You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: nhkmknklkl
nhkmknklkl Author
User level: Level 1
4 points

Situation: Released Iphone from DEP and manually enrolled to Intune

Hi

We have a situation at work I hope I can get some feedback on. We are now removing DEP and MobileIron (MDM) to start using Microsoft Intune (without DEP connection).

The Iphone were released (we should probably have done "unassign" and the release?) and the Management profile is gone, and users were able to enroll their Iphone device into Intune.


But, one of the Iphone did an upgrade to iOS 15 and at the end it got an errormessage "Profileinstallation failed, Scep-service not found".

I guess this is something from the "old" DEP, trying to manage it after a restart/restore, but since DEP has removed link to Mobileiron (MDM) and released the Iphone, it cant find it.


MY question is, will this probably happen to the other devices when restarting/upgrading?

Do we have to factory-reset all the devices?

Or will they work as normal?

Its quite critical so we need to get the correct reciepe to solve this :-)



iPhone 11, iOS 15

Posted on Sep 22, 2021 11:06 AM

Reply
Question marked as Top-ranking reply
User profile for user: celliott147
celliott147
User level: Level 6
12,248 points

Posted on Sep 22, 2021 2:49 PM

A device can be released from DEP/ABM/ASM at any point. It does not need to be powered on or connected to the internet. After a device is released, the next wipe will completely clear any DEP and management provided that device is not restored from a backup. DEP enrolled devices retain their management profiles within the backup and must be set up as new devices.


So all that to say, simply wipe the device. I would strongly suggest not removing devices from DEP, even if you do not wish to use DEP with Intune (I strongly recommend that you use the 2 together for the best device security).


Another thing to note is that any MDM enrollment that is not done through DEP is removable at any time by the end user.

View in context

Similar questions

5 replies
Question marked as Top-ranking reply
User profile for user: celliott147
celliott147
User level: Level 6
12,248 points

Sep 22, 2021 2:49 PM in response to nhkmknklkl

A device can be released from DEP/ABM/ASM at any point. It does not need to be powered on or connected to the internet. After a device is released, the next wipe will completely clear any DEP and management provided that device is not restored from a backup. DEP enrolled devices retain their management profiles within the backup and must be set up as new devices.


So all that to say, simply wipe the device. I would strongly suggest not removing devices from DEP, even if you do not wish to use DEP with Intune (I strongly recommend that you use the 2 together for the best device security).


Another thing to note is that any MDM enrollment that is not done through DEP is removable at any time by the end user.

Reply
User profile for user: nhkmknklkl
nhkmknklkl Author
User level: Level 1
4 points

Sep 22, 2021 2:59 PM in response to celliott147

ok. It seems like the removal from the MDM has been successfully on most of the devices. The management profile was automatically removed, so that enrolling the devices into Intune and installing a new management profile was no problem. Should I look for other settings, traces on the devices?


I think the one device that was upgraded to iOS 15 and got the "restore device" issue was not successfully removed. This was prior to enrolling it to Intune.

Reply

Situation: Released Iphone from DEP and manually enrolled to Intune

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up