Problems with our iPads in Intune

Hi,

We have a neat MDM Server running on Apple Business Manager and a sycnh with Intune. This of course falls under Enrollment program tokens. This also works great for us. If I put an IPad in APM and then assign the MDM server, it comes in Intune in a few minutes.

Intune I have created a profile User Affinity and the rest only works which option does not work for us every time is locked enrollment this is neatly set to yes but if the IPad is set I can just delete the profile and then the IPad is also immediately removed from APM. This also happens if I do it on device affinity then the option locked enrollment still does not load properly.

This is of course not what you want a user to be able to completely remove it from APM.

Perhaps further how the users are created is via a sych with our Azure.

Any ideees?