Prevent users from Removing a Workplace Account on Windows Phone with Intune

11 Aug

I’m currently using Windows Intune to manage mobile devices, I’m still getting started with this but by enrolling in a workplace account you can then apply certain policies to the device remotely.

However, there is no easy way to stop users from removing the workplace account and then obviously circumventing any policies applied.

As it turns out there is a way, but it involved using OMA-URI settings and there is a really great guide here on this.

For reference, the settings are:

  • Prevent Un-enrollment:
    • ./Vendor/MSFT/PolicyManager/My/Experience/AllowManualMDMUnenrollment
    • Integer
    • 0
  • Prevent Reset
    • ./Vendor/MSFT/PolicyManager/My/System/AllowUserToResetPhone
    • Integer
    • 0

Once set and deployed, users will no longer be able to reset their devices of remove their workplace account.