Supervision is a device management feature introduced by Apple that would allow organizations like schools and businesses to manage their devices more efficiently and effectively.
Organizations can get more control over their Apple devices by adding supervision, in addition to the existing Mobile Device Management (MDM) or Unified Endpoint Management (UEM) efforts.
Table of Contents
- History of supervision on Apple devices
- How to supervise Apple devices
- Supervision and Hexnode
- Steps to supervise an Apple device using DEP/ Automated Device Enrollment
- Steps to supervise an Apple device using Apple Configurator 2
- Difference between devices supervised via Automated Device Enrollment and those supervised without it
- How to remove supervision from Apple devices?
- How to check if an Apple device is supervised or not
History of supervision on Apple devices
Supervision was initially introduced in iOS 10.5 with the sole intention of giving organizations granular control over their devices. Later on, the supervision feature was made available for every Apple device.
In comparison to other Apple devices, supervision enables a lot more device management tools in iOS and iPadOS.
Supervision was closely associated with Apple DEP (Device Enrollment Program) enrollment, now known as Automated Device Enrollment, in the case of macOS devices as it was the only way to supervise Macs initially. After the introduction of User Approved MDM enrollment, the two terms, Automated Device Enrollment and supervision were used separately.
Note: Apple DEP is now known as Automated Device Enrollment
How to supervise Apple devices
Enabling supervision on Macs and other Apple devices is a bit different.
macOS devices
Before the macOS X 10.14.4 Mojave update, only devices that were enrolled using Automated Device Enrollment or DEP method would get your Mac supervised. Also, devices that were enrolled and then updated to macOS 11+ would be supervised only if the previous enrollment was approved by a local administrator.
Other Apple devices
Automatic Device Enrollment is the only automatic method of supervising other Apple devices, like iPhone, iPod touch and iPad. Manual setup of supervision on these devices can be done using Apple Configurator 2.
Devices that run iOS 10.5+, iPadOS 13.1+ and tvOS 12.2+ support supervision.
Devices that have iOS 13, iPadOS 13.1 and tvOS 13 will be automatically supervised if they are enrolled using Automated Device Enrollment. If not automatically supervised then the device has to be manually supervised using a Mac and Apple Configurator 2.
Supervision and Hexnode
Hexnode lets you manage supervised Apple devices very easily. Enrollment and deployment of supervised Apple devices are made easy with the use of Hexnode.
Apart from Automated Device Enrollment and Apple Configurator enrollment Apple devices can be enrolled using other methods with Hexnode. Devices can be enrolled using enrollment links or QR codes that can be shared in any way.
Pushing Custom Configuration Profiles to Apple devices is also possible through the Hexnode portal. Custom Configuration profiles can be used to configure settings that Hexnode does not support.
Featured Resource
Apple Device Management: For the robust security of the digital workspace
Efficient management strategies are a must for managing the wide range of Apple devices in enterprises. Check out how you can effectively manage all your Apple devices with Hexnode’s Unified Endpoint Management solution.
Download White paperAnd if you get lost anywhere in between, fear not Hexnode’s help documents can guide you to an easy and simplified device management experience.
Supervised vs Unsupervised device features
| Platform | Setting | Supervised | Unsupervised |
| iOS and iPadOS | Allow putting a device into recovery mode from an unpaired host | ✅ | ❌ |
| Allow NFC (iOS specific) | ✅ | ❌ | |
| Allow app clips | ✅ | ❌ | |
| Allow shared iPad temporary session (iPadOS specific) | ✅ | ❌ | |
| Add Game Center friends | ✅ | ❌ | |
| Multiplayer gaming | ✅ | ❌ | |
| Safari AutoFill | ✅ | ❌ | |
| Use Safari | ✅ | ❌ | |
| iTune Store | ✅ | ❌ | |
| Allow network drive connections | ✅ | ❌ | |
| Allow USB device connections | ✅ | ❌ | |
| Force Wi-Fi | ✅ | ❌ | |
| Allow Find My Device and Find My Friends | ✅ | ❌ | |
| Playback of explicit music, podcasts, and iTunes U content | ✅ | ❌ | |
| iCloud document and data | ✅ | ❌ | |
| Modify personal hotspot settings | ✅ | ❌ | |
| Modify eSIM setting | ✅ | ❌ | |
| Password and Proximity AutoFill | ✅ | ❌ | |
| Share password over AirDrop | ✅ | ❌ | |
| Automatic Date and Time setup | ✅ | ❌ | |
| Require teacher’s permission to leave classroom- teacher-created classes | ✅ | ❌ | |
| Defer software updates | ✅ | ❌ | |
| Remove system apps | ✅ | ❌ | |
| Require Touch ID or Face IDauthentication for AutoFill | ✅ | ❌ | |
| Modify Bluetooth settings | ✅ | ❌ | |
| Modify cellular network settings | ✅ | ❌ | |
| Add VPN configurations | ✅ | ❌ | |
| AirPrint | ✅ | ❌ | |
| Discover AirPrint using iBeacon | ✅ | ❌ | |
| Classroom to perform AirPlay and View Screen without prompting | ✅ | ❌ | |
| Classroom can focus students on a single app and lock the device without prompting | ✅ | ❌ | |
| Automatic joining Classroom classes without prompting | ✅ | ❌ | |
| Store AirPrint credentials in Keychain | ✅ | ❌ | |
| Modify diagnostic settings | ✅ | ❌ | |
| Restric app usage | ✅ | ❌ | |
| Apple music | ✅ | ❌ | |
| Radio | ✅ | ❌ | |
| Modify Notification settings | ✅ | ❌ | |
| Modify passcode settings | ✅ | ❌ | |
| Automatic app download | ✅ | ❌ | |
| Pair with Apple Watch | ✅ | ❌ | |
| Modify device name | ✅ | ❌ | |
| Modify wallpaper | ✅ | ❌ | |
| Keyboard shortcuts | ✅ | ❌ | |
| Modify TouchID fingerprints and FaceID faces | ✅ | ❌ | |
| Predictive keyboard | ✅ | ❌ | |
| Auto correctection | ✅ | ❌ | |
| Spell check | ✅ | ❌ | |
| Define and look up | ✅ | ❌ | |
| Modify Restrictions or Screen Time settings | ✅ | ❌ | |
| Erase all content and settings | ✅ | ❌ | |
| AirDrop | ✅ | ❌ | |
| Modify Find My settings | ✅ | ❌ | |
| Modify account settings | ✅ | ❌ | |
| Autonomous Single App mode | ✅ | ❌ | |
| User-generated content in Siri | ✅ | ❌ | |
| Install Configuration profiles | ✅ | ❌ | |
| Game Center | ✅ | ❌ | |
| Apple Books | ✅ | ❌ | |
| iMessage | ✅ | ❌ | |
| Siri profanity filter | ✅ | ❌ | |
| Pair with non-Apple Configurator 2 hosts | ✅ | ❌ | |
| Install apps using App Store | ✅ | ❌ | |
| Remove apps | ✅ | ❌ | |
| macOS | Require teacher’s permission to leave classroom- teacher-created classes | ✅ | ❌ |
| Classroom to perform AirPlay and View Screen without prompting | ✅ | ❌ | |
| Classroom can focus students on a single app and lock the device without prompting | ✅ | ❌ | |
| Automatic joining Classroom classes without prompting | ✅ | ❌ | |
| tvOS | Prevent TV from going to sleep | ✅ | ❌ |
| Defer software updates | ✅ | ❌ | |
| Restrict app usage | ✅ | ❌ | |
| AirPlay security | ✅ | ❌ | |
| Pair with Remote app | ✅ | ❌ | |
| Modify device name | ✅ | ❌ |
Steps to supervise an Apple device using DEP/ Automated Device Enrollment
- Configure your UEM in the Apple Business Manager (ABM) portal.
- After the UEM is configured assign devices to the UEM server.
- Enable the supervision option while pushing the configuration profile.
- The device when turned on, becomes supervised and can be controlled from the UEM console.
Steps to supervise an Apple device using Apple Configurator 2
- Create a Wi-Fi profile using the Apple Configurator 2.
- Create a Blueprint in the Configurator and add the Wi-Fi profile to it.
- Prepare the device.
- Push or add the blueprint to the target device.
Note: The device has to be connected to the Mac using a USB cable for using Apple Configurator 2.
Difference between devices supervised via Automated Device Enrollment and those supervised without it
The main difference between these modes of supervision is the retainment of supervision after device is reset. For devices enrolled using Automated Device Enrollment, the supervision is retained even after the device is factory reset. But in case of devices supervised without using Automated Device Enrollment, the supervision is lost when the device is reset.
How to remove supervision from Apple devices?
If your device is supervised and managed using Apple Configurator 2, then the best course of action to make the device unsupervised would be to wipe the device. But do keep in mind that this would cause all the data to be wiped too. So, backup all the data if it is necessary before wiping the device.
The same goes for devices that are enrolled in a UEM/MDM using Apple Configurator 2 or any enrollment method other than Automated Device Enrollment.
In the case of devices that are enrolled using Automated Device Enrollment there are 2 options:
- Remove supervision without disenrolling from MDM/UEM
- For this, the profile name for the device has to be found from the MDM/UEM portal.
- Then from the ABM portal, supervision can be turned off in the configuration profile.
- The device then has to be reset.
- Remove both the supervision and the enrollment
- For this, the device has to be first unassigned from the ABM portal.
- Then the device has to be reset.
In both of the above cases the data in the device has to be backed up if it is necessary.
How to check if an Apple device is supervised or not
Usually, the supervision status of iPhones, iPads, iPods and Apple TV can be found on the settings page. The status is displayed as a message at the top of the main settings page.
In the macOS devices the device supervision status is displayed in the settings but on a different page. Here the status is shown as a small message at the bottom of the Profiles page in System Preferences.
The question of whether or not you require Apple supervision is straightforward. And the answer would be, supervision is the way to go if you want fully granular control over your company’s Apple devices. If the company does not require complete control over its equipment, supervision may not be necessary.
Sign up for a free trial!
Sign up for a 14-day free trial with Hexnode and explore the Apple device management features with Hexnode.
Sign up
Share your thoughts