Skip to main content
Cisco Meraki Documentation

Discouraging Removal of a Meraki Management Profile

The Meraki management profile must be present on all devices enrolled in a Systems Manager network. To maintain communication between the Meraki Dashboard and the device, there are several policies that can be implemented to prevent or discourage end users from deleting this profile.

Email Alerts

Configure an email alert under Systems manager > Configure > Alerts to notify your dashboard admins when a profile is removed. You can also monitor at a high level which devices have had their profiles removed by adding the column "Managed?" in Systems manager > Monitor > Clients.

.2017-07-17 13_59_10-Alerts - Meraki Dashboard.png

Device Owner Mode (Android)

Enrolling Android devices through Device Owner mode prevents end users from removing MDM management, since enrollment takes place at the system level during initial device setup. To read more about the different enrollment types, see the Android Enrollment guide, and our deployment guide. Note that factory resetting the device and ADB access can be blocked to help limit users' abilities to wipe devices. (For disabling factory reset or blocking ADB access, navigate to Systems Manager > Manage > Settings > Add Profile > Device Profile Default > Add settings > Android Device Owner/Android Restrictions.)

Apple Device Enrollment Program (iOS/macOS)

iOS and macOS profiles can be made mandatory and unremovable if installed through Apple's DEP program. This is the only mechanism Apple provides to force enrollment upon factory reset, and also mandatory, and is advised for any organizationally-owned devices that qualify. See the DEP article for instructions on how to push supervised settings and restrict removal.


Require Password to Remove Profile (macOS)

macOS devices can also be configured in Systems Manager > Manage > Settings to prompt for a password when users try to remove the management profile from System Preferences.

2017-07-17 14_11_47-Meraki Dashboard.png

Remove Settings with Profile

Deploy key settings like an encrypted wireless profile, or Exchange email configurations to devices using Systems Manager. This will require devices to be enrolled in your network to retain network or email access - users who remove the management profile will lose access. 

Remove Apps with Profile

iOS and Android apps that are pushed out using Systems Manager can be set to uninstall upon removal of the Meraki management profile using the Remove With MDM flag. Removing apps will leave devices with a limited set of basic features.

.2017-07-17 14_13_03-Apps - Meraki Dashboard.png