Apple @ Work is brought to you by Kandji, the MDM solution built exclusively for organizations that run on Apple. Kandji is a modern, cloud-based platform for centrally managing and securing your Mac, iPhone, iPad, and Apple TV devices, saving IT teams countless hours of manual work with features like one-click compliance templates and 150+ pre-built automations, apps, and workflows. Request access.

Supervision on the macOS, iPadOS, and iOS is one of the most fundamental decisions you can make when planning out your business or K–12 deployments. Unlike most aspects of your Apple deployment, if you mess up on supervised devices on the front end, it’s difficult and time-consuming to recover from after the fact. Let’s dive in on device supervision with Apple and how to leverage it to help your deployment become a successful one.

About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.

Supervision gives schools and businesses greater control over the Apple devices they use in their organization. Once you’ve supervised a device, you’ll have much greater control over a device than you’d typically have.

What does supervision enable on iOS?

iPad assembly could start in India

Over the years, Apple has introduced various new mobile device management payloads. Some of the most common ones are:

  • Allow Shared iPad Temporary Session
  • Add Game Center friends
  • Install apps using App Store
  • Safari AutoFill
  • Use Safari
  • iTunes Store
  • Allow network drive connections
  • Allow USB device connections
  • Force Wi-Fi on
  • Allow Find My Device
  • Siri profanity filter
  • Remove apps
  • Disable iMessage
  • Disable Apple Books
  • Autonomous Single App Mode
  • Erase All Content and Settings
  • Disable Apple Podcasts
  • Disable AirDrop
  • Modify restrictions or Screen Time settings
  • Modify Wallpaper
  • Modify device name
  • Pair with Apple Watch
  • Disable Apple News
  • Modify passcode
  • Disable Apple Music
  • Restrict App Usage
  • Apple Classroom settings
  • Disable discovering AirPrint printers using iBeacons
  • Modifying Bluetooth settings.

Apple has a complete list as well as the required iOS version on their MDM guide. It also provides additional device configurations and features, such as silently updating apps or filtering web usage.

What does supervision on tvOS allow you to do?

Apple TVs have become popular devices for digital signage due to their relatively low cost compared to traditional tools. Apple TVs can also be supervised over the air using Apple Business Manager and your MDM, or you can use Apple Configurator.

Once your Apple TV is supervised, you can control the following restrictions:

  • Prevent Apple TV from going to sleep
  • Defer software updates
  • Turn on “Set Automatically” in Date and Time settings
  • Proximity AutoFill
  • Modify device name
  • Restrict app usage
  • AirPlay
  • Pair with Apple TV Remote app

How do you supervise a device?

Supervision of an Apple device happens during the setup assistant process connected with Apple School Manager or Apple Business Manager. When an iPad, iPhone, or Apple TV connects to Wi-Fi or ethernet to activate, if the serial number is found in ASM or ABM, it’ll prompt the user to enroll in the connected MDM and then be considered supervised. Starting with macOS 11 or later, a Mac computer is also considered supervised when a user performs an enrollment into an MDM.

If you don’t purchase an MDM, you can also use Apple Configurator to supervise a device locally on your Mac. Supervising a device using Apple Configurator requires the devices to be wiped ahead of time.

Should you supervise a device?

In all environments where you managed iOS, macOS, and tvOS devices, I highly reccomend supervising a device. Oddly enough, it’s gotten easier to supervise a device over the years, and it adds a level of control that makes your deployment easier to manage.

On the iOS side, devices have to be in Apple Business Manager or Apple School Manager to be supervised over the air, so all of your devices will either need to be purchased through your Apple sales portal (business or education) or through an Apple authorized reseller that works with businesses. If you are buying a device directly from Apple’s consumer store, Amazon, through a local retailer, you won’t be able to supervise using Apple’s zero-touch technology. The only way to supervise it would be to use Apple Configurator.

How can I tell if my device is supervised?

On iOS and iPadOS, you can go to Settings > General > About and look for this line of text under the name of the device: “This [iPhone, iPad, or iPod touch] is Supervised. [Organization name] can monitor your internet traffic and locate this device.”

On macOS 11 and newer versions, enrolling it into a mobile device management system will supervise it. You can see if your Mac is enrolled in a mobile device management system by clicking on the Apple Logo > System Preferences and look for a Profiles section.

Wrap-up on device supervision

Device supervision is an older technology by modern Apple deployment standards, but it’s a vital part of a deployment strategy. Especially on the iOS side, it’s essential to purchase your devices from a place where they end up in Apple Business Manager or Apple School Manager so you can use zero-touch deployment, and the devices will be supervised over the air. With device supervision, you’ll get more control over your devices to set them up in a way that works for your organization. For people using supervised devices, your IT department can’t read your iMessages or look at your iCloud Photos.

Apple @ Work is brought to you by Kandji, the MDM solution built exclusively for organizations that run on Apple. Kandji is a modern, cloud-based platform for centrally managing and securing your Mac, iPhone, iPad, and Apple TV devices, saving IT teams countless hours of manual work with features like one-click compliance templates and 150+ pre-built automations, apps, and workflows. Request access.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author