Apple Configurator: Prevent users from releasing devices from ABMSolved

Participant
Discussion
6 months ago

Hi there!  

I’m currently enrolling our company’s Apple devices into Apple Business Manager (ABM) and noticed that users can remove ABM and UEM supervision on their own. We’re managing these devices with Hexnode UEM.  

Is there a way to restrict users from removing supervision? These devices are corporate-owned, and we need to ensure supervision remains in case they’re stolen or reset by end users. 

 

Replies (4)

Marked SolutionPending Review
Participant
6 months ago
Marked SolutionPending Review

Hey @Frida ! 

To prevent users from removing devices from ABM, you could enroll them and let them sit unused for 30 days. After this period, users will no longer have the option to release them from ABM.  

Marked SolutionPending Review
Hexnode Expert
6 months ago
Marked SolutionPending Review

Hi @Frida !  

@Rebecca ‘s solution is spot on. Let me give you more clarification on this.  

When a device is assigned and enrolled in MDM which is linked to ABM, there is a 30-day provisional period where users can release it from ABM and Hexnode UEM supervision. After the 30-day period, for devices added with Apple Configurator, the supervision can only be removed from ABM, not from the device end.  

To ensure even greater control and prevent users from removing supervision, you can enroll your devices through an authorized Apple reseller. These authorized vendors can directly enroll the devices into ABM, which skips the 30-day provisional period. This means that supervision and management via Hexnode UEM can be enforced immediately, and users won’t have the option to release the devices from ABM at any point. This method is highly recommended for corporate-owned devices to maintain supervision and security. 

Marked SolutionPending Review
Participant
6 months ago
Marked SolutionPending Review

Hello!  

I have a question regarding the configuration of DEP in the Hexnode UEM portal. There is an option called “Allow MDM Profile Removal”. If I don’t check that box, will it stop the device from being removed from ABM? 

Marked SolutionPending Review
Hexnode Expert
6 months ago
Marked SolutionPending Review

You’ve got a great question there @Dylan ! 

When you uncheck the “Allow MDM profile removal” option in the Hexnode UEM portal, you’re essentially disallowing users from having the authorization to remove their devices from Hexnode UEM. However, this setting doesn’t have any influence on the device’s removal from ABM. 

I hope this clears things up for you. If you have any more questions, feel free to ask. 

Best regards, 
Ben Clarke 
Hexnode UEM 

Save