Hey @skylar-a , the option to remove the MDM profile from the device is found under Settings > General > VPN and Device Management. Here the user would have selected the installed profile and clicked on “Remove Management” which immediately removes the profile from the device and takes it out of management. Since you’ve mentioned enrolling the devices and adding them to DEP via Apple Configurator, it seems that during the DEP configuration, you might have overlooked the option to make the MDM profile non-removable. Here’s how you can enable the option,
- Log in to your Hexnode UEM portal.
- Go to Admin > Apple Business/School Manager > Apple DEP > DEP Configuration Profiles.
- You can click on your existing configuration profile or click Configure DEP Profile to create a new DEP profile.
- Here, you can uncheck the option Allow MDM profile removal. Then, click Save.
- To associate the DEP profile with your devices, go to DEP devices and select the devices.
- Then, click on Associate DEP Profile and select your configuration profile. Finally, click on Assign.
After following the steps above, you’ll need to wipe all the devices and re-enroll them for the configuration profile to apply to each one. On doing so you would find that the user would not be able to find the option “Remove Management” under Settings > General > VPN and Device Management.
Also, please note that while adding devices to DEP through Apple Configurator there is a provisional period of 30 days during which the users are free to remove the MDM profile. To prevent this, it is recommended to distribute new devices to students only after the 30-day period has passed, so that the MDM profile cannot be removed.
26 Views
