iPad Pro How easy to remove an MDM profile on secondhand iPad?

trailmonkey

macrumors member
Original poster
Feb 22, 2019
60
23
A friend has a couple of 2nd gen iPad Pros going cheap but they come with MDM configs that nobody seems willing to remove before selling. Odd methinks. Still, he's genuine and so are the IT people he's dealing with - I used to know them.

Am keen to buy one of them but not if there's a risk of bricking the device. Is there a free or cheap (less than iActivate's $45) method of removing it?

Cheers
 

cmaier

Suspended
Jul 25, 2007
18,029
16,028
California
A friend has a couple of 2nd gen iPad Pros going cheap but they come with MDM configs that nobody seems willing to remove before selling. Odd methinks. Still, he's genuine and so are the IT people he's dealing with - I used to know them.

Am keen to buy one of them but not if there's a risk of bricking the device. Is there a free or cheap (less than iActivate's $45) method of removing it?

Cheers
Don’t you just have to remove the MDM profile from within settings | general | profiles?
 

trailmonkey

macrumors member
Original poster
Feb 22, 2019
60
23
Some are easier than others, eg parental controls are (I think) easier to remove than corporate lockdown versions.
 

ApfelKuchen

macrumors 68040
Aug 28, 2012
3,600
2,231
Between the coasts
It'll probably come down to this: Either you can perform a full Erase All Content and Settings or Recovery Mode restore of iOS (in which case the profile should be gone), or you won't be able to erase those iPads at all and you'll be stuck with those profiles and whatever limitations/restrictions they impose.

I'm going to bet the answer will be "stuck with those profiles." It's not likely a simple erase/restore attempt will brick them - the MDM usually just prevents activities that can undo the restrictions. IT departments don't want to have to lay hands on a device every time an employee/student tries to erase the thing. The MDM capabilities Apple built into iOS are intended to make those products attractive to the corporate/institutional/government market - easy-to-break device management is not a positive selling point.

From my perspective, if the seller can't/won't remove the profile, then don't buy it. Profiles can prevent you from using the iPads as you wish.

"Not willing" to remove the profile does raise suspicions. The original owner should be able to remove the profile in just a few moments. An innocent explanation might be that the organization moved/upgraded to another MDM platform and doesn't want to continue the old subscription. Considering the age of the devices, the original owner may consider them to be abandoned property - but it doesn't mean they want to make that abandoned property useful to a new owner (or put extra money in the pockets of employees who were supposed to recycle the stuff).

There's not likely to be a cheap way to remove the profile. I have no idea whether iActivate will be able to remove the profile, but if you consider $45 "too expensive," then the price being offered is probably too high.
- - Post merged: - -

Don’t you just have to remove the MDM profile from within settings | general | profiles?
There are "profiles," and then there are "profiles." Industrial-strength MDM usually requires a server-side unlock before the things can be erased/restored. Easy-to-remove profiles tend to be for granting specific privileges (like installing corporate-specific apps on employee-owned devices) rather than locking-down the use of the equipment.
 
Last edited:

LouE37

macrumors member
Jun 27, 2010
80
18
A friend has a couple of 2nd gen iPad Pros going cheap but they come with MDM configs that nobody seems willing to remove before selling. Odd methinks. Still, he's genuine and so are the IT people he's dealing with - I used to know them.

Am keen to buy one of them but not if there's a risk of bricking the device. Is there a free or cheap (less than iActivate's $45) method of removing it?

Cheers
This depends on whether it was setup using DEP/Supervised management or strictly through an MDM. If only MDM/Unsupervised then what was suggested above would work to simply delete the management profile. If DEP managed, that unenrollment would have to be initiated from the management console or else even a full erase/restore will continue to link the MAC to the enterprise it was previously a member of.
 
  • Like
Reactions: reycat

reycat

macrumors regular
Jun 24, 2009
103
44
This depends on whether it was setup using DEP/Supervised management or strictly through an MDM. If only MDM/Unsupervised then what was suggested above would work to simply delete the management profile. If DEP managed, that unenrollment would have to be initiated from the management console or else even a full erase/restore will continue to link the MAC to the enterprise it was previously a member of.
This. If the iPad is enrolled via DEP, it doesn’t matter if you “Erase all content and settings“ or put it on DFU mode and format from there. When setting it up from scratch it will tell you it is a device managed by SomeCompany, Ltd, and ask you for a username and password just to finish the setup.

The people selling them should be able to remove the iPads from the DEP.

Disclaimer: all my experience is with school issued and managed iPads, it could be different in a business environment.
 

trailmonkey

macrumors member
Original poster
Feb 22, 2019
60
23
It's going to be some kind of corporate-level profile and it's annoying that they won't remove it first. Unfortunately, I can't speak directly with the IT guys anymore so I'm going on second hand info here. Anyway, I'm not taking the risk even though iActivate looks pretty solid and includes support. I just don't need to be in the minority of those that end up with a brick.

Cheers all
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.