Not able to remove mdm policy profile from Mac

Avatar
expand collapsive

Hey all! Has someone faced any difficulty while trying to remove the mdm profiles from their macs?? Its been working fine a few months back, and now when I checked I’m not able to remove the profile from the device.

All Replies

  • Avatar

    Pepijn

    Participant

    Pepijn

    Participant

    You will have an option inside Privacy Preferences. Click on Profiles, you can select a profile and click on the minus sign to remove the profile. This should work man. I usually do this on my macs

  • Avatar

    Amelia Smith

    Participant

    Amelia Smith

    Participant

    Yeah lately even in my macs, the minus sign is not functioning. Is this an MDM issue or does it have to do anything with Apple? Any help would be really appreciated!

  • Avatar

    Elena

    Participant

    Elena

    Participant

    I have tried clicking on the minus sign and it seems to be greyed out now. Is there some setting that I should enable in order to bring back this function?

  • Chris Coleman

    Chris Coleman

    Hexnode

    Chris Coleman

    Moderator

    Hey Elena,

    Thank you for reaching out to us!

    Apple has restricted users from removing MDM policy profiles from devices running on macOS 10.15 (Catalina) and above. The minus sign that is usually used to remove the policy profile will remain non-functional and greyed out in these devices.

    However, the user will still be able to remove MDM profiles on macOS 10.15+ devices from System Preferences > Profiles. When removing an MDM profile, the user will be asked to enter the admin credentials. Hence, only an admin user can remove an MDM profile from a macOS device.

    Hope this answers your query.

    Cheers!
    Chris Coleman
    Hexnode UEM

  • Avatar

    Elena

    Participant

    Elena

    Participant

    Hey Chris, thanks for the update man! Bye.

  • Celine

    Celine

    Participant

    Celine

    Participant

    Can we block users from removing the MDM profile with the ‘Ask for a password when removing policy’ restriction policy?

  • Zach Goodman

    Zach Goodman

    Hexnode

    Zach Goodman

    Moderator

    Hi @Celine, you can use that option to restrict users from removing associated policies on your Mac by setting a passcode lock. However, this option works on macOS version 10.15 and below. The Ask for password when removing policy option for managed profiles is no longer supported from macOS 10.15. So, starting macOS 10.15, even if you apply ‘password lock’ to a policy, the user may remove the associated profiles by going to System Preferences > Profiles, selecting the profile and clicking on the button. The user will need to authorize the action by providing admin credentials.

    If you still want to prevent the user from removing your profiles or the MDM profile, you can restrict removing any managed profiles from the devices using the Prevent MDM profile removal options for supervised macOS devices enrolled via Apple DEP in Hexnode. You can apply this setting in three steps –

    1. Navigate to Admin > Apple Business/School Manager > Apple DEP, select DEP Configuration Profiles and configure a new profile or modify your existing DEP profile. 
    2. Enable device supervision and uncheck Allow MDM Profile Removal
    3. Associate this DEP profile, if not already done, with your devices. 

    This way, the profiles pushed to your managed devices cannot be removed by the user.

    Cheers!
    Zach Goodman
    Hexnode UEM