Apple iOS/iPadOS 16 must be configured to wipe enterprise data and apps upon unenrollment from MDM.
An XCCDF Rule
Description
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. Satisfies: PP-MDF-333300, PP-MDF-333310 SFR ID: FMT_SMF_EXT.2.1
- ID
- SV-257119r904257_rule
- Version
- AIOS-16-709900
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Install a configuration profile to delete all managed apps upon device unenrollment. This setting is normally configured on each managed app in the MDM.