What is iOS supervised mode & how to activate Supervision

What is Supervision?

Supervision, introduced by Apple in iOS 5, is a special mode that gives an administrator more control of a device. It is intended for institutionally-owned devices. iOS supervised mode now extends to iPadOS and tvOS, but for simplicity in this article, we use iOS broadly.

While SimpleMDM historically controlled devices owned by employees in a bring-your-own-device (BYOD) fashion, companies now frequently own the devices themselves. This introduces new opportunities for controlling the device with SimpleMDM that previously would have been overbearing for an employee-owned device.

What does Supervision allow for?

The following are examples of what’s possible under supervision:

• Restrict access to apps

• Filter web content

• Configure home screen layouts

• App lock (Single App Mode)

• Activation lock bypass

• Silent app installations

• Enable Lost Mode

• Push remote OS updates

• Enable additional restrictions

For Apple’s current list of all supervised restrictions, please visit https://support.apple.com/guide/mdm/supervised-restrictions-mdm54960f92a/web

How to activate Supervised Mode for iOS

The device enters supervision in two ways. The best method depends upon your deployment.

Supervise a Device with Apple Configurator

Apple Configurator is a macOS application. To supervise a device with Apple Configurator, you must have a macOS computer and USB cable available. Each device needs to connect to the computer. For a few devices, this is a good method.

1. Download the latest version of Apple Configurator. We used Apple Configurator 2.2 in this guide. https://apps.apple.com/us/app/apple-configurator-2/id1037126344

2. Attach your iOS device to the computer using the USB cable

3. Start Apple Configurator

4. In the “All devices” view, click the iOS device

5. Click “Prepare”

6. Select “Manual” from the “Configuration” dropdown

7. On the “Enroll in MDM Server” screen, optionally define an MDM server using your SimpleMDM enrollment URL

8. On the “Supervise Devices” screen, ensure “Supervise devices” is checked

9. Add the details of your company on the following screen if desired

10. Generate a supervision identity when prompted (if you haven’t already)

11. Click the “Prepare” button once you reach the end of the dialog boxes

12. The device will prepare and reset

Supervise Devices using Automated Enrollment with Apple Business Manager (formerly Apple Device Enrollment Program)

Automated enrollment with Apple Business Manager is used to bootstrap new devices with a working configuration. For instance, automated enrollment can be used to automatically enroll devices in SimpleMDM when they are first unboxed and turned on. It can also place devices in Supervision mode automatically. This process is the way to go if your organization has a non-trivial number of devices that need to be placed under supervision.

To configure automated enrollment to supervise your new devices, complete the following steps from within SimpleMDM:

1. Click “Enrollments” under the Devices heading

2. Under the “Create Enrollment” dropdown, select “Automated Enrollment (DEP)”

3. If you haven’t already, follow the instructions to pair SimpleMDM with your Apple Business Manager account

4. Once paired, make sure “Place device in Supervised mode” is checked and click “Save”

5. Associate your devices with the connected server in Apple Business Manager

6. Activate your devices and connect them to the internet to complete enrollment

Once automated enrollment is configured, SimpleMDM automatically enables supervision on all devices enrolled from your Apple Business Manager account.