How to Remove DEP Protection Before Reusing, Selling, or Recycling Apple Devices
Apple devices that stay enrolled in DEP remain tied to their original organization and re-enroll into MDM after every reset. Here's how to release them properly so they can be resold, reused, or recycled without friction.
When organizations retire Apple devices iPhones, iPads, MacBooks, or Mac desktops the data wipe is rarely the issue. The problem is that the devices remain enrolled in DEP and quietly re-enroll into MDM the moment a new owner sets them up. The Remote Management screen appears, the device asks for credentials no buyer has, and the asset effectively becomes scrap.
Removing DEP protection isn't complicated, but it has to happen through the right channel and in the right order. This guide explains what DEP is, why it must be removed before disposition, and the exact steps to release devices through Apple Business Manager.
What DEP Actually Does
The Apple Device Enrollment Program (DEP) is a feature within Apple Business Manager (ABM) and Apple School Manager (ASM) that automatically enrolls Apple devices into an organization's MDM solution during initial setup. It allows IT teams to enforce security policies, configure devices remotely, prevent unauthorized use, and standardize provisioning at scale.
The detail that matters at end-of-life: once a device is enrolled in DEP, it stays linked to the organization indefinitely. Factory resets do not break that link. Only an administrator with ABM access can release the device through the proper channel.
DEP vs MDM: Two Different Things
Most disposition issues come from confusing DEP with MDM. They work together, but they do different jobs and removing one does not remove the other.
| Aspect | DEP | MDM |
|---|---|---|
| Primary Role | Ownership assignment | Device management |
| Where Configured | Apple Business Manager | MDM platform (Jamf, Intune, etc.) |
| Triggers At | Initial device setup | Post-enrollment |
| Persists After Reset | Yes | No (re-enrolls if DEP active) |
| Removal Method | Release Device in ABM | Unassign in MDM console |
The practical implication is clear: removing MDM without removing DEP is insufficient. The device will re-enroll into MDM after a factory reset as long as DEP remains active.
What Goes Wrong When DEP Stays Active
Skipping DEP removal at end-of-life creates immediate operational and financial problems for whoever ends up with the device next.
Device activation is blocked
The Remote Management screen appears during setup, asks for the original organization's credentials, and refuses to proceed. The new owner cannot use the device.
Resale value collapses
Certified recyclers and ITAD partners cannot resell DEP-locked hardware. Equipment that should have generated meaningful recovery value gets treated as scrap or refused outright.
Compliance and security exposure
Orphaned devices that remain associated with your organization can create audit findings, brand exposure, and lingering questions about how data-bearing assets were handled at retirement.
When DEP Removal Is Required
Any time ownership is leaving your organization, DEP removal needs to be part of the process. The most common scenarios include selling devices to a third party, donating equipment to schools or nonprofits, recycling or decommissioning hardware, reassigning ownership outside the organization, and completing IT Asset Disposition (ITAD) workflows.
All Apple devices managed through ABM or ASM are subject to DEP iPhone, iPad, MacBook, iMac, Mac mini, and Mac Studio. The release process is the same across the entire fleet.
Before You Begin
Two things need to be in place before starting the removal workflow.
Administrator access to Apple Business Manager
DEP removal requires admin-level access to ABM or ASM. There is no official path to releasing a device without it, which is why maintaining ABM access during organizational transitions matters more than most teams realize.
Backup, sign-out, and data sanitization plan
Back up any user or business data that needs to be preserved, ensure devices are signed out of iCloud, and plan certified data sanitization aligned with relevant standards (NIST 800-88, GDPR, internal IT policies). DEP removal is the ownership step; data protection runs alongside it.
Removing DEP Through Apple Business Manager
This is the only officially supported method for releasing devices from DEP. The workflow is straightforward, but the action is irreversible once devices are released, they cannot be re-added to the same DEP program.
1. Log in to Apple Business Manager
Sign in at business.apple.com with administrator credentials.
2. Navigate to the Devices section
Open the Devices area from the ABM dashboard to view all enrolled hardware.
3. Locate the device by serial number
Search for the specific device using its serial number to ensure you're acting on the correct unit.
4. Select Release Device
Open the device record and choose the release option from the device action menu.
5. Confirm the release
Verify the action when prompted. Once confirmed, the device is no longer associated with your organization and DEP auto-enrollment is permanently disabled for that unit.
Completing the Process: MDM Removal and Factory Reset
Releasing the device from DEP is the critical step, but the workflow isn't complete until MDM is removed and the device is reset cleanly.
Unassign the device in your MDM console
Remove the device from your MDM platform (Jamf, Intune, Kandji, or whichever solution your organization uses) so it no longer receives policies or commands.
Perform a full factory reset
Wipe the device completely so the next owner sees a fresh setup experience without any residual configuration or accounts.
Verify a clean setup flow
Walk through the setup process and confirm that no Remote Management screen appears. If the device proceeds to the standard onboarding flow, DEP and MDM have been removed successfully and the device is ready to transfer.
Common Issues and How to Resolve Them
Two situations cause most of the difficulty teams encounter during DEP removal.
The Remote Management screen still appears
This typically means DEP was not fully removed before the reset, the device was reset before being released in ABM, or only MDM was unassigned while DEP remained active. Return to ABM, confirm the device has been released, then reset again.
No access to the original ABM account
This is the harder case. Without ABM access, Apple will not remove DEP ownership, and the device may be considered non-transferable. Recyclers may only accept it as non-functional hardware. The lesson is preventive: maintain ABM access through every organizational transition, including divestitures, mergers, and IT vendor changes.
Why DEP Removal Matters for ITAD and Recycling
For certified ITAD partners, DEP status often determines whether an Apple device can be recovered for resale or has to be processed as scrap. Properly released devices extend their useful lifecycle, generate recovery value, and reduce e-waste. Locked devices do none of those things.
Maintain an accurate ABM inventory
Keep your DEP records in sync with your physical fleet so retirements can be processed without delay or missing records.
Remove DEP at employee exit
Build DEP release into your offboarding process so devices returned at separation are ready for redeployment or disposition immediately.
Verify status before resale
Confirm that DEP and MDM are both clear before any device leaves your control. A 30-second check prevents costly returns and customer disputes.
Partner with certified ITAD providers
Work with providers experienced in Apple device disposition who can validate DEP status, document the lifecycle, and handle the rare cases where access has been lost.
Frequently Asked Questions
Final Thoughts
Removing DEP protection is a small step with a large downstream impact. Skip it, and Apple devices come back as locked, unsellable inventory. Handle it correctly, and the same hardware moves smoothly into resale, redeployment, or certified recycling with no friction for the next owner.
The right approach is straightforward: release the device through Apple Business Manager, unassign it from MDM, perform a verified factory reset, and document the action as part of the asset's disposition record. Done consistently, this becomes a routine part of Apple device lifecycle management rather than a point of friction at end-of-life.