Hi David
Basically the Device Owner profile - as you will remember - is built from a freshly wiped device, and built into the operating system. As such, whether you send a Remove Control, or a Wipe, the end result will be the same - the device will be completely wiped.
If you are using KNOX Mobile Enrollment, then you will even find that after wiping the device it will reboot and re-enroll itself automatically. As such, if you want a clean device, removed from DO mode, you need to:
- Remove the serial number from KME portal (your device reseller will be able to do this)
- Send a wipe command
- Once rebooted the device will be free to use outside of enrollment.
The distinction between Wipe and Remove Control becomes more relevant in Profile Owner mode, which is an application-level configuration. In this case you can remove PO control and not have to wipe the device: this is not the case for DO.
Best
------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------
Original Message:
Sent: Fri December 08, 2023 03:34 AM
From: David Greetham
Subject: Remove Device Control - KNOX enrolled Device Owner
Morning,
I was wondering what the best way is to remove MDM control from a Samsung device that is enrolled via KNOX with Device Owner enrolment.
If I choose the "Remove Control" option for the device, would the device require a factory reset? Or would it just remove the MaaS360 control, leaving the device open for the end user to carry on using?
I just want to know the best practices for de-coupling customer devices to allow them to be used outside of the MDM control.
Thanks,
David
------------------------------
David Greetham
------------------------------