Help

Jamf School - Students Removing Profile

chs23
New Contributor

Posted on ‎08-31-2023 02:15 PM

Hi everyone. Recently onboarded new MacBook Pro devices to JAMF School through Apple School Manager (added using Configurator 2). In the ADE profile, the option to allow the user to remove the MDM profile is unchecked but somehow students are still finding a way to delete the profile.

Can anyone point me in the right direction to solve this? Not sure if there is another setting I'm missing somewhere. Thank you!

0 Kudos
3 REPLIES 3

Tangentism
Contributor III

Posted on ‎09-01-2023 06:34 AM

Are the devices being enrolled via ADE or are you manually enrolling them via the URL?

Does your prestage look a bit like this?

Screenshot 2023-09-01 at 14.29.49.png

0 Kudos

Ismere
Contributor

Posted on ‎09-04-2023 05:46 AM

You wrote that you used the Configurator 2... this allows any Device to remove itself for the next 30 Days. As Apple wrote:
"If the device is given to a user, they have a 30-day provisional period to release the device from Apple Business Manager, supervision and MDM. This 30-day provisional period begins after the device is successfully assigned to and enrolled in:

  • A third-party MDM server linked to Apple Business Manager."

 

Source: https://support.apple.com/en-gb/guide/apple-business-manager/axm200a54d59/web
Should be identical for school manager instances.

beside that you have to make sure that the MDM Profile is maded Mandatory and that Allow MDM Profile Removal is unchecked

0 Kudos

GregBobbett
Contributor II

Posted on ‎09-13-2023 12:42 PM

Basically, when you use Configurator, you needed to get the devices enrolled and then shelve them for 31 days before handing them to a student.

I know it's a pain, but it's there as a personal security protection step. Apple does that so someone can't sneakily take control of a device just by setting up a management profile on it. Although, how often do we go look at VPN & Device Management settings on our devices?

Greg Bobbett
0 Kudos