Supervised mode is a feature introduced by Apple in iOS 5 to differentiate institutionally owned iOS devices from personal devices. Supervision offers tremendous benefits to organizations and institutions. Supervised devices are ideal for functioning in Healthcare, Retail, Education and related sectors.
It unlocks additional management features than those available in any Mobile Device Management software. Supervision allows IT departments to restrict many features that are inappropriate for corporate-owned or shared devices, such as AirDrop, Messages, Handoff, and even Erase. Supervision offers the organization an enhanced level of security and a deeper layer of device management.
The Apple Configurator has three modes:
After the iPad configuration with Supervision is prepared, it can be re-applied in the future. Supervise will reset the device (removing the unnecessary user-data that was put on the device during its usage including notes, data in apps, phone numbers, etc).
A useful feature in Supervise mode is “Export Info” that will generate a list of all currently supervised devices with UDID, Device Name, Device Capacity, Wi-Fi Mac Address, and Bluetooth Mac address (great for asset management, tracking, loss prevention and upgrade planning).
When one makes changes and one or more devices are not connected, and the changes are applied the next time those devices are connected, this is referred to by Apple as device check-in. When a device or a group of devices is updated, the changes made on them are applied automatically once saved, by clicking the Apple button at the bottom of the Configurator window.
If your Mac is connected to a corporate directory system like Microsoft’s Active Directory or Apple’s Open Directory, you can create accounts in Configurator based on their existing network accounts (the ones that they use to log into various computers).
To assign or check out a device, select the user and click the Check Out button at the bottom of the Configurator window. Select the group containing the device from the pop-up menu and drag the appropriate device to a user account. Once the devices have been assigned, they are connected to the Mac via USB and Configurator will complete the check-out process.
When users return devices, they can be checked in again by connecting them to the Mac running Configurator, selecting the users in the Assign Pane and clicking the Check In button. Configurator will back up the user data automatically and use it if a different device is to be assigned to that user.
Only the devices which are purchased directly from Apple or from an authorized Apple reseller can be deployed using Device Enrollment Program. Any Mac or iOS device that has been purchased on or after 2011 March 1 can be enrolled in DEP.
Deploying the devices using DEP takes four steps
First, you need to enroll your organization in Apple Deployment Programs
Continue enrollment process by providing information like verification contact, business or institution information, Apple Customer Number, DEP Reseller ID and DEP Customer ID. After submitting the application, Apple will review the information and notify you if verification is completed or not.
When purchasing a device from Apple or a reseller you will need to add the customer number or reseller ID to the Apple DEP account. When reseller ID is submitted you will receive a DEP customer ID and you have to provide this to the reseller who will use it to submit information about your device purchases to Apple. Resellers have the ability to add devices to your DEP account which is purchased after 2011.
Once the enrollment is done you can set up the corporate devices from deploy.apple.com
When providing email address for these admins you have to provide one which does not have an Apple ID associated to it.
Now in the DEP portal you can see your MDM server listed.
For adding devices
It disables hardware buttons and functions including
and many more. Single app mode also prevents services like notifications, from communicating with the user.
iMessage is a free Internet-based messaging service offered by Apple Inc. iMessage is Apple’s built in instant messaging service. It is incorporated with the messages app on the iOS devices. iMessage can be used to send texts, documents, photos, videos etc. over Wi-Fi or mobile data to other iOS or OS X users. This is equivalent to ordinary messaging for most users with devices running iOS 5 or later. In the supervised mode we can disable this feature.
AirPlay app helps to stream audio, video, photos etc together with related metadata between devices wirelessly. Airplay cannot be disabled unless the device is in supervised mode.
In iOS 7.1 Apple introduced Activation Lock Bypass, which will remove the activation lock from without requiring the user’s Apple ID and password. You can request the bypass code that will override the activation lock and allow the iPad to be used again. When you have the bypass code, enter it on the password field and leave the Apple ID blank.
There are five ways to deploy configuration profiles:
The additional installation of configuration profiles can be inhibited on the enterprise managed devices. If there are additional configuration profiles installed, IT can remove them remotely if needed.
Since the apps on the devices are managed the employees are free from worrying about the app update, installation or anything of that sort. Managed apps are controlled by the system manager and can be updated or removed by an administrator after installation. Managed apps allow an organization to distribute all kind of apps over air using MDM, while providing security and privacy.