What are the mdmclient processes?

You may see processes with the mdmclient prefix in Activity Monitor, especially on work-issued Macs.

What is mdmclient?

mdmclient is the Mobile Device Management client built into macOS. It talks to your organisation's MDM server, the system IT departments use to manage company devices from afar. Despite the word "mobile" in the name, MDM is used for Macs, iPhones, and iPads alike.

What does it do?

mdmclient handles:

• Receiving and applying configuration profiles from the MDM server
• Installing apps and updates pushed by IT
• Enforcing security policies (encryption, password rules, screen lock)
• Reporting device status back to the MDM server (inventory, compliance)
• Processing remote commands (lock, erase, install profile)
• Managing certificates and credentials

Common mdmclient processes include:

• mdmclient.daemon: the main system-level MDM client
• mdmclient.agent: the user-level part

Is my Mac managed?

If your Mac was given to you by your employer, it is likely enrolled in MDM. You can check:

• System Settings, then General, then Profiles shows installed configuration profiles
• System Settings, then General, then About, then MDM shows MDM enrolment status

You can also run:

profiles status -type enrollment

Can I remove MDM?

If your Mac is supervised (enrolled through Apple Business Manager or Apple School Manager), you cannot remove MDM without your organisation's approval. This is by design. It stops theft of corporate devices and keeps security policies in place.

If you enrolled by hand, you may be able to remove the MDM profile, but this might break your organisation's policies.

Should you worry?

No. MDM is normal for corporate device management. If you see mdmclient on a personal Mac that you did not enrol in any management system, look into it. Check for unfamiliar profiles in System Settings.

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.

Tags