locked
How do you prevent corporate device users from unenrolling their devices? RRS feed

  • Question

  • Probably a really basic question but I cannot see how this can be achieved for Android & iOS devices?

    How & where do you prevent corporate device users from unenrolling their devices?

    Friday, July 10, 2015 12:01 PM

Answers

All replies

  • Friday, July 10, 2015 2:24 PM
  • Remember ultimately that although the users are corporate users, the devices are not; the devices are consumer grade devices designed for use by consumers not necessarily by corporate users and thus the user has ultimate control.

    For iOS devices, you can however use the Apple Configurator to set the devices into supervised mode which more or less turns them into corporate devices and locks them down so that their configuration, including the management profile, cannot be changed. Alternatively, you can sign up for Apple's Device Enrollment Program (DEP) which registers the devices to your corporate MDM (Intune in this case) from the factory and can also enable supervision on the device.

    There is no equivalent on the Android side.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Friday, July 10, 2015 2:41 PM
  • For some odd reason.....my iOS device doesn't have the option to remove or reset when I am on that device. All the other users devices that are already managed have this option. When I am in the Comp Portal app and tap on the other devices listed under my name, I have the option to remove or reset. It seems to have disappeared sometime during adding custom policies to the device and I'm trying to figure out what policy it was that caused this.  I have added custom policies created in Apple Configurator for mail, wifi, and web clip so it could be any one of those. 

    I'm working with support to figure out what caused those two options to be removed and once I figure it out, I'll post it here.

    I can however still go into Settings->General and remove the management profile without issue.

    To completely block the user from unenrolling you wold have to make it so the user would be unable to remove the profile from the device.

    Sunday, July 12, 2015 5:19 PM