Discouraging the Removal of a Meraki Management Profile
Overview
The Meraki management profile must be present on all devices enrolled in a Systems Manager network. To maintain communication between the Meraki Dashboard and the device, there are several policies that can be implemented to prevent or discourage end users from deleting this profile.
Email Alerts
Configure an email alert under Systems manager > Configure > Alerts to notify your dashboard admins when a profile is removed. You can also monitor at a high level which devices have had their profiles removed by adding the column "Managed?" in Systems manager > Monitor > Clients.
.
Device Owner Mode (Android)
Enrolling Android devices through Device Owner mode prevents end users from removing MDM management, since enrollment takes place at the system level during initial device setup. To read more about the different enrollment types, see the Android Enrollment guide, and our deployment guide. Note that factory resetting the device and ADB access can be blocked to help limit users' abilities to wipe devices. (For disabling factory reset or blocking ADB access, navigate to Systems Manager > Manage > Settings > Add Profile > Device Profile (default) > Add settings > Android Device Owner/Android Restrictions.)
Apple Automated Device Enrollment (iOS/macOS)
iOS and macOS profiles can be made mandatory and unremovable if installed through Apple's ADE program. This is the only mechanism Apple provides to force enrollment upon factory reset, and also mandatory, and is advised for any organizationally-owned devices that qualify. See the ADE article for instructions on how to push supervised settings and restrict removal.
Remove Apps with Profile
iOS and Android apps that are pushed out using Systems Manager can be set to uninstall upon removal of the Meraki management profile using the Remove With MDM flag. Removing apps will leave devices with a limited set of basic features.
.