To disable the "unroll" option on your iOS device agent app,  enable "Prevent Un-enrollment from Device Agent" option in  Advanced Configuration->Agent Settings of the device/device group of interest.

As long as you have not un-selected the default option "prevent un-enrollment" in the DEP tab of your iOS add-devices rule for subsequent enrolling of your DEP supervised devices,  most MDM policies can still be deployed/revoked dynamically and the device is in full control even if the device agent app is not installed (or uninstalled by the device end-user).   However, if you want the device end-user to see messages sent from MobiControl administrator, you need the device agent app to be able to read the messages.

MobiControl device agent app is not mandatory for iOS deployment.  Most MDM functions defined in profiles/rules/adv-configuration are functional even if the device does not have the agent installed.   Only a small number of features, e.g  content library, need the agent app.

Are all your iOS devices DEP and supervised devices?  If so, and if the devices are properly configured, the un-enrol function in in the "Device Configuration" tab of device agent in can be disabled easily, and there is no way for the device end-user to turn off MDM policies deployed and/or uninstall the device agent.  

The log information shown only include very basic connection status, and privacy-related information (e.g. when a remote-view/control session has been start and end)  against misuse/abuse of MDM functionalities.

All of our devices are DEP enrolled and in supervised mode.  We only really need the app like I said for tracking and messages, however even the slim amount of log info it gives is too much for government based clients, hence looking for a solution to hide.

I cannot seem to find any profile option to disable the ability for the device to be un-enrolled via the MobiControl app though.  The certificate itself has been blocked from removal but this is not really enough.

Thanks I missed the advanced group options.

Some four years ago,  I told Soti to have this "disable unenrollment" option selected as the default, as this is the norm for 99.99% of production enterprise-grade use cases.  However,  they just ignored me. 

Soti MobiControl has a very power management engine and tons of extensible features, which I think are best-in-class in the sector.  However,  the designs of some of their UI and configuration options are not user-friendly or sensible enough.  If one knows the tricks and remember to configure,  the solution works perfectly and usually beat many competitors.   I believe some potential customers just try other solutions because they don't know how to use MobiControl properly during their evaluation.   What a pity!

Hi Guys, 

MobiControl is a very robust application with a lot of features and interfaces.  With the introduction of the V 14 GUI we have some flexibility as far as toggles and features that can be implemented and some that are now available. 

As in this case, if the feature is not available or not set as "default" as it has been suggested, please feel free to submit a case and subsequently request a feature request.   This way we can track the progress of your suggestion.   

If one has been submitted already regarding this, please send me a message with the case number and we can follow up accordingly. 

Cheers,