Category Filter

Supervise iOS devices without data loss

What is supervision?

Supervision is a deployment strategy introduced by Apple in managing corporate-owned iOS, macOS and tvOS devices. Since its inception with iOS 5, businesses have taken up “Supervision” as an effective method for iOS device management. Supervision indicates that an organization owns the devices and that it exercises complete control over them. The users can access a supervised device in a way as determined by the organization. The organization can decide what features can be used on the device by enforcing advanced restrictions or customizing device settings remotely from a Unified Endpoint Management console.

You can achieve iOS device supervision from the Hexnode UEM console in two different ways. These methods help you enable supervised mode on iOS devices while enrolling them in Hexnode.

Challenges faced by organizations while enabling supervision

Supervision provides various advantages to enterprises. Setting up supervised mode prevents the users from dismissing the device management profile installed on corporate devices (except for the 30-day provisional period in case of devices added to DEP via Apple Configurator). Hence, even if the users accidentally wipe the device (a device wipe operation unintended by the organization), endpoints are re-enrolled, and the device ownership holds on to the organization.

With supervision, organizations find it easier to provision the corporate devices even before the employees begin to use them. It helps you prepare the endpoints depending on the enterprise requirements.

Though it offers numerous benefits, supervision imparts specific challenges to organizations. Most importantly, it is essential to recognize that the device undergoes reset during the supervising process. Hence, the data stored on the device will be lost.

Therefore, organizations look for feasible methods to preserve confidential data while supervising an iOS device. In the case of newly purchased devices, it would not be a trouble.

But for the devices already deployed for corporate use, data loss incurred during supervision is a matter of great concern.

Supervising iOS devices without data loss

Despite the fact that devices are erased while supervising a device, performing a few additional steps helps you prevent data loss during the process. Whether or not the devices were already enrolled in the Hexnode UEM, these steps help enable supervision without data loss.

Pre-requisites:

  • The primary device that is to be supervised and enrolled in Hexnode.
  • A temporary device that acts as a medium to hold the backup.
  • Note that the OS versions of the primary and temporary devices should be exactly the same.
  • A Mac (macOS Catalina 10.15 or later) with Apple Configurator installed on it.
  • Make sure that Find My iPhone is turned off on both the primary device and the temporary device.

  1. Back up the Primary device.
    • Connect the Primary device to the Mac.
    • Open Finder on the macOS device.
    • Under Locations, identify the Primary device.
    • Both the Mac and Primary device shows a prompt to enable trust. Click Trust on each device.
    • After establishing the trust, the device details page of the connected Primary device will be displayed on the macOS device.
    • Under the General sub-tab, enable the option Back up all of the data on your iPhone to this Mac.
    • Click on Back Up Now.
    • backup an iOS device using Finder

    • While backing up the device, note down the timestamp. It will help you identify the right backup when you need a restore.
  2. Restore the backup to the Temporary device.
    • Connect the Temporary device to the Mac.
    • Open Finder.
    • Enable Trust on the Mac and the temporary iOS device.
    • Identify the Temporary iOS device under Locations.
    • Under the General sub-tab, click on Restore Backup.
    • From the list of backups choose the backup that matches the timestamp in the above step.
    • Click Restore.
    • restoring backup to a temporary device

    • Wait for some time until the process is complete. You can disconnect once the device restarts and the device syncs with the Mac.
  3. Also, back up the Temporary device following the same procedure. Make a note of the backup timestamp.
  4. If you use Apple Configurator to supervise the Primary device:
    • Connect the Primary device to the Mac.
    • Go to Finder and restore the last backup of the Temporary device on to the primary device (Follow step 2).
    • Enroll the device using the steps mentioned here.
      • Create a Profile.
      • Create a Blueprint and add the profile.
      • Prepare the Blueprint.
      • Apply the Blueprint.
    • Ensure that the Primary device remains connected to macOS.
    • Once the blueprint is applied, the supervision profile will be associated with the device.
    • When the device prompts whether to apply the configuration, click on Apply Configuration.
    • The device will be enrolled in Hexnode in the supervised mode. The device will have the data restored from the backup.
  5. To supervise the Primary device using Apple DEP,
    • Follow the steps to supervise the device using Apple DEP. The device will be enrolled in Hexnode on supervised mode as you turn on the device.
      • Integrate DEP with Hexnode.
      • Assign the device to the Hexnode server.
      • Initiate a sync with DEP.
    • Connect the Primary device to the macOS device.
    • Open Finder.
    • Click on Restore Backup and identify the last backup of the Temporary device.
    • The data will be restored to the newly enrolled device.