Category filter
Configuration profile to disable erase all content and settings option on iOS devices
The Erase All Content and Settings option on iOS devices is a feature used to reset the device to its factory state by wiping all data and settings. It is used for troubleshooting or preparing a device for resale. However, this option on corporate-owned devices poses significant risks, potentially leading to the misuse of devices. Disabling this option becomes crucial, especially when a corporate device is stolen, and unauthorized persons attempt to reset it. IT administrators can utilize a custom configuration profile to disable the Erase All Content and Settings option on their organization’s iOS devices. To deploy this configuration to devices, administrators can use Hexnode’s Deploy Custom Configuration feature.
The sample configuration profile provided below is created using various profile creator applications.
This configuration profile can be used on devices running iOS 8.0 and above.
Disable erase all content and settings
The option Erase All Content and Settings found in the settings menu of iOS devices, allows users to completely wipe all data, apps, and settings from the device, effectively restoring the device to factory settings.
Use the following configuration profile to disable Erase All Content and Settings option on iOS devices.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDescription</key> <string>This configuration profile disables Erase All Content and Settings option</string> <key>PayloadDisplayName</key> <string>Restrictions</string> <key>PayloadIdentifier</key> <string>com.example.restrictions</string> <key>PayloadType</key> <string>com.apple.applicationaccess</string> <key>PayloadUUID</key> <string>52378973-A9C5-4F44-A7FA-5C92B1532106</string> <key>PayloadVersion</key> <integer>1</integer> <key>allowEraseContentAndSettings</key> <false/> </dict> </array> <key>PayloadDisplayName</key> <string>Disable Erase All Content and Settings</string> <key>PayloadIdentifier</key> <string>com.example.profile</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>0B9BA432-CC74-4C87-B48F-FA26953F8444</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> |
What happens at the device end?
When allowEraseContentAndSettings is set to false, it disables the Erase All Content and Settings option on the device. This prevents users from erasing all content and settings, causing the option to be greyed out once the configuration profile is applied.
- To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
- Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
- Ensure that you do not associate conflicting configurations with the devices.
- Use wildcards to fetch key values from the portal.
- It is recommended to manually validate the configuration profile on a system before executing it in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.
