What is a supervised device?

Satish Shetty Updated by Satish Shetty

The Supervised apple device (iPhone, iPad and Mac) allows organizations (IT Admin) to gain extensive remote controlling capability over the apple devices. It allows additional restrictions, such as turning off iMessage or content erase, and it provides additional device configurations and features, such as web content filtering, prevent users from deleting apps, silently install & remove apps, disable access to AirDrop, configuring a global proxy, enable a single-app mode and mdm lockdown, etc.

By default, your iPhone and iPad isn’t supervised. Supervision can only be turned on when you set up a new device. If your iPhone, iPad, or iPod touch isn’t supervised now, your administrator needs to completely erase your device to set up supervision.

You can check if the device is supervised or not by going to “Settings” in iOS 10. You see a message at the top saying “Phone is supervised”.  In iOS 9 or earlier you can check the phone supervised or not by going to Settings->General->About.

Supervision can be enabled in TWO ways.

  1. Apple Business Manager(ABM) (formerly known as DEP):  If you plan to purchase business iPhone, iPad and MAC devices from Apple, then ask the salesperson to put the devices under your company's ABM account. The ABM enabled devices can be supervised remotely using a MDM software such as Codeproof. More info about Apple Device Enrollment program here.
  2. Using Apple Configurator tool:  After the device purchase, Supervision can be enabled using Apple Configurator tool here.

Supervised mode restriction policies:

The following restriction policies are only available on supervised devices and not available on normal apple devices.

  • Allow/Disallow Account Modification (email, Appleid, contacts and calendar)
  • Allow/Disallow AirDrop
  • Allow/Disallow App Cellular Data Modification
  • Allow/Disallow Assistant User Generated Content
  • Allow/Disallow Find My Friends Modification
  • Allow/Disallow Host Pairing
  • Allow list of apps to enter a single app mode/Kiosk mode
  • Allow/Disallow Enabling Restrictions
  • Allow/Disallow Erase Content And Settings
  • Allow/Disallow Spotlight Internet Results
  • Allow/Disallow Chat (iMessages) (iOS 6.0)
  • Allow/Disallow iBookstore(iOS 6.0)
  • Allow/Disallow Game Center(iOS 6.0)
  • Allow/Disallow Removing Apps
  • Allow/Disallow Shared Photo Stream(iOS 6.0)
  • Allow/Disallow Configuration Profile Installation interactively (iOS 6.0)
  • Allow/Disallow force use of profanity filter assistant
  • Allow/Disallow Podcasts(iOS 8.1.3)
  • Allow/Disallow Definition Lookup(iOS 8.1.3)
  • Allow/Disallow Predictive Keyboard(iOS 8.1.3)
  • Allow/Disallow Auto Correction(iOS 8.1.3)
  • Allow/Disallow Spell Check(iOS 8.1.3)
  • Allow/Disallow Music Service(iOS 9.0)
  • Allow/Disallow News(iOS 9.0)
  • Allow/Disallow AppStore app installation but allow app updates(iOS 9.0)
  • Allow/Disallow Keyboard Shortcuts(iOS 9.0)
  • Allow/Disallow Paired Watch(iOS 9.0)
  • Allow/Disallow Passcode Modification(iOS 9.0)
  • Allow/Disallow Device Name Modification(iOS 9.0)
  • Allow/Disallow Wallpaper Modification(iOS 9.0)
  • Allow/Disallow Automatic AppDownloads(iOS 9.0)
  • Allow/Disallow RadioService(iOS 9.3)
  • Blacklist apps (iOS 9.3) – Block apps from user launching
  • Whitelist apps (iOS 9.3) – Allow only whitelisted apps to user launchable
  • Allow/Disallow Notifications Modification(iOS 9.3)
  • Allow/Disallow RemoteScreen Observation(iOS 9.3)
  • Allow/Disallow Diagnostic Submission Modification(iOS 9.3.2)
  • Allow/Disallow Bluetooth Modification(iOS 10.0)

Supervised Mode Profiles

In addition to above, supervised mode also offers following mobile device management features.

  • App Lock/Single App Mode/Kiosk Mode
  • Web Content Filter
  • Global HTTP Proxy
  • Home Screen Layout
  • Education Configuration

Managed Lost Mode

With iOS 9.3 or later, MDM Administrator can use MDM to place a supervised device into Managed Lost Mode. Managed Lost Mode is a dedicated mode that must be disabled by the administrator before the device can be used again. Like Find My iPhone, an administrator can send messages to the device while the device is in Managed Lost Mode. Unlike Find My iPhone, device location information can only be accessed by the MDM server when Managed Lost Mode is enabled. When enabled, the user won’t be able to unlock the device until Managed Lost Mode is turned off and the user is notified if location information was accessed during that time. Read more here.

NOTE: It is recommended to enable supervision only on “company owned iPhone and iPad devices”.

More info about supervision can be found here from Apple Support.

How did we do?

What is Android Enterprise?

Apple Configurator and MDM