Category Filter

How to make MDM profile non-removable on Windows PC

Hexnode provides an option to make the MDM profile non-removable on Windows devices. This allows the organization to obtain control over the device and the user won’t be able to remove MDM profile from the device without the administrator’s permission.


  • Supported only on Windows 10 PC.
  • Available only on Ultimate and Ultra pricing plans.

Prevent MDM profile removal

  1. Log in to your Hexnode console.
  2. Go to Policies tab.
  3. You can choose an existing policy or create a new one by clicking on New Policy.
  4. From Windows, choose Restrictions and click on Configure.
  5. Under Allow Security and Privacy Settings, uncheck the option Manual MDM administration removal.
  6. Save the policy.

Manual MDM administration removal can’t be prevented if the device is joined to Azure AD.

To Associate Policies to Devices

If the policy has not yet been saved,

  1. Navigate to Policy Targets.
  2. Click on +Add Devices.
  3. Select the devices and click OK.
  4. Click Save

Apart from devices, you can also associate the policies with device groups, user and user groups from Policy Targets.

If the policy has been saved, you can associate it in either of the following two ways:

First method:

  1. From Policies, check the policies to be associated.
  2. Click on Manage → Associate Targets and select the devices.
  3. Click on Associate to apply the policy to the devices.

Second method:

  1. From Manage tab, click on the device name for which the policy is to be associated.
  2. From Actions, choose Associate Policy.
  3. Select the policy and click Associate.


  • If the user tries to disconnect the MDM profile from the device, a note specifying ‘This work or school account cannot be removed by system policy’ is shown.