Supervision is a status of trust made by Apple which is set out to grant MDM platforms, such as Addigy, more control over Apple devices enrolled via specific workflows. This supervision status is a critical part of device management, especially for mobile devices. This article will describe what can be done with supervised devices via Addigy and the requirements of supervising a device.
Requirements
OS Requirements
As noted by Apple in their article, these are their current requirements for supervision:
- iPhone with iOS 13 or later
- iPad with iPadOS 13.1 or later
- Mac computers with macOS 10.14.4 or later
- Apple TV with tvOS 13 or later
- Apple Watch with watchOS 10 or later
In conjunction with Apple's requirements, the device must also meet Addigy's requirements. More information on our device requirements can be found here: Addigy System Requirements
Enrollment Requirements
iOS, iPadOS, and tvOS devices must be enrolled via either of the below options:
- Enrolled via Automated Device Enrollment with Apple Business Manager / Apple School Manager.
More information on configuring Automated Device Enrollment can be found here: How to Configure Automated Device Enrollment - Enrolled via Automated Device Enrollment with Apple Configurator
An overview of Apple Configurator and links to our guides for enrolling devices via Apple Configurator can be found here: Overview: Apple Configurator 2
macOS devices must be enrolled via either of the below options:
- Manually enrolled into MDM via User-Approved MDM. Steps on how to manually enroll a macOS device can be found here: How To: Manually Enroll macOS into Addigy's MDM
- Enrolled via Automated Device Enrollment with Apple Business Manager / Apple School Manager.
- Enrolled via Automated Device Enrollment with Apple Configurator
What can Supervision do?
Supervision can do a plethora of things, so much so it'd be quite difficult to cover everything in one article. With that said, we will try to highlight the important things but be more general in other areas.
Here is what can be managed/performed when a device is supervised:
- Managed Activation Lock
- Managed Lost Mode (iOS/iPadOS specific)
- Delete Users
- For iOS, this requires the device to be in education mode.
- List Users
- For iOS, this requires the device to be in education mode.
- Change Wallpaper via MDM (iOS/iPadOS specific)
- Clear Passcode (iOS/iPadOS specific)
- Clear Restrictions (iOS/iPadOS specific)
- Disable Remote Desktop (macOS specific)
- Restart or shutdown devices via MDM
- Rename devices via MDM
- Configure the Home Screen Layout
- Configure the Single App Lock MDM Profile
- Configure many settings via the Restrictions MDM Profile. Here are a few notable examples:
- macOS/iOS/iPadOS:
- Allow erase content and settings
- Allow passcode modifications
- Allow Touch ID to unlock device
- Allow AirDrop
- iOS/iPadOS:
- Allow apps removal
- Allow system apps removal
- Allow VPN Configurations
- Allow Find My Device
- Allow Find My Friends
- Allow List Apps
- Block List apps
- Allow app installation
- Allow installing apps using App Store
- Allow Safari
- macOS/iOS/iPadOS: