2. Supervising Devices

What is Supervision?

iOS devices can be placed in a special mode called supervised mode. This mode grants a SimpleMDM administrator additional control over the device that they would not have otherwise.

Supervised mode, sometimes referred to as supervision, is a state that's enabled on an iOS/tvOS device. It is not directly tied to MDM, though it allows MDM to send special commands and configurations to the device.

Why Use Supervision?

Supervision enables many additional features and functionalities of MDM. Below are some of the most commonly utilized features.

Feature Benefit
MDM lost mode Use SimpleMDM to place a device in lost mode, much like the "Find My iPhone" feature on icloud.com, except no Apple ID is needed.
Activation lock bypass Prevent being locked out of a device due to Apple ID activation lock.
Silent app installation Push apps to devices without prompting the user for permission to install.
Single App Lock Force a device to run a single app.
Home screen layout and wallpaper Arrange icons on the home screen so that all devices have a unified layout.
App restrictions Create a whitelist or blacklist of apps that appear in iOS.
Global HTTP proxy Force all web traffic to pass through your organization's web proxy.
Web content filter Create a whitelist or blacklist of websites that Safari can visit. Block adult content.
iOS/tvOS Updates and Auto Updates Push OS updates to devices remotely via MDM.
Activation Lock management Disable Activation Lock. Manage Activation Lock bypass codes.
Additional restrictions Block Apple ID and email account modifications, app installs and uninstalls, passcode changes, host pairing, and more.

When is Supervision Used?

Supervision is generally used when an organization owns the devices they are managing. Supervision gives an organization the capability to better control the experience on the device and maintain access to the device than is typical.

Supervision is not appropriate for situations where employees are bringing their own devices to work (BYOD). First, most individuals will not be comfortable granting supervision control to their employer. Second, enabling supervision resets the content and settings of a device, so all existing apps and data will be removed. This data cannot be restored to the device without also restoring the unsupervised state.

Do I Need to Decide Now?

A device must be reinitialized when enabling or disabling supervised mode. Since this reinitialization will also remove the device from SimpleMDM, supervision should be enabled before or during SimpleMDM enrollment.

How do I Activate Supervised Mode?

There are two different methods for placing a device in supervised mode:

  1. Connect the device via USB to an Apple Computer running Apple Configurator software.
  2. Enroll devices in MDM using Automated Enrollment thru Apple Business Manager (Apple DEP).

Both methods also allow for enrolling the device in SimpleMDM at the same time. The specific steps for supervision are outlined in our enrollment step.

Note: Apple also allows devices to be manually added to Apple Business Manager (if they are not already) using Apple Configurator. See this article for instructions:?Manually Add Devices to Apple Business Manager with Apple Configurator.

Further Reading on Supervision:

Continue To Next Step:

Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.