Delete vs deregister a device (IOS)

Hello All,

how do i remove a device correctly ?

That's how i do it up to date:

Case 1: User gets new device and i get the old one ( for example one which is to old for current IOS Version )

  • remove the connected apple ID ( most of the Users forget this... )
  • Set the device to factory default
  • DELETE the device from our MDM

now i could sell the device for our employees - if they want that old one...

Case 2: User lost the device...( in this example it hast NO further connection to our MDM )

  • User has to remove this device from his personal apple-id
  • we DELETE the device from our MDM

Now the question: Do i have to DEREGISTER the device before DELETE it ?

Parents
  • Hello Peter,

    Thank you for reaching out to the Sophos Community. 

    In "Case 2," where the device has been lost, deleting the device out to the Sophos Mobile portal would be the best course of action to reclaim licenses. If you configured the "Disable unenrollment through app" option, this might pose issues for someone who finds the phone and can't completely remove the MDM profile. A factory reset would be required to return the device to its original form.

    With that being said, if the device is deleted from your SMC portal it'll need to be re-enrolled to re-connect it with SMC, so there's no risk to you.

    For "Case 1," un-enrolling the device before deleting will be necessary for certain use-cases where you have disabled options that allow an end-user from factory resetting the device. If you choose not to define these restrictions and permit users to factory reset, then there's no issue using the current process you have. 

    Hopefully, this feedback helps, though if you do have any questions please update this thread.

    Kushal Lakhan
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hello Peter,

    Thank you for reaching out to the Sophos Community. 

    In "Case 2," where the device has been lost, deleting the device out to the Sophos Mobile portal would be the best course of action to reclaim licenses. If you configured the "Disable unenrollment through app" option, this might pose issues for someone who finds the phone and can't completely remove the MDM profile. A factory reset would be required to return the device to its original form.

    With that being said, if the device is deleted from your SMC portal it'll need to be re-enrolled to re-connect it with SMC, so there's no risk to you.

    For "Case 1," un-enrolling the device before deleting will be necessary for certain use-cases where you have disabled options that allow an end-user from factory resetting the device. If you choose not to define these restrictions and permit users to factory reset, then there's no issue using the current process you have. 

    Hopefully, this feedback helps, though if you do have any questions please update this thread.

    Kushal Lakhan
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data