Mac Firmware password

• Introduction
• Prerequisites
• Steps to configure the Firmware passwords
• Removing or modifying the Firmware passwords
• Viewing the Firmware passwords
• Note
• Troubleshooting Tips

Introduction

Apple provides various options to secure data on Mac such as configuring a system passcode and encrypting the data using FileVault. Apple provides an additional layer of security by prompting the user to enter a Firmware passcode when the user tries to boot the system from external or internal storage devices, other than the default startup disks.

In most cases the process of manually configuring a Firmware password on Macs can be tedious for users, Mobile Device Manager Plus MSP allows the Firmware password to be automatically configured on Macs.

This feature is available in Professional, Free, and Trial editions of MDM.

Prerequisites

To apply the Firmware password on Mac using Mobile Device Manager Plus MSP the following prerequisites need to be met:

• The Mac must be running macOS 10.13 and above.
• The Firmware password policy is not available in the Standard Edition of Mobile Device Manager Plus MSP.
• The Mac must not have a Firmware password pre-configured by the user.

Steps to configure the Firmware password

Follow the steps given below to configure the Firmware password on a Mac

1. On the Mobile Device Manager Plus MSP server, navigate to Device Mgmt -> Profiles and create a new Apple profile.
2. Click on Firmware Password, and enter the Firmware password to be configured on the systems.
3. Confirm the password.
4. Save and publish the profile.
5. Associate the profile to the device.
6. To successfully apply the Firmware password profiles, the Macs must be restarted. Navigate to Inventory and click on the device to which the profile is associated. Under Actions, click on Restart. This will immediately restart the system and apply the profile to the system.

Removing or modifying the Firmware passwords

1. To remove the Firmware passwords from the devices, disassociate the profile from the devices.
2. To modify the Firmware password, modify the profile, associate the upgraded version and restart the machines.

Viewing the Firmware passwords

The admin can view the configured Firmware passwords from the Inventory page by navigating to the Security details tab. Here, the admin can also note whether Firmware is enabled on devices and who enabled it along with the mode that is configured for the Firmware password.

Note:

1. Mobile Device Manager Plus MSP can only configure the Firmware password in the Command mode which means the user will be prompted to enter the password only when they try to boot the system from another drive or partition.
2. While updating the profiles, the admin must ensure the previous profile has been successfully applied by restarting the system before re-applying the profile to the devices.
3. The user can modify the password and the mode manually despite it being configured using Mobile Device Manager Plus MSP.
4. If a Mac is lost or stolen, a firmware password can be set on the machine for one-time use. In the Inventory page, select the machine that's lost or stolen and click on Remote Lock. You'll be prompted to enter a 6 digit PIN. This PIN will be enforced on the machine and the user must enter this PIN to access the machine.

Troubleshooting tips

1. You have applied the Firmware password on the system but the status is not updated in the Inventory page.

   Despite performing a system restart, if the status of the Firmware password is not updated in Inventory, try scanning the machine. You can also manually check the status by running the following command on the Terminal of the machine: sudo firmwarepasswd -check