How can a configuration profile be removed from a single computer

There's a Configuration Profile that's currently being applied to all new macOS device enrollments that is no longer valid and causing issues upon the install of an application.

Inhaltsverzeichnis Show

Remove an MDM enrollment profile from macOS computers
System Preferences
Terminal (Command Line) - remove a specific MDM Enrollment Profile
Terminal (Command Line) - remove all MDM Enrollment Profiles
Remove an MDM enrollment profile from iOS devices (iPhones, iPads)
What do you want to do?

How can I go about removing Configuration Profiles, or more specifically, a kernal extension approval either remotely via Intune or from the macOS device itself?

You can remove an MDM enrollment profile directly from:

macOS computers
iOS devices

Remove an MDM enrollment profile from macOS computers

To perform a clean removal on macOS computers running Device Management for Apple, we recommend you first uninstall the Mac Agent and then delete the MDM enrollment profile from the device. For more information, see Uninstall the Mac Agent.

If you remove the MDM enrollment profile from a device that is still running the Mac Agent and Device Management for Apple, the end user is prompted to enroll the MDM profile again (if Device Management for Apple is configured to automatically enroll Mac devices).

To remove an MDM enrollment profile from a macOS computer, you have three options. You can use System Preferences or Terminal (command line) to remove a specific MDM enrollment profile, or you can use Terminal (command line) to remove all MDM enrollment profiles.

System Preferences

On the macOS computer, click the Apple menu icon then go to System Preferences > Profiles
Select your MDM Management enrollment Profile
Click on the minus icon to begin the removal process
Click Remove, if prompted to confirm removal

Deleting the main MDM enrollment profile deletes all associated Device Profiles.

Terminal (Command Line) - remove a specific MDM Enrollment Profile

Click Finder > Go > Utilities
Double-click Terminal
To display a list of installed profiles, run the following command either as root or by assuming root privileges by sudo, entering the admin user's password when prompted:
$ sudo profiles list
Password:
Example output:
_computerlevel[1] attribute: profileIdentifier: com.example.mav.tcc_computerlevel[2] attribute: profileIdentifier: com.example.takecontrol.tcc_computerlevel[3] attribute: profileIdentifier: com.example.rmmagent.tcc
There are 3 system configuration profiles installed
Run the following command with the name of the profile you want to remove:
$ sudo profiles remove -identifier <profile_name>
Example command:
$ sudo profiles remove -identifier com.example.mav.tcc
Depending on its settings, a profile may be unremovable using Terminal. In that situation, you must use the N-sight RMM Dashboard to remove the profile. For information, see Remove profiles using N-sight RMM.

Terminal (Command Line) - remove all MDM Enrollment Profiles

On the macOS computer, click Finder > Go > Utilities
Double-click Terminal
Run the profiles remove -all command either as root or by assuming root privileges by sudo, entering the admin user's password when prompted:
$ sudo /usr/bin/profiles remove -all Password:

Remove an MDM enrollment profile from iOS devices (iPhones, iPads)

When you Delete a mobile device from the Dashboard, the MDM enrollment profile is removed. However, you can remove an MDM enrollment profile from an iOS device if required.

Use this task to remove an MDM enrollment profile from an Apple TV. Exact menu names may differ. For example, VPN & Device Management may be simply Device Management.

To remove an MDM enrollment profile from an iOS device:

On the iOS device, go to Settings > General > Profiles or VPN & Device Management
Select your MDM Management Profile
Click Removal Management or Remove Profile
Authorize the removal
Confirm removal when prompted

What do you want to do?

Uninstall the Mac Agent
Review Device Management for Apple information

dj56-5516 asked • Jan 7, '22 | LuDaiMSFT-0289 commented • Jan 12, '22

If I have a configuration profile with some administrative template settings set and assigned to a group. To remove those settings would I just move that group to the Excluded group? Or would I need to modify the settings in that config profile and then keep that group in the Included groups? Or would just removing the groups from that configuration profile set all of those settings back to their defaults?

mem-intune-generalmem-intune-device-configurations

Comment

To remove a configuration profile from a mobile device:

In the Mobile Device Management folder in the console tree, select the Mobile devices subfolder.
The folder workspace displays a list of managed mobile devices.
In the workspace, filter iOS MDM devices by clicking the iOS MDM link.
Select the user's mobile device from which you have to remove the configuration profile.
You can select multiple mobile devices to remove the profile from them simultaneously.
In the context menu of the mobile device, select Show command log.
In the Mobile device management commands window, proceed to the Remove profile section and click the Send command button.
You can also send the command to the mobile device by selecting All commands from the context menu of the device, and then selecting Remove profile.

The Remove profiles window opens showing the list of profiles.
Select from the list the profile that you have to remove from the mobile device. You can select multiple profiles to remove them from the mobile device simultaneously. To select the range of profiles, use the SHIFT key. To combine profiles into a group, use the CTRL key.
Click OK to send the command to the mobile device.
When the command is executed, the selected configuration profile will be removed from the user's mobile device. If the command is executed successfully, the current status of the command will be shown as Completed.

You can click the Resend button to send the command to the user's mobile device again.

You can click the Remove from queue button to cancel execution of a command that was sent if the command has not yet been executed.

The Command log section displays commands that have been sent to the mobile device, with the respective execution statuses. Click Refresh to update the list of commands.
Click OK to close the Mobile device management commands window.

Page top

You can remove a configuration profile that is outdated, interferes with other profiles, or relates to a service you no longer use. However, be aware that removing a profile will remove all settings associated with it. If the profile was used to configure your email or wireless connection, removing it will remove those settings, and you will no longer have access to those services.

To remove a configuration profile in iOS:

On your iOS device, open Settings > General.
Scroll to the bottom and open Profiles. If you do not see a "Profiles" section, you do not have a configuration profile installed.
In the "Profiles" section, select the profile you wish to remove and tap Remove Profile. If you have a passcode for your device, you will be prompted to enter it. Then tap Delete.

To remove a configuration profile in macOS:

From the Apple menu, select System Preferences....
From the View menu in System Preferences, select Profiles.
Select the profile you want to remove, and then press the - (minus) button. Click Remove to remove the profile.

Configuration profiles in iOS and macOS