Help

Profiles Restored Upon Backup

Go to solution
asoderman
New Contributor II

Posted on ‎10-01-2024 11:25 AM

Hello,

When our students graduate we offer the option for them to keep the devices. We wipe and delete them from JAMF when they sign them out during the final days of school. Once we do this if they restore from an iCloud Backup, all of our configuration profiles are added back via the backup without the iPad enrolling back into our MDM server. One profile we have is to deny the ability to factory reset the iPad via Settings. This means the graduated students are unable to reset their device that has pulled its old management controls. The only way to wipe them is to put them in DFU mode and use Apple Configurator 2.

Is there a better way to release these devices through smart groups or anyone else noticing this.

Thanks!

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
byrnese
New Contributor III

Posted on ‎10-04-2024 04:12 PM

Maybe a change in workflow is required. Once you know who will be keeping their devices, drop them into a Static Group. Exclude that group from your profiles to reduce the number that are on there. Next, use the group to trigger an inventory update and send a notification that asks them to complete an iCloud Backup, just to get a new one without the profiles, and then Unmanage and delete. As long as they are removed from ASM, you might be in business.

View solution in original post

Reply
7 REPLIES 7

Go to solution
mainelysteve
Valued Contributor II

Posted on ‎10-01-2024 01:11 PM

One way I would go is sending an unmanage command to them, take a backup then wipe using Settings. 

Reply

Go to solution
asoderman
New Contributor II
In response to mainelysteve

Posted on ‎10-01-2024 01:24 PM

The only issue I can see with this (Still far better than nothing) is we don't manage the student's personal Apple IDs and when they take backups. 
That is a far better solution than none so thank you for that.

0 Kudos
Reply

Go to solution
galionschools
Contributor
In response to asoderman

Posted on ‎10-02-2024 06:22 AM

True, and you could always choose to not wipe at all. Once you un-manage it the process will remove any profiles and app licenses. If any VPP provided app survives that I believe the OS will delete it after 30 days, but don't quote me on that. 

No idea how much different an academy is from traditional K12 so I can't imagine if corralling them in one space to go through inventory(if necessary), MDM removal and iCloud backup is feasible or not.

0 Kudos
Reply

Go to solution
mainelysteve
Valued Contributor II
In response to galionschools

Posted on ‎10-02-2024 06:25 AM

Same person here. Not fun with two jamf ID accounts and no account switcher. Get on that Jamf!!

0 Kudos
Reply

Go to solution
Mattdjerome
New Contributor III

Posted on ‎10-02-2024 10:55 AM

Yes, unmanage and leave as is, but also release from ASM

Reply

Go to solution
byrnese
New Contributor III

Posted on ‎10-04-2024 04:12 PM

Maybe a change in workflow is required. Once you know who will be keeping their devices, drop them into a Static Group. Exclude that group from your profiles to reduce the number that are on there. Next, use the group to trigger an inventory update and send a notification that asks them to complete an iCloud Backup, just to get a new one without the profiles, and then Unmanage and delete. As long as they are removed from ASM, you might be in business.

Reply

Go to solution
asoderman
New Contributor II

Posted on ‎10-05-2024 08:08 PM

I think that may be the best course of action. 
Thank you all for the suggestions. Everyone said the same thing only differently so I think it's safe to say we should seriously consider that this year.

0 Kudos
Reply