How can I prevent the SimpleMDM profile from being removed from a device?
The SimpleMDM profile can generally be deleted from a device at any given point. When this profile is deleted, SimpleMDM loses the ability to manage the device and the user loses all apps and configurations that were provided by SimpleMDM.
Apple allows for one exception to this rule. If a device is enrolled using Automated Enrollment via Apple Business Manager (formerly known as 'Apple DEP' or 'DEP enrollment'), the administrator can disallow removal of the profile.
Here are a few helpful resources on this topic:
Choosing an Enrollment Method
Explained: The Apple Device Enrollment Program
What is Apple Business Manager?
Once an Apple Business Manager account has been connected to SimpleMDM, the option to prevent the removal of the MDM profile will be shown under the 'DEP Settings' tab of the Automated Enrollment page labeled as "Allow MDM removal by user".
Additionally, these options have been deprecated as of iOS 13+ and macOS 10.15+. This means that any devices running these OS versions that enroll via Automated Enrollment will have supervision enforced and the MDM profile will not be removable for users.
For devices that have been provisionally added to Apple Business Manager, meaning they were activated prior to being registered in ABM and were later added via Apple Configurator, Apple enforces a 30-day window after enrollment during which the MDM profile can still be removed by the device user. If provisionally enrolled devices are not unenrolled at any time during this window, the MDM profile will become unremovable.