Case A) Working Perfectly (Normal Behavior)
(Synced from ABM to Meraki SM)
Brand new or repurposed iPhone\iPad > DEP Profile Assigned or Pushed > User starts the new device > Accepts Remote MGMT > User signs into iCloud or setup later in settings > device is Online in Devices Section of SM
(DEP shows iPhone as Pushed)
Case B) Working Perfectly (Normal Behavior)
(Synced from ABM to Meraki SM)
Brand new or repurposed iPhone\iPad > DEP Profile Assigned or pushed > User starts the new device > Accepts Remote MGMT > User signs into iCloud or setup later in settings > User performs erase all content and settings > User starts the device again > Accepts Remote MGMT > User signs into iCloud or setup later in settings > device is Online in Devices Section of SM
(DEP shows Phone as Pushed)
Case C) Not Working
(Synced from ABM to Meraki SM)
Stolen, brand new or repurposed iPhone\iPad > DEP Profile Pushed > User starts the new device > Selects restore from iCloud , signs into iCloud and selects the latest Backup on iCloud > Accepts Remote MGMT > Device is now offline in Devices sections of SM
(DEP shows Phone as Pushed)
Case D) Not Working
Synced from ABM to Meraki SM)
Brand new or repurposed "iPhone\iPad A" > DEP Profile Empty > User starts the new iPhone\iPad "A" > Backup data to iCloud > User performs erase all content and settings on Phone\iPad “A” > iPhone\iPad “A” now is put into an assigned status by an Admin > User then restores the backup to iPhone\iPad “B” > Once restore is complete, user now takes the backup of iPhone\iPad “B” and restores this to iPhone\iPad "A" > Accepts remote MGMT > Device is now offline in Devices sections of SM (DEP shows Phone as Pushed)
The only way to get a restore to work without a pushed device becoming offline in the Devices sections of SM > Brand new or repurposed iPhone > Backup to iCloud > then connect the iPhone to the computer with iTunes & perform a DFU; once the DFU is complete, boot the iPhone > select restore from Backup > select the latest backup > Accept Remote MGMT > the device is now restoring and online in Devices sections of SM.
I need to ensure when a user backups their data and performs a restore the device remains online and MGMT tools functional. As it stands now, if a legit restore happens, I am screwed; if a deice is stolen and a restore occurs, I am screwed. This defeats the purpose of an MDM server..
Only option I can think to prevent this from happening is , remove the "Erase all content and settings" in the profiles. I think this is a band-aid solution, but maybe the fix?
DEP PROFILE
Supervise is – Yes
Mandatory - Yes
Removable - No
ABM Settings
unticked allows MDM to remove from ABM
Apple confirms backing up and restoring on the same device is an issue as per Apple Article HT207516 > the workaround to get a device into MDM is Case D
Apple confirms Case C works with other MDM’s providers
Apples confirms this is an issue on how Meraki handles restores in the MDM
Thoughts?
