How to make MDM profile non-removable on Windows PC

Organizations employ device management solutions to remotely administer and monitor corporate deployed endpoints. Hexnode manages Windows PCs via an MDM profile installed on the device during enrollment. Removing this profile from the device removes the MDM administration and hinders Hexnode’s remote server from remotely managing it. To restrain it from happening, the organization can block manual MDM profile removal from the PC via a restriction policy on Hexnode. Here’s how.

Prevent MDM profile removal

To block the end-users from manually removing the Hexnode administration from Windows PCs,

1. Log in to your Hexnode console.
2. Go to Policies tab.
3. You can choose an existing policy or create a new one by clicking on New Policy.
4. From Windows, choose Restrictions and click on Configure.
5. Under Allow Security and Privacy Settings, uncheck the option Manual MDM administration removal.
6. Save the policy.

Associate the policy with Windows PCs in Hexnode

If the policy has not yet been saved,

1. Navigate to Policy Targets.
2. Click on +Add Devices.
3. Select the devices and click OK.
4. Click Save

Apart from devices, you can also associate the policies with device groups, user and user groups from Policy Targets.

If the policy has been saved, you can associate it in either of the following two ways:

1. From Policies, check the policies to be associated.
2. Click on Manage → Associate Targets and select the devices.
3. Apply the policy to the devices.

Or,

1. From Manage tab, click on the device name for which the policy is to be associated.
2. From Actions, choose Associate Policy.
3. Select the policy and associate it with the device.