Category filter
How does a Supervised iOS device differ from an Unsupervised iOS device?
This article will help you understand the basic differences between supervised and unsupervised devices and their features.
Supervising a device unlocks extra management capabilities, mainly intended for corporate-owned iOS devices. It enhances the security of the business resources on the device and makes it suitable for corporate use.
iOS devices can be supervised using Apple Configurator or Device Enrollment Program (DEP). Without supervision, administrators will have much lesser control over the devices. This can make way to fatal accidents such as end-user overrides, MDM exit, erasing corporate policies, and more. Though it sounds drastic, non-supervised devices can handle basic MDM commands and security configurations suitable for a BYOD scenario. However, to utilize high-end UEM configurations for granular device management, you will have to enable supervision during device enrollment.
Given below are the list of features that differentiate a supervised device from an unsupervised iOS device:
iOS Remote Actions
The availability of Hexnode’s one-time remote actions on iOS devices might vary based on its supervision status.
Listed below are the remote actions available for iOS devices in Hexnode UEM.
| Feature | Supervised | Devices enrolled via User Enrollment | Others |
|---|---|---|---|
| Scan Device | |||
| Scan Device Location | |||
| Lock Device | |||
| Clear Password | |||
| Change Owner | |||
| Edit Device Attributes | |||
| Wipe Device | |||
| Change Ownership | |||
| Enable Lost Mode | (iOS 9.3 or later) |
||
| Disable Lost Mode | (iOS 9.3 or later) |
||
| Rename Device | (iOS 5.0 or later) |
||
| Remote Ring | (iOS 10.3 or later) |
||
| Clear Activation Lock | (iOS 7.1 or later) |
||
| Disenroll Device | |||
| Install Application | |||
| Uninstall Application | |||
| Broadcast Message | |||
| Power off Device | (iOS 10.3 or later) |
||
| Restart Device | (iOS 10.3 or later) |
||
| Update OS | Note: On devices with versions prior to iOS 10.3, DEP-enrollment and supervision are mandatory to execute this action. Update OS can be executed on supervised iOS devices running later versions even if they were not enrolled via DEP. |
||
| Enable Personal Hotspot | |||
| Disable Personal Hotspot | |||
| Associate Policy | |||
| Add Devices To Group | |||
| Set Friendly Name | |||
| Delete Device | (Pre-approved devices only) |
(Pre-approved devices only) |
(Pre-approved devices only) |
iOS Configurations
| Feature | Supervised | Devices enrolled via User Enrollment | Others |
|---|---|---|---|
| Passcode | |||
| Mandatory Apps | Installs silently | Installs on user confirmation | Installs on user confirmation |
| Application Blacklisting/Whitelisting (iOS 9.3+) |
App is hidden if the user blacklists an already installed app. | Device is marked as non-compliant if a blacklisted app is installed on the device. | Device is marked as non-compliant if a blacklisted app is installed on the device. |
| App Catalog | |||
| Web Clips | |||
| App Notifications | |||
| Wi-Fi | |||
| VPN (Except Always On VPN) | |||
| Always On VPN | |||
| APN | |||
| SCEP | |||
| Certificates | |||
| Global HTTP Proxy | |||
| Web Content Filtering | |||
| Unmarked Email Domains (Managed Domains) | |||
| Managed Web Domains (Managed Domains) | |||
| Managed Web Domains for Password Autofills on Safari (Managed Domains) | |||
| Business Container | |||
| Exchange ActiveSync | |||
| CardDav | |||
| Calendar | |||
| CalDav | |||
| Google Accounts | |||
| LDAP | |||
| Network Usage Rules | |||
| Fonts | |||
| Wallpaper | |||
| AirPrint | |||
| AirPlay | |||
| Lock Screen Message | |||
| Home Screen Layout | |||
| App Configuration | |||
| Kiosk Mode | |||
| Location Tracking | |||
| Geofencing: A specific policy is applied when the device is within the geofence, the device will also be non-compliant when it crosses the geofenced region |
iOS Restrictions
| Feature | Supervised | Devices enrolled via User Enrollment | Others |
|---|---|---|---|
| AirDrop (iOS 7.0+) |
|||
| Apps can modify cellular data usage (iOS 7.0+) |
|||
| Add or remove TouchID | |||
| iMessage (iOS 6.0+) |
|||
| Game Center (iOS 6.0+) |
|||
| Multiplayer gaming | |||
| Pair with iTunes (iOS 7.0+) |
|||
| Install configuration profile (iOS 6.0+) |
|||
| Definition lookup (iOS 8.1.3+) |
|||
| Predictive keyboard (iOS 8.1.3+) |
|||
| Auto-correct words | |||
| Suggest words on misspellings | |||
| Keyboard shortcuts (iOS 9.0+) |
|||
| Pair with Apple Watch (iOS 9.0+) |
|||
| Modify diagnostic data submission settings (iOS 9.3.2+) |
|||
| Modify Bluetooth settings (iOS 10.0+) |
|||
| Use voice to type (iOS 10.3+) |
|||
| Connect to MDM-configured Wi-Fi networks only (iOS 10.3+) |
|||
| Users can modify Personal Hotspot settings (iOS 12.2+) |
|||
| Create VPN configuration<\/b> (iOS 11.0+) |
|||
| AirPrint (iOS 11.0+) |
|||
| Connect with iBeacon (iOS 11.0+) |
|||
| Store AirPrint credentials in Keychain (iOS 11.0+) |
|||
| Use trusted certificates for secured printing (iOS 11.0+) |
|||
| Install app from App Store (iOS 9.0+) |
|||
| Remove apps | |||
| Remove system apps (iOS 11.0+) |
|||
| iBooks Store (iOS 6.0+) |
|||
| Apple Music (iOS 9.3+) |
|||
| iTunes Radio (iOS 9.3+) |
|||
| News (iOS 9.0+) |
|||
| Podcasts (iOS 8.0+) |
|||
| Download all purchased apps automatically (iOS 9.0+) |
|||
| Activation Lock (iOS 7.0+) |
|||
| Modify an account | |||
| Erase content and settings | |||
| Siri can access user-generated content (iOS 7.0+) |
|||
| Modify Find My Friends (iOS 7.0+) |
|||
| Use profanity filter | |||
| Show web results using Spotlight Search | |||
| Modify Restrictions/ Screen Time (iOS 8.0+) |
|||
| Modify passcode (iOS 9.0+) |
|||
| Modify device name (iOS 9.0+) |
|||
| Modify wallpaper (iOS 9.0+) |
|||
| Users can turn notifications on/off (iOS 9.3+) |
|||
| Force Automatic Date and Time (iOS 12.0+) |
|||
| Autofill Passwords (iOS 12.0+) |
|||
| Request passwords from nearby devices (iOS 12.0+) |
|||
| Share passwords via AirDrop Passwords feature (iOS 12.0+) |
| Feature | Supervised | Devices enrolled via User Enrollment | Others |
|---|---|---|---|
| Camera | |||
| Facetime | |||
| Screen Capture | |||
| Touch ID | |||
| Siri | |||
| Allow Siri while device is locked | |||
| Voice dialing | |||
| Automatic sync while roaming | |||
| Show App Store on the device | |||
| iTunes Store | |||
| Force user to enter iTunes store password for each purchase | |||
| In-app purchases | |||
| Trust enterprise app | |||
| Users can modify enterprise app trust | |||
| Backup enterprise-deployed iBooks | |||
| Sync managed app data with iCloud | |||
| YouTube (below iOS 6) |
|||
| Safari | |||
| Autofill | |||
| Fraud warning | |||
| JavaScript | |||
| Block pop-ups | |||
| Accept cookies | |||
| Access Passbook when the device is locked | |||
| Add friends in Game Center | |||
| Backup files to iCloud | |||
| Sync documents | |||
| Photo Stream (disallowing might cause data loss) |
|||
| Share photo streams | |||
| iCloud photo library | |||
| Sync enterprise book metadata across devices | |||
| Lock screen notifications | |||
| Today View on lock screen | |||
| Control Center on lock screen | |||
| Over the air PKI updates | |||
| Limit ad tracking | |||
| Send diagnostic data to Apple | |||
| Accept untrusted TLS certificate | |||
| Force encrypted backup | |||
| Show notification on Apple Watch if worn | |||
| Explicit music, podcasts and iTunes U services | |||
| iBooks store erotica | |||
| Rating region | |||
| Content rating | |||
| Movies (region-based rating) |
|||
| TV shows (region-based rating) |
|||
| App ratings |
