11 Replies Latest reply on Mar 18, 2013 9:41 AM by Frank Wils

    Can i stop users deleting MDM Enrollment certificates and AD Group Assigned profiles

    pacificmags Rookie

      Hi all mobility users,


      I would like to know if this is normal behavior AND if I can stop it.


      We recently installed MDM. It is working on iPads and Android v.4.* (Samsung only, HTC does not work but that is not my issue here).


      The problem I have is related to the iOS device, that when a device is enrolled via the LD agent they receive 2 profiles installed under General / Profiles settings. These are:


      1. Is the MDM Enrollment Profile, it contains the MDM Secure_*** certificate and also our LANDesk core server certificate. It also contains and Mobile Device management profile called MDM (not sure what this is).
      2. The other Profile received is the one we create for department payload delivery managed via AD groups. Lets call it "IT Department" profile.


      My problem is that the user can just delete these profiles and certificates and then the device is no longer managed yet the device still has email active. There is an option in the iOS Profile options part of the Mobility Enrollment window to set a password so the users cant delete the iOS Profile options. This DOES work and stops the user deleteing the AD group assigned policy and payload settings.


      However, the user can still delete the MDM Enrollment Profile which contains the MDMSecure and Core server certificates. When they delete this it automatically deletes the iOS Profile options aswell without the user needing to know the password placed in the iOS Profile options windows mentioned above. This means that the user can remove all management and the IT department is none the wiser.


      Is this normal behavior?

      Can i change this behavior and if so how?


      Perhaps i am not getting something wit this?


      I have uploaded a screenshot of the Mobility Window i am referring to.


      Appreciate you help