Apple @ Work is brought to you by Kandji, the MDM solution built exclusively for organizations that run on Apple. Kandji is a modern, cloud-based platform for centrally managing and securing your Mac, iPhone, iPad, and Apple TV devices, saving IT teams countless hours of manual work with features like one-click compliance templates and 150+ pre-built automations, apps, and workflows. Request access.
Supervision on the macOS, iPadOS, and iOS is one of the most fundamental decisions you can make when planning out your business or K–12 deployments. Unlike most aspects of your Apple deployment, if you mess up on supervised devices on the front end, it’s difficult and time-consuming to recover from after the fact. Let’s dive in on device supervision with Apple and how to leverage it to help your deployment become a successful one.
About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Table of contents
- What does supervision enable on iOS?
- What does supervision on tvOS allow you to do?
- How do you supervise a device?
- Should you supervise a device?
- How can I tell if my device is supervised?
- Wrap-up on device supervision
Supervision gives schools and businesses greater control over the Apple devices they use in their organization. Once you’ve supervised a device, you’ll have much greater control over a device than you’d typically have.
What does supervision enable on iOS?
Over the years, Apple has introduced various new mobile device management payloads. Some of the most common ones are:
- Allow Shared iPad Temporary Session
- Add Game Center friends
- Install apps using App Store
- Safari AutoFill
- Use Safari
- iTunes Store
- Allow network drive connections
- Allow USB device connections
- Force Wi-Fi on
- Allow Find My Device
- Siri profanity filter
- Remove apps
- Disable iMessage
- Disable Apple Books
- Autonomous Single App Mode
- Erase All Content and Settings
- Disable Apple Podcasts
- Disable AirDrop
- Modify restrictions or Screen Time settings
- Modify Wallpaper
- Modify device name
- Pair with Apple Watch
- Disable Apple News
- Modify passcode
- Disable Apple Music
- Restrict App Usage
- Apple Classroom settings
- Disable discovering AirPrint printers using iBeacons
- Modifying Bluetooth settings.
Apple has a complete list as well as the required iOS version on their MDM guide. It also provides additional device configurations and features, such as silently updating apps or filtering web usage.
What does supervision on tvOS allow you to do?
Apple TVs have become popular devices for digital signage due to their relatively low cost compared to traditional tools. Apple TVs can also be supervised over the air using Apple Business Manager and your MDM, or you can use Apple Configurator.
Once your Apple TV is supervised, you can control the following restrictions:
- Prevent Apple TV from going to sleep
- Defer software updates
- Turn on “Set Automatically” in Date and Time settings
- Proximity AutoFill
- Modify device name
- Restrict app usage
- AirPlay
- Pair with Apple TV Remote app
How do you supervise a device?
Supervision of an Apple device happens during the setup assistant process connected with Apple School Manager or Apple Business Manager. When an iPad, iPhone, or Apple TV connects to Wi-Fi or ethernet to activate, if the serial number is found in ASM or ABM, it’ll prompt the user to enroll in the connected MDM and then be considered supervised. Starting with macOS 11 or later, a Mac computer is also considered supervised when a user performs an enrollment into an MDM.
If you don’t purchase an MDM, you can also use Apple Configurator to supervise a device locally on your Mac. Supervising a device using Apple Configurator requires the devices to be wiped ahead of time.
Should you supervise a device?
In all environments where you managed iOS, macOS, and tvOS devices, I highly reccomend supervising a device. Oddly enough, it’s gotten easier to supervise a device over the years, and it adds a level of control that makes your deployment easier to manage.
How can I tell if my device is supervised?
On iOS and iPadOS, you can go to Settings > General > About and look for this line of text under the name of the device: “This [iPhone, iPad, or iPod touch] is Supervised. [Organization name] can monitor your internet traffic and locate this device.”
On macOS 11 and newer versions, enrolling it into a mobile device management system will supervise it. You can see if your Mac is enrolled in a mobile device management system by clicking on the Apple Logo > System Preferences and look for a Profiles section.
Wrap-up on device supervision
Device supervision is an older technology by modern Apple deployment standards, but it’s a vital part of a deployment strategy. Especially on the iOS side, it’s essential to purchase your devices from a place where they end up in Apple Business Manager or Apple School Manager so you can use zero-touch deployment, and the devices will be supervised over the air. With device supervision, you’ll get more control over your devices to set them up in a way that works for your organization. For people using supervised devices, your IT department can’t read your iMessages or look at your iCloud Photos.