Apple allows preventing the removal of MDM profile only if the profile is linked to a device
- Enrolled with Apple Device Enrollment Program (DEP).
- Added to Apple DEP using Apple Configurator.
Note:
- The devices must be supervised.
- If the device was added to DEP via Apple Configurator, there will be a provisional period and during the provisional period, the users are free to remove the MDM profile.
Prevent MDM Profile Removal Using DEP
To prevent users from removing the MDM profile, enroll the devices via DEP. On the DEP enrollment profile settings (Admin > Apple Business/School Manager > Apple DEP > DEP Policy), there is an option “Allow MDM profile removal”. Disabling this option helps you prevent profile removal. Enrolling devices using this profile will prevent the end users from removing it from Management. Otherwise, iOS as a platform does not provide means to restrict removal.
- Login to your Hexnode MDM portal.
- Navigate to Admin > Apple Business/School Manager > Apple DEP.
- Select DEP Policy.
- Choose an existing DEP profile from the list or click on Add policy to create a new profile.
- Uncheck the option Allow MDM profile removal and click Save.
- Now click on DEP settings (gear icon) placed at the top right corner of the Hexnode console.
- Choose the DEP profile previously created as the Default Policy from the drop-down list and click Save.
- Click on Sync DEP at the top right corner of the console.
