From the UEM console, you can view the password of the macOS device admin account that is created during the DEP enrollment. To help re-secure the admin accounts, these passwords are automatically rotated 8 hours after they are accessed.

To view the password in Device Details:

Prerequisites

  • Device must be DEP enrolled with a DEP profile with the Unique Random Password enabled for the admin account.

Procedure

  1. Navigate to Device > List View and select a macOS device.
  2. Select the Security tab and then select View Admin Password under the Managed Admin User section. The View Admin Password page appears displaying the current password with the timestamp it was set. You can also view the password using the following API:
    GET /api/mdm/devices/<DeviceUUID>/security/managed-admin-information

What to do next

When the admin password is viewed from the Device Details page on the UEM console or accessed using an API, an MDM command is automatically queued to rotate the admin password after 8 hours. The event logs show logs for when the password was accessed and when it was rotated in the Troubleshooting section.
Note: Alternatively, the following API can also be used to rotate passwords on-demand:
POST /api/mdm/devices/<DeviceID>/commands?command=RotateDEPAdminPassword