Category filter
How to make MDM profile non-removable on Windows PC
Organizations employ device management solutions to remotely administer and monitor corporate deployed endpoints. Hexnode manages Windows PCs via an MDM profile installed on the device during enrollment. Removing this profile from the device removes the MDM administration and hinders Hexnode’s remote server from remotely managing it. To restrain it from happening, the organization can block manual MDM profile removal from the PC via a restriction policy on Hexnode. Here’s how.
- Supported on Windows 10 and Windows 11 PC.
Prevent MDM profile removal
To block the end-users from manually removing the Hexnode administration from Windows PCs,
- Log in to your Hexnode console.
- Go to Policies tab.
- You can choose an existing policy or create a new one by clicking on New Policy.
- From Windows, choose Restrictions and click on Configure.
- Under Allow Security and Privacy Settings, uncheck the option Manual MDM administration removal.
- Save the policy.
Manual MDM administration removal can’t be prevented if the device is joined to Microsoft Entra ID.
Associate the policy with Windows PCs in Hexnode
If the policy has not yet been saved,
- Navigate to Policy Targets.
- Click on +Add Devices.
- Select the devices and click OK.
- Click Save
Apart from devices, you can also associate the policies with device groups, user and user groups from Policy Targets.
If the policy has been saved, you can associate it in either of the following two ways:
- From Policies, check the policies to be associated.
- Click on Manage → Associate Targets and select the devices.
- Apply the policy to the devices.
Or,
- From Manage tab, click on the device name for which the policy is to be associated.
- From Actions, choose Associate Policy.
- Select the policy and associate it with the device.
- If the user tries to disconnect the MDM profile from the device, a note specifying ‘This work or school account cannot be removed by system policy’ is shown.
