Fetching Bootstrap Token of already enrolled Macs
Mac computers running on Catalina (10.15) or later use Bootstrap Tokens to grant secure tokens to mobile accounts and managed administrator accounts created during device enrollment. On devices running on macOS 11 and above with the Apple Silicon chip, the bootstrap token can be used to authenticate the installation of both Kernel Extensions and OS updates and the execution of the Erase All Content and Settings command using the Hexnode UEM console.
Fetching the Bootstrap Token of a Mac upon enrollment
When a macOS device is enrolled into the Hexnode UEM portal using the manual device enrollment (Open Enrollment or Authenticated Enrollment) method, the bootstrap token gets generated and automatically fetched to the Hexnode UEM portal. In the case of the Automated Device Enrollment method, the bootstrap token gets generated and fetched to the portal when the user logs in for the first time on the device.
You can check whether the bootstrap token has been fetched for a particular device by navigating to Manage > Select Device > Device Info > Security Info > Bootstrap Token. If the Bootstrap Token has been successfully fetched, the status will be shown as “Escrowed”; else, it will be shown as “Missing”.
Manually fetching the Bootstrap Token of already enrolled Macs
If the bootstrap token has not been fetched on already enrolled macOS devices, you can manually generate and escrow the bootstrap token to the Hexnode UEM portal. Enter the following command on your macOS devices to escrow the bootstrap token:
sudo profiles install -type bootstraptoken
To check if the bootstrap token has been successfully escrowed in the Hexnode UEM portal, you can enter the following terminal command on your macOS device:
sudo profiles status -type bootstraptoken
Once the bootstrap token has been escrowed in the Hexnode UEM portal, it can be used to grant secure tokens and authorize critical actions and commands.