I can confirm that we have this on our plan for early in 2020/ Thanks for your patience!
An error occurred while saving the commentAnonymous commented
Cathy Moya, here is what I have personally witnessed with the relationship between Intune and Apple devices.
• The device must be built as a new device, not from an iCloud or iTunes backup to be a supervised device. Unless you use a ridiculous third device work-around.
o Apple design – restoring from a backup makes it an un-supervised device
• Un-supervised devices are treated as BYOD. The user has the ability to remove the management profile from the device.
o Settings > General > Device Management > Management Profile
o If the device is un-supervised, the user has the ability to remove the profile using “Remove Management”
• Supervised devices, built as a new device, can be defeated by restoring the device in iTunes, then restoring it from a personal backup.
o The device will become un-supervised and vulnerable to the above issues
How can we secure our smartphone environment when users have the ability to remove a corporate owned DEP enrolled device from our control?