Is it possible to prevent users from deleting profiles on iOS devices?

  • Article ID: 118704
  • Updated: 06 Nov 2015


Users are able to delete configuration profiles on their iOS devices. Can this be prevented?

First seen in
Sophos Mobile Control

Operating systems


What To Do

You can protect configuration profiles with a password. To do so, configure the profile as follows:

- User can remove profile: with authentication

- Authentication password: <password>

This said, there's a limitation: There is no way to apply this protection to the MDM enrollment profile (bootstrap). This is due to a limitation of the MDM protocol by Apple and cannot be circumvented.

The user will always be able to remove the MDM enrollment profile and with this any other installed profile based on it.

As a device will then be no longer managed, it will also be no longer compliant and can no longer perform any Exchange Active Sync.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent