Jamf Nation Community

Thanks for the response! That option seemed like it made the most sense, but I wan't sure what it would encompass.

Realistically, I want to be sure that employee don't have the ability to personalize them, or use them as personal devices. I have to make sure they cannot access the app store and download apps, that is a big issue we have run into in the past.

If a account is logged in on the device they will lost the ability to remove it when you set this restriction. It will also affect the password & accounts settings.

@zamo We use the passwords and accounts settings when setting up the exchange mailbox. Would this disable the mailbox from bringing in user data?

No. When it's set up everthing works as expected but you were enable to do any changes to these accounts on the device itself. If you set up exchange accounts with a configuration profile you can do any changes whether the account restriction is set or not.
It's a bit hard for me to explain it in english so I hope you can understand what I am trying to say here^^

Oh, that helps. Thank you. I'm going to make some changes today to play around with it on our test devices.
Thanks again

I am finding this does not work on Shared ipads. We are trying to find a solution that only allows users to use Guest account, which wipes at signout. I have completely restricted everything iCloud, and it seems to allow a Apple ID login. JAMF Pro 10.25.0 and iOS 14.01

@mhegge The devices have to be supervised to use this restriction.
If you want to reset the devices, the jamf reset app maybe something for you. I didn't test it myself but, just read about it. You have to use it with the jamf setup app to work correctly.

@zamo We use Jamf reset for Library checkout iPads. But that is an operation performed by library staff. We cannot rely on students to utilize JAMF Reset consistently. It would be a data security risk.

I have found out that if users try to use an Apple ID, it states it can only accept managed Apple IDs, so we may be able to work around it. We currently are not using managed apple IDs (only a few test accounts).

I wish this was a restriction we could use on Macs instead of just iOS. We are trying to use Apple Classroom on macs however many students have logged out of their managed Apple ID and just are using a personal one instead.

Gabe Shackney
Princeton Public Schools

I am not seeing this anymore: Configuration Profiles > New button > Restrictions payload > iOS tab > Functionality tab > Allow modifying account settings (supervised only).

They changed the layout, few versions ago. It looks like this on my side:

I am using jamf Pro 10.32.2

Is there a way to back up the iPhone / iPad to iCloud even if we restrict the end user from logging out of their work-managed account?