The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Users are able to delete configuration profiles on their iOS devices. Can this be prevented?
First seen in Mobile Control
Operating systems iOS
You can protect configuration profiles with a password. To do so, configure the profile as follows:
- User can remove profile: with authentication
- Authentication password: <password>
This said, there's a limitation: There is no way to apply this protection to the MDM enrollment profile (bootstrap). This is due to a limitation of the MDM protocol by Apple and cannot be circumvented.
The user will always be able to remove the MDM enrollment profile and with this any other installed profile based on it.
As a device will then be no longer managed, it will also be no longer compliant and can no longer perform any Exchange Active Sync.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.