What is Apple iOS & MacOS supervised mode & how do I activate it?

What is Apple supervised mode?

Supervised mode is a special mode that gives an administrator more device control. Supervised mode offers additional settings, configuration options, and management capabilities for institutionally owned devices.

Let's dig into what supervised mode does for your fleet. I'll also cover how to tell if devices are supervised, how to set up auto-enrollment for supervision, and how to manually enroll devices when needed.

Technical requirements for supervised mode

Quick fact! If your organization's devices were enrolled in MDM using Automated Enrollment, they are automatically supervised. 

Here's how you tell:

• If the serial numbers of the devices appear in your Apple Business Manager, Apple School Manager, or Apple Business Essentials inventory and point to your MDM with an ADE enrollment...

• And they last enrolled in that MDM through Auto Enrollment...

• Then your Apple devices are already automatically supervised.

What can supervised mode do?

Here are a few fun tricks you can deploy using supervised mode:

• Restrict access to apps

• Filter web content 

• Configure home screen layouts

• Set app lock (Single App Mode)

• Bypass Activation lock

• Install apps silently

• Enable Lost Mode

• Push remote OS updates

• Enable more restrictions

Check out Apple's complete list of MDM restrictions for supervised Apple devices.

iOS devices and supervised mode

Note that iOS devices must be running iOS 5 or later.

iOS was the first device to offer supervised mode, so its capabilities are built out reasonably well. With supervised mode enabled, administrators can restrict iOS device features, such as applications, camera functions, or iMessage. It also allows the remote installation and removal of apps, the configuration of a global proxy, or the control of other settings like account modification or iOS updates.

Check Apple's MDM restrictions to compare and contrast what supervised mode adds to iOS.

macOS devices and supervised mode

Note that Supervised Mode wasn't available for macOS devices until macOS 11, so the required version minimum is macOS 11 or later. Any macOS devices enrolled in MDM before the release of macOS 11 will automatically enter Supervised Mode after updating.

There are fewer MDM features for macOS that rely on Supervision being enabled. And honestly, that's a good thing! It simplifies Mac management significantly. Even so, we've still seen some fantastic macOS Supervision features (especially in the educational space).

Proximity AutoFill can be restricted through supervised mode, preventing password sharing with nearby devices. Classroom permissions, available from macOS 10.14.4, enable students to join classes without teacher prompts and allow teachers to lock apps or devices unrestrictedly. We also see the ability to restrict the dictation feature from macOS 10.13 onwards.

Check Apple's MDM restrictions to compare and contrast what supervised mode adds to macOS.

iPadOS and supervised mode

Note that iPadOS must be running iPadOS 13 or later.

The introduction of iPadOS in 2019 didn't alter supervised mode in any drastic way. Like iOS, supervised mode in iPadOS allows higher control over device settings, enabling or disabling specific functionalities and administrating the app installation or removal process.

tvOS and supervised mode

Note that Apple TV must be running tvOS 10.2 or later.

Supervised mode enriches the Apple TV experience in enterprise and institutional settings by allowing remote control over apps and settings. Features can be restricted, Single App Mode enabled, and updates managed. For instance, supervised Apple TVs in lobbies or conference centers can use supervision features to display designated content or apps.

Supervised mode: Automatic vs. manual

iOS devices can be placed under supervision by two different methods:

• Automatic (using ADE)

• Manual (using Apple Configurator for iOS)

Automatic supervised mode

Automated Device Enrollment with Apple Business Manager is used to bootstrap new devices with a working configuration. For instance, ADE can automatically enroll devices in SimpleMDM when they are unboxed and turned on. It also places devices in supervised mode automatically as of macOS 10.15. ADE is especially beneficial for larger device fleets or remote setups, as it circumvents the need for a physical connection to a Mac.

I strongly recommend using the auto-enrollment approach for complete control. This prevents the user from removing MDM profiles and thus losing control of the device if it becomes erased.

Manual supervised mode

But sometimes, the automatic approach isn't possible. Since macOS 11, supervision is on by default, so no worries there. But for iOS devices that can’t be enrolled in ADE, you’ll need to manually enroll the devices using Apple Configurator. 

Deployment Note: Supervised mode outside of ADE is limited, less secure, and can require more end-user interaction. Supervision with manually enrolled machines outside ADE also exposes you to the risk of end users erasing the machine, thus removing the MDM profile on manually enrolled devices entirely. That's why I recommend using ADE's automatic approach to supervision whenever possible.

How to automatically enable supervised mode with ADE

To configure automated enrollment to supervise your new devices, complete the following steps from within SimpleMDM:

1. Click Enrollments under the Devices heading.

2. Under the Add Enrollment dropdown, select Automated Enrollment (DEP).

3. If you haven't already, follow the instructions to pair SimpleMDM with your Apple Business Manager account.

4. Associate your devices with the connected server in Apple Business Manager.

5. Activate your devices and connect them to the internet to complete enrollment.

Once automated enrollment is configured, SimpleMDM automatically enables supervised mode on all devices enrolled from your Apple Business Manager account.

How to tell if your device is supervised through SimpleMDM

Go to Devices and click on your desired device. Click the Info tab, and under Device Details scroll down to the Enrollment section. The Supervised field will say yes or no to indicate whether your device is supervised.

How to manually activate supervised mode for iOS with Apple Configurator

The manual method for setting up supervised mode for iOS devices uses the Apple Configurator macOS App. Apple Configurator is a free application available on the Mac App Store.

To use Apple Configurator for supervised mode, each device must be physically connected to a Mac through a USB cable. The devices can be configured individually or simultaneously if you supervise multiple devices. The device is wiped clean and set up as a new device with supervised mode enabled.

1. Download the latest version of Apple Configurator.

2. Attach your iOS device to the computer using the USB cable.

3. Start Apple Configurator.

4. In the All Devices view, right-click the iOS device.

5. Click Prepare.

6. Select Manual from the Configuration dropdown and make sure the Supervise devices box is checked.

7. Uncheck Add to Apple School Manager or Apple Business Manager if you specifically want to supervise the device without ABM/ASM connection.

8. On the Enroll in MDM Server screen, optionally define an MDM server using your SimpleMDM enrollment URL.

9. Add the details of your company on the following screen if desired.

10. Generate a supervision identity when prompted (if you haven't already).

11.  Click the Prepare button once you reach the end of the dialog boxes.

12.  If prompted, click Restore.

13.  The device will prepare and reset.

Ready to explore the benefits of Apple's supervised mode firsthand? Jumpstart your journey by trying our 30-day free trial today and take the first step towards seamless device management!