Fetching Bootstrap Token of already enrolled Macs
Mac computers running on Catalina (10.15) or later use Bootstrap Tokens to grant secure tokens to mobile accounts and managed administrator accounts created during device enrollment. On devices running on macOS 11 and above with the Apple Silicon chip, the bootstrap token can be used to authenticate the installation of Kernel Extensions and OS updates, and the execution of the Erase All Content and Settings command using the Hexnode UEM console.
Fetching the Bootstrap Token of a Mac upon enrollment
When a macOS device is enrolled into the Hexnode UEM portal using the manual device enrollment (Open Enrollment or Authenticated Enrollment) method, the bootstrap token gets generated and automatically fetched to the Hexnode UEM portal. In the case of the Automated Device Enrollment method, the bootstrap token gets generated and fetched to the portal when the user logs in for the first time on the device.
You can check whether the bootstrap token has been fetched for a particular device by navigating to Manage > Select Device > Device Info > Security Info > Bootstrap Token. If the Bootstrap Token has been successfully fetched, the status will be shown as “Escrowed”; else, it will be shown as “Missing”.
Manually fetching the Bootstrap Token of already enrolled Macs
Suppose the bootstrap token has not been escrowed for already enrolled macOS devices. In that case, you can manually do it by running the following command on your macOS devices or by using the Live Terminal feature:
sudo profiles install -type bootstraptoken
To check if the bootstrap token has been successfully escrowed in the Hexnode UEM portal, you can run the following terminal command:
sudo profiles status -type bootstraptoken
The above command returns the following response:
- profiles: Bootstrap Token supported on server: Yes, if the MDM server supports the Bootstrap Token feature. Else, returns No.
- profiles: Bootstrap Token escrowed to server: Yes, if the Bootstrap Token has been escrowed in the MDM server. Else, returns No.
Once the bootstrap token has been escrowed in the Hexnode UEM portal, it can be used to grant secure tokens and authorize critical actions and commands.