barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

Windows > Device Data & Configuration

Policy CSP example: How to make MDM profile non-removable on Windows 10 and 11

Updated on October 11th, 2022

Remotely managed Windows 10 and 11 devices are connected to Miradore by installing a work account/MDM profile to the device.

Device users can, by default, disconnect the work account, which effectively removes the device from the management.

In this article, we explain how you can make the work account non-removable and prevent users from disabling the management.


  • Miradore Premium plan
  • This policy is supported on Pro, Business, Enterprise, and Education editions of Windows 10 and 11.

How to disable manual MDM unenrollment on Windows 10/11?

  1. Go to Management > Configuration profiles page on Miradore and add a new Custom policy configuration profile for Windows.
  2. Fill in the CSP policy Area name, Policy name, and Value as described in Microsoft's Policy CSP documentation and click Add.How to disable manual MDM unenrollment on Windows 10 and Windows 11.
  3. Proceed with Next and give a name and description for the profile.
  4. The final stage is to deploy the profile to your Windows 10 and 11 computers.

If a user tries to remove the work account after the deployment, he/she will see a message saying "This work or school account cannot be removed by system policy."

  • This field is for validation purposes and should be left unchanged.

Previous Article:

Next Article: