14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Managing Mac Devices
  3. Security

Category filter

Fetching Bootstrap Token of already enrolled Macs

Jump To

Mac computers running on Catalina (10.15) or later use Bootstrap Tokens to grant secure tokens to mobile accounts and managed administrator accounts created during device enrollment. On devices running on macOS 11 and above with the Apple Silicon chip, the bootstrap token can be used to authenticate the installation of Kernel Extensions and OS updates, and the execution of the Erase All Content and Settings command using the Hexnode UEM console.

Requirements:

The bootstrap token feature requires supervised macOS devices running on macOS 10.15 and above.

Fetching the Bootstrap Token of a Mac upon enrollment

When a macOS device is enrolled into the Hexnode UEM portal using the manual device enrollment (Open Enrollment or Authenticated Enrollment) method, the bootstrap token gets generated and automatically fetched to the Hexnode UEM portal. In the case of the Automated Device Enrollment method, the bootstrap token gets generated and fetched to the portal when the user logs in for the first time on the device.

You can check whether the bootstrap token has been fetched for a particular device by navigating to Manage > Select Device > Device Info > Security Info > Bootstrap Token. If the Bootstrap Token has been successfully fetched, the status will be shown as “Escrowed”; else, it will be shown as “Missing”.

Manually fetching the Bootstrap Token of already enrolled Macs

Suppose the bootstrap token has not been escrowed for already enrolled macOS devices. In that case, you can manually do it by running the following command on your macOS devices or by using the Live Terminal feature:

sudo profiles install -type bootstraptoken

To check if the bootstrap token has been successfully escrowed in the Hexnode UEM portal, you can run the following terminal command:

sudo profiles status -type bootstraptoken

The above command returns the following response:

  • profiles: Bootstrap Token supported on server: Yes, if the MDM server supports the Bootstrap Token feature. Else, returns No.
  • profiles: Bootstrap Token escrowed to server: Yes, if the Bootstrap Token has been escrowed in the MDM server. Else, returns No.
Note:

You may be asked to authenticate using admin credentials when running sudo commands on your Mac.

Once the bootstrap token has been escrowed in the Hexnode UEM portal, it can be used to grant secure tokens and authorize critical actions and commands.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Managing Mac Devices
  • Troubleshooting Guides