Good morning
Thank you for taking the time to review my post and for possibly answering my question.
Our Active Directory and Security team have set a policy that disables a user in AD when an account is deemed "At Risk".
Once the user is disabled in AD, after a short while an instruction is sent to all iPads (up to 4) enrolled with that account causing them to Enterprise wipe. Our enrolment process is manual and once the iPads are wiped, it's tiresome guiding the end user through the enrolment process.
The AD&S team won't change their policy, and the user would only remain disabled for a few hours, possibly a few days (over the weekend). Is there a way to stop the Enterprise Wipe from happening in the first place?
Or am I looking at this wrong, and there's a better solution?
Kind Regards,
Justin
I believe you have "Automatically Sync Enabled Or Disabled User Status" setting enabled.
So, when a user is disabled, his device will be automatically unenrolled.
Default behaviour for devices registered to inactive users is Enterprise Wipe as described here:
https://kb.vmware.com/s/article/50120774
However, even though not described properly in the below doc link, this can be set to "Restrict Additional Device Enrollment" which will suit your needs.