My feedback

1. Add a policy to prevent device unenrollment from Company portal

   973 votes

   Vote Vote Vote

   Vote

   Sign in

   prestine

   Your name

   Your email address

   (thinking…)

   

   Password

   Sign in with: Facebook Google Microsoft Intune

   Forgot password?

   Create a password

   I agree to the terms of service

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   87 comments  ·  Ideas » Mobile Device Management (general)  ·  Flag idea as inappropriate…Flag idea as inappropriate…  ·  Delete…  ·  Admin →
   planned  ·  AdminCathy Moya (Intune UserVoice Admin, Microsoft Intune) responded

   I can confirm that we have this on our plan for early in 2020/ Thanks for your patience!

   An error occurred while saving the comment
   Anonymous commented  ·  September 27, 2019  ·  Edit…  ·  Delete…

   Cathy Moya, here is what I have personally witnessed with the relationship between Intune and Apple devices.

   • The device must be built as a new device, not from an iCloud or iTunes backup to be a supervised device. Unless you use a ridiculous third device work-around.
   o Apple design – restoring from a backup makes it an un-supervised device
   • Un-supervised devices are treated as BYOD. The user has the ability to remove the management profile from the device.
   o Settings > General > Device Management > Management Profile
   o If the device is un-supervised, the user has the ability to remove the profile using “Remove Management”
   • Supervised devices, built as a new device, can be defeated by restoring the device in iTunes, then restoring it from a personal backup.
   o The device will become un-supervised and vulnerable to the above issues

   How can we secure our smartphone environment when users have the ability to remove a corporate owned DEP enrolled device from our control?

   Save Submitting...