The single best feature of macOS Monterey, in the eyes of the Mac Admin, is without question the arrival of Erase All Contents & Settings (styled EACS, pronounced “Eeks”), which allows a Mac Admin to restore a properly-equipped Mac computer to the Setup Assistant with no user data remaining in 5 minutes or less. This feature is a massive time-saver for Mac Admins, a huge boon to the average user looking to part ways with their device quickly and securely, and represents a huge step forward for return to service workflows.

What does EACS require to work?

EACS requires a few conditions in order to work correctly:

• The Mac computer must be running macOS 12 Monterey at the time of operation
• The Mac computer must have an Apple silicon process, or an Intel processor with a T2 coprocessor

What documentation does Apple provide?

Apple provides some good documentation around this feature. For end users that want to erase their Mac computer, they can trigger EACS directly from System Preferences. Apple has provided additional documentation for MDM vendors related to the Erase Device command.

What happens if things don’t go as planned with EACS?

In the event that EACS does not complete as expected, what the system does will be determined by the default behavior, and the ObliterationBehavior command argument as supplied by the MDM. During EACS, there is a preflight conducted on the system, and that preflight can succeed (which will result in EACS), or it can fail, which will conduct the assigned ObliterationBehavior.

If the command is sent with the behavior set to DoNotObliterate, the system will just error back to the MDM, but do nothing to the device. There are very few scenarios that I can imagine where this behavior is desirable, but if you happen to have one of those, changing the Erase Device command to include this behavior.

If the command is sent with the behavior set to ObliterateWithWarning, the device will log an acknowledgement with the MDM before completing the task, which will erase the device completely, OS included. Under this circumstance, your MDM will understand that the device was not in a state where EACS was possible, and that the device is in a state where it would be totally wiped.

If the command is set without a behavior set, the device will execute the default behavior, which will log an error with the MDM, including an ErrorChain, before completing the task, which will erase the device completely, OS included.

I can’t quite derive the importance of the difference between ObliterateWithWarning and the Default behaviors, as both items will result in a wiped system, but the logging will be slightly different. I will update this post if that becomes clearer.