How does the supervised mode work on Apple devices?

Supervised mode allows IT administrators to make advanced settings on mobile devices. This allows security policies to be implemented on iOS, macOS, iPadOS and, in some cases, tvOS devices that go beyond the standard configuration. Additional features include filtering internet usage and updating apps in the background. Today, the security of corporate data is under constant threat as it can be manipulated, overwritten, published or sold through unauthorized access. Corporate data is often the target of cyberattacks, such as ransomware that encrypts data or theft and resale. Unsecured mobile devices offer ideal entry points into corporate networks. 

Accordingly, with Supervised Mode, Apple has created a way to monitor devices used in a corporate context Data security to lend. But Apple devices are not automatically in supervised mode. To put an iOS, iPadOS, or macOS device into Supervised Mode, it must first be reset. That’s why the supervised mode isn’t suitable for devices that are in the BYOD model.

 

How do I recognize a device in supervised mode?

In a corporate context, it is important to be transparent about the introduction of supervised devices. Apple also provides the template here, because the user can see at any time that the device being used is in supervised mode. All he has to do is go to the settings: the message that the device is in supervised mode is displayed at the top.

It is also possible for users to see at any time which functions are being used in supervised mode. The device profile can be accessed under Settings > General > VPN & Device Management and you can see what changes have been made.

 

On which devices is supervised mode possible?

Apple’s Supervised mode is available for all devices, but is preferred for iOS and iPadOS to provide extra security for these mobile devices. Apple provides special interfaces for supervised devices Mobile Device Management (MDM) can be used to activate additional security functions.

We show you the most important features of an Apple device in Supervised mode:

  • In Supervised (managed) mode, mandatory apps are automatically installed in the background
  • If a user blacklists an installed app, it will be hidden (for iOS 9.3+ applications).
  • Additional features include app notifications
  • Always active VPN APN & global HTTP-Proxy
  • The filtering of web content
  • Managed web domains for password autofill on Safari
  • Customization of the background image
  • The display of lock screen messages
  • The layout of the home screen
  • The kiosk mode

Using an MDM, you can set these settings in a policy and assign them directly to Apple devices. As soon as these are switched on, they download the defined profile with all guidelines and are ready for use.

 

How can my devices be put into supervised mode?

There are two ways to put Apple devices into Supervised mode. 

1. Order Apple devices directly as DEP devices

Businesses and schools can manage Apple devices through Apple Business Manager (ABM) or Apple School Manager (ASM). If use in a professional context is intended, the devices can be ordered directly so that the serial numbers are listed in the management portal. By subsequently assigning the MDM to the devices, they are automatically in supervised mode.

2. Add Apple devices to the Apple portal later

Apple devices do not necessarily have to be ordered as DEP devices in order to be used in supervised mode. With the help of the Apple-Configurators They can be subsequently lifted into the ABM or ASM. You can also do this with devices that are already in use. However, note here that the devices can only be put into Supervised mode if they have been previously reset. A backup of important data is therefore essential.

 

Can I remove supervised mode from my devices?

In principle, it is possible to remove the supervised mode from the devices. There are differences as to whether a device has the ABM or ASM was registered or whether this was done via the Apple-Configurator has taken place.

1. Apple Configurator

Reset the device. Either, if the guidelines allow this, the user does this themselves via the device settings, or they have MDM delete it. Then log in to the Apple Configurator and remove the device there via Advanced > delete all content and settings.

2. ABM/ASM

Be sure to disconnect the ABM and MDM, otherwise the devices will automatically be registered in the portal again even after the factory reset as soon as they are switched on again. Select the device in question and click Unassign. The device must then be reset. Please note that this makes the device a BYOD device. This means it is still connected to the ABM/ASM and can be reconnected to the MDM server. To do this, you have to assign the device to MDM again in the ABM, reset it and as soon as it is online again, the MDM profile is installed again and the device is in supervised mode.

Info: You also have the option to completely remove the device from the ABM or ASM instead of just unassigning it by selecting Remove Link instead of Unassign. This is recommended for devices that are to be used privately or recycled.

 

Manage supervised devices properly with an MDM

The Apple Business Manager and the Apple School Manager are purely used to manage the devices. This means that you cannot apply any real security policies here. To do this, as previously mentioned, you need a Mobile Device Management (MDM) system.

MobiVisor MDM provides you with numerous guidelines and features that you can use to provide Apple devices with all the necessary settings in Supervised mode. The big advantage is that with the help of an MDM you can create different settings for different user groups – depending on their requirements and needs.

 

Our consulting service for Apple devices in supervised mode is available to you at any time.

Contact us
Kontakt