How to restrict users from removing MDM administration?
MDM simplifies your work by helping you manage your devices. You can only manage your devices as long as they are enrolled in your MDM. In case a user disenrolls a device, then you would no longer be able to manage the device, and you would get a message showing “Agent Removed” on the device details page. So how can we prevent the users from revoking management?
Corporate devices are owned by the enterprise and should be managed all the time. These devices should be able to prevent users from revoking management. This can be accomplished by using various corporate enrollment methods. These methods prevent the user from removing the management profile even if the device has been factory reset. The device automatically gets re-enrolled in the MDM after the factory reset.
- Restriction can be applied to prevent the users from removing management. You can enable the restriction from Policies > Windows > Restrictions > Allow Security and Privacy Settings > Manual MDM administration removal.
Hexnode MDM supports BYOD, so your enterprise will also have personal devices in play. Since they are personal devices, it isn’t practical to restrict a user from removing management. But we can notify the admin through email when a device is disenrolled. The notification settings would be enabled as default, but you can manage the notifications by navigating to Admin > Notifications > Notify the administrators on > MDM agent removed from the device.
We also provide a configuration to prevent the removal of management on Samsung Knox and LG Gate devices. You would be able to enable the restriction by navigating to Policies > Android > Restrictions > Basic > Security Options > Allow MDM Administration removal.
Hexnode also helps you keep track of your devices by providing detailed reports. You can view the list of inactive devices on your portal by navigating to Reports > Device Reports > Inactive Devices.