Just to 100% confirm this before I inform my users. Can you confirm for me that there is currently no way to prevent users manually removing configuration profiles that have not been deployed by Apple Configurator?
One person I spoke to claimed he had managed to stop MDM profiles being removed by using a certificate, but I can't find any reference to this anywhere else.
This has been a hot topic here before. See also Carrots and Sticks.
Aaron Freimark, Enterprise iOS founder & Tekserve CTO
I've been working with this for a long time as well. From what I've heard if your devices are Supervised in Apple Configurator Apple "may" recognize that your company or school owns those devices thus allowing you to lock them down more than a BYOD environment. I heard this funtionality is built into some rev of iOS 7 so perhaps we will have a solution directly from Apple before the end of the year. This could be part of their new VPP roll-out as well.
You are correct. You can only create non-removable configuration profiles via Configurator. There is poor documentation around this as it seems people keep running into this issue though it has been around for the entire life of iOS... Also of note is that the ability of OTA supervision which was promised with iOS 7 has been stripped from all of the iOS 7 information on Apple's site, making for more grumpy iOS admins.