The Sophos Community will be unavailable from 13:00 to 18:00 UTC this Saturday, October 1st for upgrades. Stay tuned to our Twitter account @SophosSupport for updates.
Users are able to delete configuration profiles on their iOS devices. Can this be prevented?
First seen in Sophos Mobile Control
Operating systems iOS
You can protect configuration profiles with a password. To do so, configure the profile as follows:
- User can remove profile: with authentication
- Authentication password: <password>
This said, there's a limitation: There is no way to apply this protection to the MDM enrollment profile (bootstrap). This is due to a limitation of the MDM protocol by Apple and cannot be circumvented.
The user will always be able to remove the MDM enrollment profile and with this any other installed profile based on it.
As a device will then be no longer managed, it will also be no longer compliant and can no longer perform any Exchange Active Sync.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.