Hi Community,
The Leverage macOS has with Bootstrap token is immense using the same for Software Updates, Erase Device and new Local Account Creation in System Settings
While I refer From IT Deployment Guide Which States the below
For a Mac with macOS 10.15.4 or later, when a secure token-enabled user logs in for the first time, macOS generates a bootstrap token and escrows it to a device management service.
I even tested out the Statement using Automated Device Enrollment Workflow ( With AutoAdmin Account Only, With Both AutoAdmin Account , Primary Account ) and it Granted BootStrap Token Immediately upon login
How ever with User-Initiated Enrollments it differs like below
-
Sometimes upon installation of MDM Profile in macOS Immediately the BootstrapToken is sent to MDM
-
Sometimes the BootStrapToken is not immediately sent, so I need to logout , login with the Secure Token enabled user for macOS to escrow BootStrapToken to MDM
-
Sometimes Even when I followed the pointer as in 2) like logout / login from a SecureToken Enabled user the BootStrapToken is not escrowed to MDM , Which Affects the OSUpdates, Erasing Capabilities to be used precisely with MDM Protocol
Can someone Please Help with the Flow for BootStrapToken Generation / issuance to MDM incase for User-Initiated Enrollment