The irony being that it's extremely trivial to completely/permanently bypass MDM on a Mac, even if you have an M1/M2. Took me about five minutes (and was not complicated) when dealing with an old work laptop that I had personal info on (I know I know) that I wanted to be sure was wiped before returning it.
With apple DEP+MDM, You can wipe it no problem. It's trying to reinstall the OS and then activate it, is where it will fail. If you added your icloud account and turned on activation lock. The system is locked to your account. In that scenario, apple feels the device belongs to whoever locked it with their icloud account. Unless I can prove ownership of the device with a credit card statement, invoice, or MDM/DEP screenshots apple will tell me to kick rocks.
I was able to reinstall and reactivate it, and even add my personal iCloud account.
And it's actually absurdly easy (install older version of OS with three Apple DNS names blocked at your router/nameserver), then edit /etc/hosts similarly, and then you can upgrade all the way to Sonoma with everything functional, no alerts or warnings.
