VMware Workspace ONE Community
AdiNugrahaTjand
Enthusiast
Enthusiast
‎08-21-2019 02:39 AM
Jump to solution

Restrict iOS MDM profile removal without DEP

Hello,

I'm looking for a way to restrict MDM profile removal on an iOS device, my search so far has pointed out to DEP, but unfortunately DEP is not available in my country right now, does anyone know / have experience with restricting MDM profile removal with Apple Configurator  ? any guide / article I can use to set it up ?
Labels (1)
Labels
0 Kudos
1 Solution

Accepted Solutions
RicardoPachecoR
Enthusiast
Enthusiast
‎08-21-2019 10:41 AM
Jump to solution

Ok. No DEP is going to be hard to achieve your goal. You may be able to set the profile to Never remove, or Allow removal with Authorization, and set a password. You could also create a Restriction to disable ' Erase All Content and Settings' . However, that can be easily bypassed by setting the iPad in Recovery mode and performing a device Restore. An option would be to use Activation Lock on the devices. DISCLAIMER: I tried to set it up a couple of years ago, but was not able to. Shortly after, I was able to setup DEP, so I didn't try again. NOTE: The iPads could still be wiped, but without the email address and password associated with the devices, the device is useless. The devices can still walk away.


View solution in original post

0 Kudos
2 Replies
RicardoPachecoR
Enthusiast
Enthusiast
‎08-21-2019 10:41 AM
Jump to solution

Ok. No DEP is going to be hard to achieve your goal. You may be able to set the profile to Never remove, or Allow removal with Authorization, and set a password. You could also create a Restriction to disable ' Erase All Content and Settings' . However, that can be easily bypassed by setting the iPad in Recovery mode and performing a device Restore. An option would be to use Activation Lock on the devices. DISCLAIMER: I tried to set it up a couple of years ago, but was not able to. Shortly after, I was able to setup DEP, so I didn't try again. NOTE: The iPads could still be wiped, but without the email address and password associated with the devices, the device is useless. The devices can still walk away.


0 Kudos
AdiNugrahaTjand
Enthusiast
Enthusiast
‎08-22-2019 12:07 AM
Jump to solution

Was afraid of that, setting the profile to never remove will only restrict users from removing profiles pushed from ws1, the users can still remove the MDM / Workspace One Profile from the settings.

thanks for replying and confirming the need for DEP
0 Kudos