Device monitoring is a crucial aspect of running Apple in the business, but understanding what it’s for, what its limitations are, and how to make sure you start a deployment on the right foot is key.
About Apple @ Work: Bradley Chambers has managed a corporate IT network since 2009. With his experience in deploying and managing firewalls, switches, mobile device management system, professional Wi-Fi, hundreds of Macs and hundreds of iPads, Bradley will highlight the ways in which Apple IT managers deploy Apple devices, create networks to support them, train users, stories from the trenches of IT management and ways in which Apple could improve its products for IT services.
Monitoring allows organizations to control the iOS devices they own and manage. With device supervision, you can apply additional restrictions such as disabling AirDrop or disabling the App Store. Supervision can only be activated when a device is configured as new. If you want to supervise an existing device, it must be deleted in advance.
By default, an iPhone or iPad is unsupervised. Supervision can only be activated when you configure a new device. If your iPhone, iPad, or iPod touch is unsupervised now, your administrator must erase your device to fully set up supervision. Most organizations typically monitor their devices through their mobile device management system using the Device Enrollment Program through Apple School Manager or Apple Business Manager. Still, some organizations with limited devices can use a program like Apple Configurator or iMazing Configurator to monitor locally. Apple Configurator is only available for macOS, so for Windows users, iMazing Configurator is the only option.
In my opinion, it is essential to oversee all the devices that an organization owns and manages. The only reason not to use supervision is to set up a “ Bring Your Own Device ” program where employees enroll their iOS devices to access corporate resources like a secure Wi-Fi network or corporate apps. internal business. If your business has supervised your devices and you see a notification that they can monitor your location, rest assured that the only time they have access to your location is if the device is put into ‘lost mode’.
The main reason I recommend a supervision-only model is for the extra controls it gives you when managing iOS devices. When a device is supervised, you can perform actions like restricting access to certain apps by default, prohibiting connections from USB devices, disabling AirDrop, enabling Bluetooth, enabling Wi-Fi and enabling additional restrictions, and much more. Moreover. On the Apple support website, you can find a detailed list. A key thing for device supervision is that it prevents users from doing a factory reset of the device without putting it in DFU mode. If the device is supervised using Apple School / Business Manager, an iOS DFU device will be forced to re-enroll in MDM once it is activated. This feature is a great theft deterrent as devices are useless without re-registering in MDM and can be located.
Conclusion on device supervision
I urge all businesses and schools to oversee devices owned by their business. When possible, pair it with Apple School / Business Manager and use the device’s enrollment program. It offers a hands-off deployment model to make deployment even faster. If you only have a handful of devices to configure, check out iMazing Configurator (especially on Windows) or Apple Configurator to supervise locally.
Photo by Adeolu Eletu on Unsplash
FTC: We use automatic income generating affiliate links. More.
Check out 9to5Mac on YouTube for more information on Apple: