IBM Security MaaS360

 View Only
Expand all | Collapse all

User deleted from MaaS360 but assigned iOS devices still remain and can't be manually reset within iOS's "Erase All Content and Settings".

  • 1.  User deleted from MaaS360 but assigned iOS devices still remain and can't be manually reset within iOS's "Erase All Content and Settings".

    Posted Mon October 30, 2023 03:52 PM

    Hi All!

    I'm newer to MaaS360 and my background so far has been mainly on the device side enrolling/wiping devices.  Not so much on the server side configuration.

    The ask was to delete the user out of MaaS360 and their were two iOS devices currently assigned to this user.  From what I understand the steps that were taken:  "Remove Control" and then "Hide" for both of the devices.  The user is no longer in MaaS360. 

    Fast forward, a few weeks later, we were asked to wipe the devices which I'm assuming wouldn't be wiped with the actions that were taken, but I'm assuming at least the devices' profiles would have been removed.  The current device state is the devices can't be wiped within the device's settings because we can't select that option in iOS.  I'm assuming it was not verified by either party if the devices were connected to Wi-Fi at that time the user was deleted.

    For best practices, what I'm trying to understand is what went wrong and is there a way to remove the profiles to wipe these devices without going through a DFU.

    Additional questions:

    1)  Are the devices expected to be immediately connected to Wi-Fi/data when performing the "Remove Control" command? 

    2) If the devices are not connected to Wi-Fi/data, how much time can pass before the command times out assuming the commands do time out eventually?   

    3) The devices are now connected to Wi-Fi so a thought was to open the MaaS360 App and perform a refresh to see if the devices can grab any pending commands, but when opening the MaaS360 App it's asking for a password.  With the correct password, assuming it's an Admin password,  can we proceed with removing the profile from the device side?  If we can, I'm assuming that will allow the user to select the iOS option to reset the device.

    4) This depends on what purpose the device will serve going forward, it seems if the device is going to be potentially handed to a new user, a "Wipe" is the best action to use whereas if the end user is keeping the device then "Removing Control" gets rid of the MaaS360 profile.  Is pairing "Remove Control" and then "Hide" ever recommended if the device does not meet the Hide description and may be potentially reused? Under the "Hide" description it says to use this option when "when a device is permanently offline or is not working".  

    Any feedback is appreciated!



    Are the devices stuck in this state due to not being connected to Wi-Fi to receive the "Remove Control" command?



    ------------------------------
    Robert Liptak
    ------------------------------