Not able to remove mdm policy profile from MacSolved

Participant
Discussion
3 years ago

Hey all! Has someone faced any difficulty while trying to remove the mdm profiles from their macs?? Its been working fine a few months back, and now when I checked I’m not able to remove the profile from the device.

Replies (7)

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

You will have an option inside Privacy Preferences. Click on Profiles, you can select a profile and click on the minus sign to remove the profile. This should work man. I usually do this on my macs

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

Yeah lately even in my macs, the minus sign is not functioning. Is this an MDM issue or does it have to do anything with Apple? Any help would be really appreciated!

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

I have tried clicking on the minus sign and it seems to be greyed out now. Is there some setting that I should enable in order to bring back this function?

Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review

Hey Elena,

Thank you for reaching out to us!

Apple has restricted users from removing MDM policy profiles from devices running on macOS 10.15 (Catalina) and above. The minus sign that is usually used to remove the policy profile will remain non-functional and greyed out in these devices.

However, the user will still be able to remove MDM profiles on macOS 10.15+ devices from System Preferences > Profiles. When removing an MDM profile, the user will be asked to enter the admin credentials. Hence, only an admin user can remove an MDM profile from a macOS device.

Hope this answers your query.

Cheers!
Chris Coleman
Hexnode UEM

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

Hey Chris, thanks for the update man! Bye.

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

Can we block users from removing the MDM profile with the ‘Ask for a password when removing policy’ restriction policy?

Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review

Hi @Celine, you can use that option to restrict users from removing associated policies on your Mac by setting a passcode lock. However, this option works on macOS version 10.15 and below. The Ask for password when removing policy option for managed profiles is no longer supported from macOS 10.15. So, starting macOS 10.15, even if you apply ‘password lock’ to a policy, the user may remove the associated profiles by going to System Preferences > Profiles, selecting the profile and clicking on the button. The user will need to authorize the action by providing admin credentials.

If you still want to prevent the user from removing your profiles or the MDM profile, you can restrict removing any managed profiles from the devices using the Prevent MDM profile removal options for supervised macOS devices enrolled via Apple DEP in Hexnode. You can apply this setting in three steps –

  1. Navigate to Admin > Apple Business/School Manager > Apple DEP, select DEP Configuration Profiles and configure a new profile or modify your existing DEP profile. 
  2. Enable device supervision and uncheck Allow MDM Profile Removal
  3. Associate this DEP profile, if not already done, with your devices. 

This way, the profiles pushed to your managed devices cannot be removed by the user.

Cheers!
Zach Goodman
Hexnode UEM

  • This reply was modified 3 years, 3 months ago by  Zach.
  • This reply was modified 3 years, 3 months ago by  Zach.
  • This reply was modified 3 years, 3 months ago by  Zach.
  • This reply was modified 3 years, 3 months ago by  Zach.
  • This reply was modified 3 years, 3 months ago by  Zach.
Save