How to make MDM profile non-removable on iOS devices

Apple allows preventing the removal of MDM profile only if the profile is linked to a device:

1. Enrolled with Apple Device Enrollment Program (DEP).
2. Added to Apple DEP using Apple Configurator.

Configure non-removable MDM profile Using Apple DEP

To prevent users from removing the MDM profile, enroll the devices via DEP. On the DEP enrollment profile settings (Admin > Apple Business/School Manager > Apple DEP > DEP Configuration Profiles), there is an option “Allow MDM profile removal”. Disabling this option makes the MDM profile non-removable on iOS devices. Enrolling devices using this profile will prevent end-users from removing it from the device. Otherwise, iOS as a platform does not provide a means to restrict removal.

1. Login to your Hexnode MDM portal.
2. Navigate to Admin > Apple Business/School Manager > Apple DEP.
3. Select DEP Configuration Profiles.
4. Click on Default DEP profile or on Configure DEP profile to create a new profile.
5. Uncheck the option Allow MDM profile removal. Click Save.

Associate DEP profile with enrolled iOS devices

Once the configuration profile is saved, associate it with the enrolled device(s).

1. Navigate to Admin > Apple Business/School Manager > Apple DEP.
2. Select DEP Devices. Choose any device(s).
3. Click Associate DEP Profile button on the top
4. Search for the configuration profile you just created and click on Assign.

What happens at the device end?

The option to remove MDM profiles from the device can be found under Settings > General > Device Management. To delete a profile, users may click on the profile and select Remove Management.

When this configuration is applied, the option to remove the profile will no longer be available to the user.