I've seen device supervision in action and want to replicate it. I used an app that had a 'removal prevention' feature – it put my device under supervision without wiping any data. After connecting my iPhone to my laptop and running what seemed like a rebranded Apple Configurator installer, I was locked down with supervision and couldn't remove the MDM profiles without logging into the app's server. I had to disable Find My iPhone and possibly log out of iCloud, but thankfully, my data remained intact. Now, I have access to Apple Business Manager (ABM) and I'm unsure how to proceed.
Do I need to build my own MDM server to set this up? Or is it better to go with a third-party MDM solution? Most importantly, how can I ensure a smooth setup that supervises the device without erasing any data? I'm looking for advice from anyone who's done this with ABM or streamlined MDM policies.
4 Answers
I’m suspicious about labeling it as true supervision. Supervision is more comprehensive than just preventing profile removal. You can usually remove the MDM profile within the first 30 days of supervision. What you experienced could be a third-party method rather than proper supervision, since real supervision has broader implications for policy and control.
To achieve supervision during the initial setup, you'll need to enroll your device in Apple Business Manager first, as that’s crucial. If you add an MDM profile without first setting it up, it won't be supervised and could be removed by the users. Unfortunately, supervision typically requires a factory reset. So, planning this out from the start with ABM pointing to your chosen MDM solution is key.
I wouldn’t recommend building your own MDM. There are plenty of reliable third-party options available. Generally, supervision on iOS devices means you need to set it up through the device setup process with ABM aimed at an MDM, or use Apple Configurator – which usually requires a wipe. So, keep that in mind.
I’m not really familiar with supervising without a wipe. Traditionally, supervision requires a reset. But there was a notable MDM update with the new OS that might allow transitioning without wiping. For true supervision, you typically need to connect the device to a Mac and use Apple Configurator, which wipes the device.
I confirmed in my settings that it showed ‘this device is supervised by x company’, and I wasn't able to remove the profile until I logged into the company's website to toggle off removal prevention. So, it might have had some level of supervision.