HexCon is coming to NYC. Catch the early-bird price before the time's up! Book me a spot
Connect
Ask Community
Ask the community
Ask Community
  • Home
  • macOS
  • Apple Configurator: Prevent users from releasing devices from ABM

Apple Configurator: Prevent users from releasing devices from ABMSolved

Profile photo of frida
frida
Participant
Discussion
Hexnode UEM
2 months ago
Save Saved
Copy link
Report

Hi there!  

I’m currently enrolling our company’s Apple devices into Apple Business Manager (ABM) and noticed that users can remove ABM and UEM supervision on their own. We’re managing these devices with Hexnode UEM.  

Is there a way to restrict users from removing supervision? These devices are corporate-owned, and we need to ensure supervision remains in case they’re stolen or reset by end users. 

 

0 Upvotes
131 Views

Tags

ABM (25) DEP (29)
Reply

Replies (4)

Oldest First
Oldest First
Newest First
Marked SolutionPending Review
Profile photo of rebecca Novice image
rebecca
Participant
2 months ago
Marked SolutionPending Review
Copy link
Report

Hey @Frida ! 

To prevent users from removing devices from ABM, you could enroll them and let them sit unused for 30 days. After this period, users will no longer have the option to release them from ABM.  

0 Upvotes
Reply
Marked SolutionPending Review
Profile photo of ben_clarke Hexnode Expert image
ben_clarke
Hexnode Expert
1 month ago
Marked SolutionPending Review
Copy link
Report

Hi @Frida !  

@Rebecca ‘s solution is spot on. Let me give you more clarification on this.  

When a device is assigned and enrolled in MDM which is linked to ABM, there is a 30-day provisional period where users can release it from ABM and Hexnode UEM supervision. After the 30-day period, for devices added with Apple Configurator, the supervision can only be removed from ABM, not from the device end.  

To ensure even greater control and prevent users from removing supervision, you can enroll your devices through an authorized Apple reseller. These authorized vendors can directly enroll the devices into ABM, which skips the 30-day provisional period. This means that supervision and management via Hexnode UEM can be enforced immediately, and users won’t have the option to release the devices from ABM at any point. This method is highly recommended for corporate-owned devices to maintain supervision and security. 

0 Upvotes
Reply
Marked SolutionPending Review
Profile photo of dylan Novice image
dylan
Participant
1 month ago
Marked SolutionPending Review
Copy link
Report

Hello!  

I have a question regarding the configuration of DEP in the Hexnode UEM portal. There is an option called “Allow MDM Profile Removal”. If I don’t check that box, will it stop the device from being removed from ABM? 

0 Upvotes
Reply
Marked SolutionPending Review
Profile photo of ben_clarke Hexnode Expert image
ben_clarke
Hexnode Expert
1 month ago
Marked SolutionPending Review
Copy link
Report

You’ve got a great question there @Dylan ! 

When you uncheck the “Allow MDM profile removal” option in the Hexnode UEM portal, you’re essentially disallowing users from having the authorization to remove their devices from Hexnode UEM. However, this setting doesn’t have any influence on the device’s removal from ABM. 

I hope this clears things up for you. If you have any more questions, feel free to ask. 

Best regards, 
Ben Clarke 
Hexnode UEM 

0 Upvotes
Reply
Load more
Related Topics

Leaderboard

Profile photo of kipp Veteran image
kipp
325 pts
Profile photo of eugene Veteran image
eugene
309 pts
Profile photo of aaron Veteran image
aaron
287 pts
Profile photo of damaris Novice image
damaris
250 pts
Profile photo of aaghosh-tk Novice image
aaghosh-tk
244 pts
View all

Popular Tags

ABM (25)
Android (271)
iOS (215)
macOS (250)
Windows (145)
Apple TV (15)
App Management (238)
Enrollment (50)
Location (19)
Kiosk (144)
Scripts (54)
DEP (29)
OS Updates (51)
Android Enterprise (61)
View all