.

It is a requirement that all Macs (and PCs) purchased by UiB are operated by UiB and run a management setup that is in accordance with UiB's instructions for operating IT equipment.

If a UiB-purchased Mac computer is not out of the box prepared for Mac UiB setup, due to a supplier error, it can be enrolled later.

Only Mac computers purchased through UiB can be enrolled with UiB setup, not privately purchased Macs.

Macs with UiB setup will also have access to the wireless "klient" network that provides access to internal UiB resources, as well as support for software in the Managed Software Center, automatic connection of printers and configuration of services such as VPN and UiB internal software

If FileVault is enabled with a private iCloud account or private key, turn it off before proceeding.
- For more information regarding FileVault see: KI 2857 FileVault
- If this step is skipped, any custom private setup will be retained and the IT department cannot help you if the recovery key is lost. After enrollment is complete, FileVault will be re-enabled with Intune backed up keys where the IT department can assist with recovery if necessary.

Open a terminal window:
(you can find this app for instance by searching in Launchpad)

and run the following command in the terminal window:

sudo profiles renew -type enrollment
(then enter your local user password (requires admin access)
the password will not be visible in the terminal window when typing, but will be registered, press enter when done)

If the process fails during the installation, note the error message, and contact the IT department at uib-help or by phone, then there is something wrong with the configuration for your mac)
(ex: "Error: DEP enrollment failed: No Device Enrollment configuration was found for this computer)

If an information message appears in the upper right corner, choose to enroll your Mac as requested.

After a few seconds you will be greeted with the following screen, press enroll/enroll:

lYou will be asked for your username and password a few times during the process,

When you get a window as shown below, you must log in with your local user account and password (which has administrator access) on the Mac, or use Touch-ID if your Mac supports it.

When a Microsoft login window appears as shown below, you should use your UiB email address (firstname.lastname@uib.no) and your UiB password.

Check that the configuration is in place

Go to System Preferences - Profiles by searching for the profile in System Settings.

At first, only the "Management Profile" will be visible under Profiles,

After a few minutes, more profiles should appear:

##########
Important! Leave the computer turned on for half an hour to allow all the configuration pieces to fall into place. You are welcome to use the computer in the meantime.
Contact the IT department if any of the steps fail, or the list of profiles does not expand within half an hour.
##########

- After the enrollment

-- Log in to the keychain for printers
A prompt "macOS - Log in to UIB.NO" will appear, log in with your UiB account (email address), to be able to use UiB's printers.

-- Check that the Managed Software Center is installed
Within a. few minutes updates to some software packages should be available in"Managed Software Center"

-- Enable FileVault
When you restart the computer the next time, you will be asked to enter the password for the local user to enable FileVault, do this.