Is it possible to prevent users from deleting profiles on iOS devices?

  • Article ID: 118704
  • Updated: 24 Sep 2014

Issue

Users are able to delete configuration profiles on their iOS devices. Can this be prevented?

First seen in

Sophos Mobile Control

Operating systems
iOS

 

What To Do

You can protect configuration profiles with a password. To do so, configure the profile as follows:

- User can remove profile: with authentication

- Authentication password: <password>

This said, there's a limitation: There is no way to apply this protection to the MDM enrollment profile (bootstrap). This is due to a limitation of the MDM protocol by Apple and cannot be circumvented.

The user will always be able to remove the MDM enrollment profile and with this any other installed profile based on it.

As a device will then be no longer managed, it will also be no longer compliant and can no longer perform any Exchange Active Sync.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments