Not able to remove mdm policy profile from Mac

expand collapsive

Hey all! Has someone faced any difficulty while trying to remove the mdm profiles from their macs?? Its been working fine a few months back, and now when I checked I’m not able to remove the profile from the device.

All Replies

  • Participant

    Pepijn

    Participant

    You will have an option inside Privacy Preferences. Click on Profiles, you can select a profile and click on the minus sign to remove the profile. This should work man. I usually do this on my macs

  • Hey Elena,

    Thank you for reaching out to us!

    Apple has restricted users from removing MDM policy profiles from devices running on macOS 10.15 (Catalina) and above. The minus sign that is usually used to remove the policy profile will remain non-functional and greyed out in these devices.

    However, the user will still be able to remove MDM profiles on macOS 10.15+ devices from System Preferences > Profiles. When removing an MDM profile, the user will be asked to enter the admin credentials. Hence, only an admin user can remove an MDM profile from a macOS device.

    Hope this answers your query.

    Cheers!
    Chris Coleman
    Hexnode UEM

  • Hi @Celine, you can use that option to restrict users from removing associated policies on your Mac by setting a passcode lock. However, this option works on macOS version 10.15 and below. The Ask for password when removing policy option for managed profiles is no longer supported from macOS 10.15. So, starting macOS 10.15, even if you apply ‘password lock’ to a policy, the user may remove the associated profiles by going to System Preferences > Profiles, selecting the profile and clicking on the button. The user will need to authorize the action by providing admin credentials.

    If you still want to prevent the user from removing your profiles or the MDM profile, you can restrict removing any managed profiles from the devices using the Prevent MDM profile removal options for supervised macOS devices enrolled via Apple DEP in Hexnode. You can apply this setting in three steps –

    1. Navigate to Admin > Apple Business/School Manager > Apple DEP, select DEP Configuration Profiles and configure a new profile or modify your existing DEP profile. 
    2. Enable device supervision and uncheck Allow MDM Profile Removal
    3. Associate this DEP profile, if not already done, with your devices. 

    This way, the profiles pushed to your managed devices cannot be removed by the user.

    Cheers!
    Zach Goodman
    Hexnode UEM

    • This reply was modified 2 years, 6 months ago by  Zach Goodman.
    • This reply was modified 2 years, 6 months ago by  Zach Goodman.
    • This reply was modified 2 years, 6 months ago by  Zach Goodman.
    • This reply was modified 2 years, 6 months ago by  Zach Goodman.
    • This reply was modified 2 years, 6 months ago by  Zach Goodman.