MDM Profile

The special configuration profile that establishes and maintains the MDM connection. Contains the enrollment payload, server URL, and identity certificates.

What to Know

The MDM profile is the foundational trust relationship that enables all device management capabilities. Without it, no MDM commands can be sent, no profiles can be deployed, and no inventory data can be collected. Unlike other profiles, the MDM profile establishes bidirectional communication between the device and management server, allowing the device to check in regularly and receive management commands.

On supervised devices, the MDM profile cannot be removed by users, ensuring that IT maintains persistent management control even if users attempt to unenroll. On unsupervised devices, users can remove the MDM profile from Settings, which completely severs the management relationship and removes all deployed profiles and restrictions.

Common Scenarios

Enterprise IT: The MDM profile is installed during device enrollment and remains for the device’s entire lifecycle within the organization. IT monitors MDM profile status to identify devices that have lost connectivity or been unenrolled, triggering alerts for potential security or compliance issues.

MSP: MSPs maintain separate MDM profiles for each client organization, ensuring proper scoping and data separation. When offboarding clients, the MDM profile removal triggers automatic cleanup of all managed configurations and applications.

Education: Student devices enrolled through Apple School Manager receive MDM profiles that persist throughout the student’s tenure. Schools monitor MDM profile status to identify devices that may have been factory reset or compromised.

In Addigy

Addigy automatically installs and manages the MDM profile during enrollment workflows. Addigy monitors MDM profile health and alerts admins when devices go offline or become unenrolled. In Addigy’s device inventory, the MDM profile status is prominently displayed, and admins can view the profile’s installation date, certificate expiration, and last check-in time.

When devices are decommissioned, Addigy provides controlled MDM profile removal workflows that properly clean up enterprise data and configurations before releasing the device. For supervised devices enrolled through ADE, the MDM profile is automatically reinstalled if removed, maintaining persistent management.