Forum Discussion
iOS - Missing enrollment profile for device added after 1st setup
First off, by design, only devices that go through ABM will get an enrollment profile. Anything not through ABM is considered unsupervised. This will also limit the settings and control on your devices.
To combat this, you will need to use Device Categories. The user will be prompted when they register their device to select a Device Category. You can use this to apply settings, policies, and applications to a device based on a dynamic group. It will also allow reporting of devices.
Secondly, if it is a corporate device, it is best not to allow restore of devices. There are multiple reasons to NOT allow a cloud backup of company data unless your AD is integrated with ABM. You open yourself up to someone restoring the company information on another device after they leave your organization. The users will need to treat any information on the device as 'disposable' and use OneDribve to store their information and things like Contacts will need to only be added to Outlook.
Hi JutManGraham , thanks for the hint, I'll try with the categories and see what I can do.
Do you think I can link the category in some way with the existence in ABM? Or all is just left on users hands?
I agree with you about the restore, at least cloud backup do not include any of the corporate app content, access to company data is fully managed thru the conditional access.
The only reason for the backups are the "personal" data like pictures or personal apps, that IN PRINCIPLE do not contain any company data.
I'm aware it's not a perfect solution but changing it will require a strong decision from the top management.