Reply To: Not able to remove mdm policy profile from Mac

#12817
Zach GoodmanZach Goodman
Moderator
5 pts

Hi @Celine, you can use that option to restrict users from removing associated policies on your Mac by setting a passcode lock. However, this option works on macOS version 10.15 and below. The Ask for password when removing policy option for managed profiles is no longer supported from macOS 10.15. So, starting macOS 10.15, even if you apply ‘password lock’ to a policy, the user may remove the associated profiles by going to System Preferences > Profiles, selecting the profile and clicking on the button. The user will need to authorize the action by providing admin credentials.

If you still want to prevent the user from removing your profiles or the MDM profile, you can restrict removing any managed profiles from the devices using the Prevent MDM profile removal options for supervised macOS devices enrolled via Apple DEP in Hexnode. You can apply this setting in three steps –

  1. Navigate to Admin > Apple Business/School Manager > Apple DEP, select DEP Configuration Profiles and configure a new profile or modify your existing DEP profile. 
  2. Enable device supervision and uncheck Allow MDM Profile Removal
  3. Associate this DEP profile, if not already done, with your devices. 

This way, the profiles pushed to your managed devices cannot be removed by the user.

Cheers!
Zach Goodman
Hexnode UEM

  • This reply was modified 2 weeks, 5 days ago by Zach GoodmanZach Goodman.
  • This reply was modified 2 weeks, 5 days ago by Zach GoodmanZach Goodman.
  • This reply was modified 2 weeks, 5 days ago by Zach GoodmanZach Goodman.
  • This reply was modified 2 weeks, 3 days ago by Zach GoodmanZach Goodman.
  • This reply was modified 2 weeks, 3 days ago by Zach GoodmanZach Goodman.