Category Filter
How to make MDM profile non-removable on iOS devices
Apple allows preventing the removal of MDM profile only if the profile is linked to a device:
- Enrolled with Apple Device Enrollment Program (DEP).
- Added to Apple DEP using Apple Configurator.
Notes:
- The iOS devices must be supervised to make MDM profile non-removable.
- If the device was added to DEP via Apple Configurator, there would be a provisional period of 30 days. During this period, the users are free to remove the MDM profile.
Configure non-removable MDM profile Using Apple DEP
To prevent users from removing the MDM profile, enroll the devices via DEP. On the DEP enrollment profile settings (Admin > Apple Business/School Manager > Apple DEP > DEP Configuration Profiles), there is an option “Allow MDM profile removal”. Disabling this option makes the MDM profile non-removable on iOS devices. Enrolling devices using this profile will prevent end-users from removing it from the device. Otherwise, iOS as a platform does not provide a means to restrict removal.
- Login to your Hexnode MDM portal.
- Navigate to Admin > Apple Business/School Manager > Apple DEP.
- Select DEP Configuration Profiles.
- Click on Default DEP profile or on Configure DEP profile to create a new profile.
- Uncheck the option Allow MDM profile removal. Click Save.
Associate DEP profile with enrolled iOS devices
Once the configuration profile is saved, associate it with the enrolled device(s).
- Navigate to Admin > Apple Business/School Manager > Apple DEP.
- Select DEP Devices. Choose any device(s).
- Click Associate DEP Profile button on the top
- Search for the configuration profile you just created and click on Assign.
