How can I prevent the MDM profile from being removed from a supervised iPhone?

Have you signed up for ABM? It is free and this will be a much more efficient method of managing your fleet. Please be aware that Apple Business Manager and Apple Business Essentials are different things. ABM is free and the cornerstone to automated device enrollment when paired with an MDM. ABE is an MDM that becomes available within ABM if you opt in and pay for the seats. You already have an MDM (Miradore) so ABE is not required.

* If I decide to add my device to Apple Business Manager, does my company need to be fully verified by Apple before that will work?

Yes. Signing up for ABM is a legal agreement between your business and Apple. There is a verification process and setup may take 3 to 5 business days. Go here to get started.

* Is it mandatory to purchase my iPhone directly from Apple Business Sales or a DEP-capable reseller, or can I use my existing iPhone once my business is verified in ABM?

You can use your existing phone but it will need to be wipe in order to side load it into ABM. For the longterm, you will want to purchase all new equipment through a DEP-aware seller to avoid needing to side load the device. Side loading is possible with nearly all Apple devices. But it does require unboxing, capture, and wipe. By buying properly, the units arrive ready for enrollment into your MDM.

* Finally, is there any workaround for non-ABM users to make an MDM profile non-removable on supervised devices?

I am not aware of one but I will be honest, I avoid Apple Configurator like I avoid a nest of angry bees. MDMs with automated device enrollment provides the highest level of management (Supervision) and this means that you can mandate that the MDM enrollment profile is non-removable.

The end goal is to have ABM setup and integrated into your MDM. ABM provides three main functions: Hardware chain of custody, software (App Store) chain of custody, and identity trust through federation if you need managed Apple IDs.

By setting up ABM, you can buy hardware and have it linked to your business. This streamlines deployment as you can ship equipment direct to end users and they are guided through automated enrollment. No need for IT to touch. Regarding software, you can volume license/purchase apps from the App Store and automatically deliver and maintain patch compliance on supervised devices. No user prompt and no Apple IDs required.

If you need Apple IDs, you can opt to use Managed Apple IDs and this can be setup in ABM. Step one is to lock your domain to ensure no new IDs are created using your domain. Step two, assuming you have a compatible identity provider, is to federate and sync. Now Apple IDs are linked to your identity provider and single sign on is achieved. Note, Managed Apple IDs have limitations so understand what your needs are before going this route.

When you write, "I’ve recently supervised my iPhone using Apple Configurator and successfully enrolled it into an MDM setup," do you mean that you used Apple Configurator to capture a retail asset into Apple Business or School Manager and then assigned the asset to an MDM and performed an automated enrollment?

If so, what is your MDM? And look in your prestage policy. The prestage policy should include an option to prevent unenrollment. Here is the interface from Jamf. Note that the profile is mandatory and removal is not allowed.

Now, one additional note. If you side loaded a device using Apple Configurator, the device is in a 30 day provisional period. Read here for details. A user can drop the device from ABM/ASM and management during this time.

To avoid the 30 day provisional process, purchase all future equipment for Apple Business sales or from a DEP-capable reseller. This will ensure that your hardware is assigned to your ABM/ASM before delivery.

Hope this helps.