How to supervise managed devices without data loss?

Description

Supervision of iOS mobile devices provides IT admins additional control over them. Supervision of devices can be performed while enrolling them in Mobile Device Manager Plus using DEP Enrollment and Apple Configurator. There are cases when the devices are brought under management without supervising them and when these devices are in use, supervising them by re-enrolling leads to loss of the data present in the device. This document provides the steps to supervise devices that are in use without losing the data present in the devices.

NOTE: Apple recommends that the device to be supervised be reset and re-enrolled but as this may not be feasible in most cases, the following method serves as a workaround.

Requirements

  • Device to be supervised (main device)
  • A temporary device to back up data (This device may or may not be enrolled with MDM)
  • Apple Configurator/Apple DEP

Steps

Using DEP for supervision

NOTE: Devices must be eligible to be added in DEP. Do not skip Restore from Backup and Sign into iCloud options during device activation.

  • Ensure that the settings Remove apps on profile removal and Restrict App data backup are unchecked when the apps were distributed. If they weren't disabled, uncheck the options by selecting Modify App from the App Repository. You will have to redistribute the apps to the devices once the settings have been disabled.
  • Ensure that Find My iPhone is off to avoid problems during enrollment.
  • Back up the main device using iTunes or iCloud.
  • Restore this content on a temporary device which can be either supervised or unsupervised.
  • Ensure that Find My iPhone is off and back up the temporary device using iTunes or iCloud.
  • Add the device to DEP using the steps given here and activate the device to enroll it.
  • From the Apps & Data screen, restore the backup of the temporary device into the enrolled device.
  • All the app data is restored in the enrolled device and the MDM profile is installed with the new DEP profile.
  • The enrolled device will be awaiting user assignment and profile distribution. The apps will have to be brought under management again.

 

Using Apple Configurator

  • Ensure that the settings Remove apps on profile removal and Restrict App data backup are unchecked when the apps were distributed. If they weren't disabled, uncheck the options by selecting Modify App from the App Repository. You will have to redistribute the apps to the devices once the settings have been disabled.
  • Ensure that Find My iPhone is off to avoid problems during enrollment.
  • Back up the main device using iTunes or iCloud.
  • Restore this content on a temporary device which can be either supervised or unsupervised.
  • Ensure that Find My iPhone is off and back up the temporary device using iTunes or iCloud.
  • Restore the backup of the temporary device into the device to be supervised.
  • After restoration, when the device shows the Welcome screen on activation, connect the device to Apple Configurator and enroll it using the steps given here.
  • All the app data is restored in the enrolled device and the MDM profile is installed with the new Apple Configurator profile.
  • The enrolled device will be awaiting user assignment and profile distribution. The apps will have to be brought under management again.