DEP Enrollment with Virtual Machines

I have a company-provided 2019 MacBook Pro that is enrolled in Apple DEP and has Jamf as the MDM provider. (OS Version is Big Sur, 11.6.2)

For a side project I created several virtual machines with Parallels and VirtualBox and it quickly turned into another kind of endeavour:

With VirtualBox, the OS setup never gets to the "remote management" step, just goes on like a generic Mac. But with Parallels, no matter what I do (in terms of configuration), it is always stuck at the "remote management" step. (Which I don't want.) I mean, I can opt into it with my VM but the setup won't let me go without it. This is never the case with VirtualBox.

This ingrigued me and I have been experimenting and researching about it. Because I am kind of new to the Apple world and want to learn more about it.

Question: How is this even possible? How does the VM (in Parallels) get aware of its outside world and is able to introduce itself (specifically) to my company's MDM server and more importantly how come there is no way to isolate the VM from the company?

Details:

I tried the OS installations with (what I believe to be) a clean ISO. Grabbed it from App Store and extracted the ISO using createinstallmedia utility through CLI.
In Parallels, actually, the VM is not readily able to grab the MDM profiles from the server. To obtain them, the machine must have a registered serial number and a correct device id, both of which are configurable within Parallels. During my research, I also verified this is really the case with Apple DEP. But this also means the virtual machine, by default, just has a generic serial number, yet it still able to identify itself with my company. (i.e. Requires the remote management step to be fulfilled.)

ANSWER

The reason is that Parallels VMs, by default, use the serial number of the physical machine they are running on, even if they are created on a different machine. Therefore, during OS installation, the installer contacts Apple with a real-world DEP-enrolled serial number. (While in VirtualBox the serial number is 0.) This results in DEP enforcement!

There is another parameter involved during installation, though, and it is the "model identifier" and Parallels do not copy it. Therefore, despite being DEP enrolled and enforced at this stage of the installation, the setup cannot continue because the MDM provider (Jamf, here) refuses to serve the machine with the profile because of the model identifier mismatch.

SOLUTION

Solution is to set those two parameters manually for your desired outcome. If you want DEP enrollment, you need a real, registered serial number and a corresponding model identifier. If you DO NOT want to enroll with DEP but want a clean, generic MacOS installation (which was my original goal), then you need to change your serial number to a non-registered one.

Detailed Instructions for Manipulating Serial Number in Parallels
Instructions for Enrollment with a Parallels VM