Configure Apple Devices in Supervised Mode

What most administrators don’t realize is that by “default” what you can control on the Apple iOS devices is very limited out of the box. Large enterprises get around this by using Mobile Device Management (MDM) platforms, like Mosyle.

Unfortunately, the idea of an MDM for smaller organizations limited with funding, individuals or non-profits is not within reach. The good news is there is an alternative, and it’s the same technology that these MDM’s are built on – Apple Configurator.

As the name implies, the Apple Configurator allows you to enable and disable features you might otherwise be unfamiliar with. For instance, if you want to disable the ability to use a VPN on a device, this is the best way to do it. Or maybe limit what a user can do in their network settings, this is where you would do it.

Supervised vs Unsupervised Mode

Before you begin, let’s take a minute to touch on the differences of Supervised vs Unsupervised Mode. Unsupervised mode gives you limited control, while Supervised mode gives you full control. We recommend supervised mode where possible, but below is a table to help think through the differences:

Supervised DevicesUnsupervised Devices
Devices can be protected against Factory ResetDevices can be Factory Reset anytime
Airdrop can be restrictedAirdrop cannot be restricted
Individual Apple iDs not needed for enrollmentEach device needs an Apple iD for enrollment
Unenrollment from MDM is not possibleUnenrollment from MDM is possible
Silent App installation is possibleApp installation requires user confirmation
Web content can be filteredWeb content cannot be filtered
App notifications can be controlledApp notifications cannot be filtered
The device can be run in Kiosk modeThe device cannot be run in Kiosk mode
TouchID can be restrictedTouchID cannot be restricted
iMessage can be restrictediMessage cannot be restricted
Screentime can be restrictedScreentime cannot be restricted
Homescreen wallpaper and lock screen message can be configured by AdminUser can customize Homescreen wallpaper and lock screen message
Global HTTP Proxy can be configuredGlobal HTTP Proxy cannot be configured
Game Center Access can be controlledGame Center Access cannot be controlled

How To Configure iOS Devices in Supervised Mode

Warning: This procedure will erase the iOS device.

The following steps can be used with any iOS device. This example will use an iPad.

Special thanks to our customer, Daniel Markarian, for taking the time to document and share the process. If you have content ideas and want to get them added to the forum, please send them to support@cleanbrowsing.org

0. Disable Find My iPad on your iOS device.

1. Install and launch Apple Configurator 2 on a Mac.

2. Attach iOS device to Mac.

3. Tap [Trust] on our iOS device.

4. Click on iOS device in Apple Configurator 2.

5. Select [Prepare…] under Actions menu.

6. Enable Supervise devices. Click [Next].

7. Do not enroll in MDM. Click [Next].

8. Select New Organization… Click [Next].

9. Do not sign in. Click [Skip].

10. Enter Name of your family / organization. This Name will later be shown in Settings on the iOS device as “This [device] is supervised and managed by My Family.”

11. Select Generate a new supervision identity. Click [Next].

12. Show all steps. Click [Prepare].

13. Enter the password for your Mac.

14. If prompted, Click [Erase].

15. Wait for Apple Configurator 2 to erase your iOS device.

16. Wait for Apple Configurator 2 to activate Supervised Mode on your iOS device.

17. Done.

Frequently Asked Questions

Q. What if I already have applications and data on my iPad? Can I back up my iPad, prepare the iPad in Supervised Mode, and then restore my iPad from backup?

Sadly, no. It is not clear to me whether this is intentional on the part of Apple, or a bug, but the process of restoring the iPad from the [unsupervised] backup undoes Supervised Mode. This does work, however, if you restore to another [supervised] iPad (that is, a different iPad than the iPad on which you performed the backup). This is workable if you have two or more iPads to work with.

Q. Can I do this without a Mac?

No, Apple Configurator 2 is only available for the Mac.

Q. How is Supervised Mode better?

You can enable certain features in Apple Configurator that cannot be defeated easily. Single App Mode, under Actions > Advanced, for example, is very similar to Guided Access, however, it cannot be defeated by a user simply draining the battery of the iPad and restarting.

You can do many additional things with Profiles, similar to how enterprises manage their iPads.

Q. How do you create a profile?

Select New Profile under the File Menu.

Select a type of profile to create, such as DNS Proxy, and fill out the necessary fields from your provider.

Select File > Saveā€¦ to save the profile. Add this profile to your iPad with Actions > Add > Profiles…

Was this article helpful?

Related Articles