Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
After successfully enrolling an Apple DEP device, users are still able to remove the Mobile Device Management (MDM) profile even though the option User can remove MDM profile is disabled within the Apple Device Enrollment Program (DEP) profile assigned and applied to the mobile device.
This issue can be observed, if mobile devices were added to the Apple DEP account belated using the Apple Configurator 2 app on a macOS device.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Mobile
As per design by Apple there is a 30 day grace period to remove the MDM profile and supervision if the device was added to the DEP account belated using the Apple Configurator app.
Manually add devices to Apple School Manager or Apple Business Manager
You can choose to add iOS and tvOS devices to Apple School Manager or Apple Business Manager using Apple Configurator, even if the devices weren’t purchased directly from Apple, an Apple Authorized Reseller or an authorized cellular carrier. When you set up a device that has been manually enrolled, it behaves like any other enrolled device, with mandatory supervision and mobile device management (MDM) enrollment. For devices that weren’t purchased directly, the user has a 30-day provisional period to remove the device from enrollment, supervision, and MDM. The 30-day provisional period begins after the device is activated.
In this case, users still have the possibility to remove the MDM profile even though the DEP profile is configured differently.
This behavior is as designed by Apple.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.