How to prevent user from removing device from management?

1 follower Follow
1
Avatar

There are some differences in the possibilities to do this on between device platforms (Android, iOS and Windows Phone), so here are the options for each platform:

Android

  • On Samsung devices (SAFE/KNOX enabled) you can do this with restrictions configuration profile Restrictions (Samsung). This configuration profile has a setting Device administration removal. After this configuration has been applied to Samsung Android device, the user cannot remove the device administrator permissions of Miradore Online client. This also effectively prevents client uninstallation, as you cannot uninstall any application currently holding device administrator privileges. For more information about restrictions, please see: http://onlinesupport.miradore.com/hc/en-us/articles/204739522-Restrictions-for-Android
  • For other Android device manufacturers as well as for Samsung devices, we can provide Work managed device (aka Device owner mode) -mode via Android for Enterprise to prevent the device from management: https://onlinesupport.miradore.com/hc/en-us/articles/115001335365-How-to-enroll-work-managed-devices

iOS

  • Only way to prevent end user from removing the device management profile is to enroll the device via Apple DEP (Device Enrollment Program). On the DEP enrollment profile settings there is a setting Allow MDM profile removal. Enrolling devices using this profile will prevent the end user from removing it from the management. Otherwise iOS as a platform does not provide means to restrict the removal. For more information about Apple DEP, please see: http://onlinesupport.miradore.com/hc/en-us/articles/205815622-About-Apple-Device-Enrollment-Program

Windows Phone

  • On Windows Phone (8.1) you can prevent the removal of management profile with the restrictions configuration profile. In the Restrictions configuration profile's Security and privacy tab there is a setting Manual unenrollment. If you select this as Denied and deploy the profile to a device, the management cannot be removed from the device end. It is possible then only by sending unenrollment command from Miradore Online or by running a factory reset on the device.

In addition to these, you can get notifications if the end user has removed the device from management. This is possible by enabling these events from the Device notifications settings under you own user account's My settings (click the user account icon on the upper right corner and select My settings from the menu). For more information about device notifications, please see: http://onlinesupport.miradore.com/hc/en-us/articles/201800332-About-device-notifications

Lassi Pekkarinen (Miradore)

Please sign in to leave a comment.