Device in offline demo mode has the ability to connect to the network, but because its enrollment is only simulated locally, DMServer knows nothing about it.

Right now device is trying to do a policy fetch using device id and DM token that are contained in offline policy blob (the same blob for every offline demo device).

Policy fetch fails, but it would be good to prevent attempts of communication with DMServer.
To achieve that in an easy way, we could remove DM token form offline policy blob. If DM token or device id are not present in the policy device is considered unregistered.

At this point we cannot modify offline policy blob, because we do not have ability to sign it with DMServer key.