iOS supervised vs unsupervised: why and how to supervise the iPhones and iPads of your company

8 min read

by Mosyle Team

@mosyle_biz

iOS supervised vs unsupervised: why and how to supervise the iPhones and iPads of your company

A very important thing to think about when deploying Apple devices and any other technology tools in the workplace, is how the IT team will be able to manage these devices, protecting corporate data and ensuring productivity. A mobile device management (MDM) solution is the answer, but there are a couple of additional settings that can provide the IT department with even more control over the devices.

It’s crucial to make sure the capabilities for the mobile device management solution are working effectively so your company can give the best experience to employees when they are working with a managed device, and one of the ways to accomplish that level of management success, is from supervising the iPhone and iPad devices.

Supervision can make a huge impact when it comes to managing Apple devices in the workplace in the long run. That’s why we’ve answered some commonly asked questions in this article to help you understand why and how it is a good choice to supervise iOS devices. Read on to find out more!

What is supervision?

Supervision is the procedure that proves an institution (enterprise or educational) has ownership over the Apple devices. This mode is applicable for iOS and tvOS devices. In this article, we are going to focus on iOS devices, iPhones and iPads, but the procedures are very similar when it comes to Apple TVs.

With the supervised mode, the IT Administrators are able to have more control over the devices and get many MDM possibilities to remotely manage the Apple devices by performing more restrictive actions.

Are supervision and enrollment the same procedures?

No, supervision and enrollment are two separate procedures. The iPhone can be enrolled into an MDM solution using the manual enrollment process, which is done by simply typing the Enrollment URL into the device browser, and not be supervised. Similarly, the iOS device can be supervised using the Device Enrollment Program (DEP) or Apple Configurator 2 (AC2), but not be enrolled into the server of the MDM.

It's important to remember that an iOS device that is supervised and enrolled in the MDM solution will allow the IT administrators to execute more actions and commands to remotely manage the device. Since some corporate policies are configured by using certain iOS restrictions that require the Supervised mode, the iPhone device would have to be supervised in order to have these restrictions properly configured.

iOS supervised vs unsupervised

So there are two modes in which iOS and tvOS devices can be managed: Supervised and Unsupervised modes. How you will decide on which mode will depend on how the devices will be used in the workplace, who will be using it and who actually owns the device itself.

We recommend supervising the devices before performing any type of configuration or assigning them to any employees. If there are unsupervised devices already in use, and you were to attempt to put them into supervised mode, they would be completely wiped and would have no way to be restored from a backup (iCloud or iTunes).

Important to note that some MDM functionalities that support companies and businesses managing Apple devices in the workplace, can only affect the devices that are being supervised.

Why should your company supervise the iOS devices?

When using a corporate-owned iPhone, the best option to go with is supervising the device. When this is done, the IT Administrator will have access to many MDM features available for remote configuration and management of the device, both inside and outside of the workplace and office.

One example of corporate policies that require the supervised mode, is setting a time-based list of blocked and allowed applications. This will help avoid the misuse of entertainment applications, such as Netflix and Hulu, on the company-owned device during a certain period of the day in the workplace, for example.

Check out some features that require iPhones and iPads to be in supervised mode:

  • Blocked/Allowed Apps
  • Web Filter
  • App Lock
  • Some Native Restrictions
  • Wallpaper

Check out some features that do not require supervised mode:

  • View device info
  • View installed books/apps
  • View location (if Location Services are enabled)
  • Install apps and books remotely
  • Configure Wifi Profile
  • Do not allow: Siri, Camera, FaceTime, iCloud backup, pop-up Safari tabs, Manage cookies, Print Screen and Screen Recording, Sharing photos, App/Movie/TV restrictions based on age rating, and In-App purchases
  • Add Web Clips
  • Add Certificates, Mail, Calendar, Native Passcode Policies, and AirPlay profiles

How can I supervise an iOS device?

There are two methods to supervise an iOS device: using the Apple Business Manager or Device Enrollment Program (DEP) is one, and the other is to configure the iPhones and iPads Supervision with Apple Configurator 2 (AC2), a Mac-only software provided by Apple in the Mac App Store. Read on below on how to supervise the devices using those methods:

Supervising iOS devices with Apple Business Manager or DEP

Apple Business Manager (ABM) is one of the Apple programs that can aid companies and organizations in deploying Apple devices by gathering features from DEP (Device Enrollment Program) and VPP (Volume Purchase Program) in one single platform. By integrating ABM with Mosyle Business, it’s possible for the entire configuration process to be simplified, including supervision and the over-the-air enrollment, removing specific steps of the Setup Assistant. This will allow for the employees to use the devices promptly when receiving them from the IT department. iPhone ready to use!

When you’re creating the DEP profile within the Mosyle Business platform, you'll see that install the MDM profile and supervise the devices are mandatory settings. You can choose to indicate if the end-user can or can’t remove the device management profile.

This ensures all rules, usage and privacy policies defined by the company, will always be active on the devices. As soon as the iOS device is taken out of the box and activated, it will be setup and registered in the MDM solution and all management settings, apps and books can be ready to use right away!

Supervising iOS devices with Apple Configurator 2

We only recommend this method for supervising the devices, if Apple Business Manager isn’t available in your region/country, since ABM helps you streamline not only the supervision process, but also the entire enrollment and deployment process. If ABM is available in your region/country and your company doesn't have an opened account, visit the Apple portal and open an ABM account.

As we said before, Apple Configurator 2 is a software provided by Apple and only available for Mac devices. Using AC2, you can build a “blueprint” to supervise the iOS and tvOS devices and enroll them to the MDM solution as well.

You can think of this blueprint like a template within the AC2 software that will allow you to preconfigure settings, items, options as well as restore the data and apply them on the iOS devices. When you do supervise using AC2, the IT team can enroll the devices using the Enrollment URL and then assign them to users using the MDM solution.

The workflow of supervising the devices using AC2 is simply just connecting all the devices to the Mac and clicking "Prepare". In this sequence, you should follow the onscreen instructions. To streamline your deployment, we recommend to supervise and enroll the devices at the same time if you do not have ABM/DEP and will make the entire workflow using this software. So, remember to have copied the enrollment URL from the Mosyle Business platform.

During this process, you will need to see an option to Supervise Devices. As long as this option is checked, your devices will be supervised. After adding the Enrollment URL, the device will also be registered in the MDM solution and all of the management settings will be available to use.

And now it's time to manage the Apple devices

This is one of the first steps when it comes to deploying the iOS and tvOS devices in your organization. After that, the IT department can enroll the devices in the MDM server, set up the basic configuration and assign devices to the employees.

Once this is done, it's time to manage the devices, by delivering applications, applying corporate policies, and keeping track of any issue that occurs. And you can have the most enjoyable experience while managing devices in the workplace. Want to discover the most intuitive, easy-to-use MDM solution?