Those settings are all you can control, unless the current Configurator application has some settings controls that Profile Manager hasn't caught up to yet. There is no way to block students from changing other settings. What most schools seem to do is just accept that students may change settings and get used to re-setting them back to the desired configuration from time to time. Others here who do this regularly can probably describe their policies and suggest best practices.
Unfortunately PM does not allow total control, which maybe due to apples philosophy of user owned devices opt in style of management. currently you'd have to look elsewhere for higher level of control
What you can do is include the wireless config in the profile your pushing out
So if users delete the profile they are cut off from the network
Think about how deleting a profile would effect security
Try to consolidate your profiles as much as you can without compromising functionality
So that you end up with the minimum amount of profiles
Taking your example of proxy setting, if that was included in the same profile as wifi ldap VPN
Deleting the profile to try and get round the proxy would cut them off from the network
Deleting enrolment certs should remove everything if I remember correctly
End result cut off and have to return device to IT to get back on
Quick check by IT ....Profiles deleted!
Cue lecture from admin about not fiddling about and breaking company policy, warnings, followed by excuses blaming it on the dog etc etc
You can enable restrictions manually on the devices but that soon becomes a pain on a large deployment
With configurator you can set profiles that cannot be deleted without authorization.
You can also set up profiles using an MDM such as Meraki (free) and the MDM will autosend you an email if a device profile is deleted.
Thank you for your help and advice.
Profile Manager is not working 100%, as soon as you change something sometimes work and sometimes doesnt.
Also the ipads are getting the apple push notification radomly, and it is not reliable. Sadly I'm loosing confident in apple products.
I really dont understand why apple is not keeping thinks smart and simple anymore.
I couldn't get PM push to work reliably without 433 open and forward to the mdm server
I vaguely remember something to do with device check in
there are lots of reasons pushed settings getting to devices randomly
not that I think PM all that great
device loosing IP address on DHCP not renewing till "woken"
devices out side of lan, unless you open ports
devices turned off.
wireless turned off
I had quite few devices with push settings randomly succeeding
when it all worked fine before I let the users have them
and worked fine when i got the devices back.
I noticed it was always on the same devices
turns out I had a few users who treated ipads like laptops
and kept turning them off when not in use
after a bit of investigation and education - push failure sorted !
pushing smtp settings is still hit and miss
sometimes correct sometimes results in duplicate smtp servers
deleting mail settings seems to leave smtp behind