How to supervise managed devices without data loss?

Problem:

Supervision of iOS mobile devices provides IT admins additional control over these devices. Supervision of devices can be performed while enrolling them in Mobile Device Manager Plus using DEP Enrollment and Apple Configurator. There are cases when the devices are brought under management without supervising them and these devices are in use, supervising these devices by re-enrolling them leads to loss of the data present in the device. This document provides the steps to supervise devices that are in use without losing the data present in the devices.

NOTE: Apple recommends that the device to be supervised be reset and re-enrolled but as this may not be feasible in most cases, the following method serves as a work around.

Requirements:

  • Device to be supervised- main device
  • A temporary device to back up data- temp device (This device may or may not be enrolled with MDM)
  • Apple Configurator/ Apple DEP

Steps

Using DEP for supervision

  1. Ensure that the settings Remove apps on profile removal and Restrict App data backup are unchecked when the apps were distributed. If they weren't disabled, uncheck the options by selecting Modify App from the App Repository. You will have to redistribute the apps to the devices once the settings have been disabled.
  2. Back up the main device using iTunes or iCloud.
  3. Restore this content on a temporary device which can be either supervised or unsupervised.
  4. Back up the temporary device using iTunes or iCloud.
  5. Add the device to DEP using the steps mentioned here and activate the device to enroll it.
  6. Restore the backup of the temporary device into the enrolled device.
  7. All the app data is restored in the enrolled device and the MDM profile is installed with the new DEP profile.
  8. The enrolled device will be awaiting user assignment and profile distribution. The apps will have to be brought under management again.

NOTE: Do not skip Restore from Backup and Sign into iCloud options during device activation.

Using Apple Configurator

 

  1. Ensure that the settings Remove apps on profile removal, Restrict App data backup is unchecked when the apps were distributed.
  2. Back up the main device using iTunes.
  3. Restore this content on a temporary device which can be either supervised or unsupervised.
  4. Back up the temporary device using iTunes.
  5. Restore the backup of the temporary device into the device to be supervised.
  6. After restoration, on the setup screen, connect the device to Apple Configurator and enroll it using the steps mentioned here.
  7. All the app data is restored in the enrolled device and the MDM profile is installed with the new Apple Configurator profile.
  8. The enrolled device will be awaiting user assignment and profile distribution. The apps will have to be brought under management again.