Unenroll devices

After unenrolling from MDM, you can no longer manage the device by BigFix MCM. MDM policies become ineffective on the unenrolled devices.

Unenrollment through WebUI

To unenroll devices through WebUI:

  1. From the WebUI main page, click Devices.

  2. From the listed devices, select the devices to unenroll.

  3. From the action bar that appears in blue, select Administration > MDM Unenroll.The following page appears.

  4. If you want to change the target, click Edit Devices. Review the information and click Send Command.

Unenrollment by device user

Windows
  • By default, MCM allows user-initiated unenrollment on all the enrolled Windows devices.
    • As a device user, to unenroll a Windows device, do the following steps:
      • a. Select Account from the left navigation pane.
      • b. Click the carrot symbol next to Connected by
      • c. Click DisconnectAccess work or school and click Disconnect. The device gets unenrolled from MDM service.
      • d. Additionally in Windows 11 devices, to unenroll, click the popup button (that is displayed as a blank line) that appears after clicking Disconnect.

  • If an organization wants to prevent users from unenrolling company-owned devices, that can be done through a custom policy. Add the custom policy to a policy group and deploy onto the MDM server. For code, see Custom policy to restrict device users from unenrolling fully-managed (company-owned) devices.
Apple
The ability for a user to unenroll themselves is configured in the DEP profile that was applied on the device. While configuring through Configure Automated Device Enrollment Policy page, if the Is MDM Removable option is selected, the Apple device user can unenroll. Otherwise the option is disabled and the user cannot unenroll. After user-initiated unenrollment, the items under the sections Apps and Restrictions become empty.
Android

Users cannot unenroll company owned devices (New or factory reset devices).

Users can unenroll BYOD Android device by deleting the work profile. To delete your work profile:
  1. Go to Settings > Accounts > Remove work profile.
  2. Tap Delete to confirm the removal of all apps and data within your work profile.
  3. Ensure that the policy app ("Device Policy") is uninstalled and not present on your device.

After the work profile is deleted, all local data on the device within that profile is deleted.

You can also remove all apps and data (both personal and work) by factory-resetting your device.