Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Anonymous

My feedback

  1. 1,060 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    91 comments  ·  Ideas » Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Anonymous commented  · 

    Cathy Moya, here is what I have personally witnessed with the relationship between Intune and Apple devices.

    • The device must be built as a new device, not from an iCloud or iTunes backup to be a supervised device. Unless you use a ridiculous third device work-around.
    o Apple design – restoring from a backup makes it an un-supervised device
    • Un-supervised devices are treated as BYOD. The user has the ability to remove the management profile from the device.
    o Settings > General > Device Management > Management Profile
    o If the device is un-supervised, the user has the ability to remove the profile using “Remove Management”
    • Supervised devices, built as a new device, can be defeated by restoring the device in iTunes, then restoring it from a personal backup.
    o The device will become un-supervised and vulnerable to the above issues

    How can we secure our smartphone environment when users have the ability to remove a corporate owned DEP enrolled device from our control?

Feedback and Knowledge Base