2.1.1 - MobileIron - Set Security to disallow profile removal


The device can be configured to always allow the removal of a profile, to allow the removal of a profile only with a profile-specific password, or to never allow the removal of a profile, on a per-profile basis. By default, the iPCU configuration allows the profile to be removed by the user. To ensure profile settings remain in effect, profile removal must be disallowed.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


On the iOS device,
1. Open iPCU.
2. Click on Configuration Profiles in the left windowpane.
3. Click on the General tab in the lower right windowpane.
4. Click on the Security combo box in the lower right window pane.
5. Select With Authentication.
6. Install the configuration profile on the device.

See Also


Item Details


References: 800-53|AC-19

Plugin: MDM

Control ID: 6132ba804cf5ac3f150c47a9a95e6c5dac807b6b665f42701cd9cf1f6826e84a