.svg)
When managing iOS devices like the iPhone or iPad as an administrator or organization, you can choose to control them manually ("unsupervised") or through a dedicated function known as "supervised mode." The two have huge differences, and many behaviors and restrictions are only available when you utilize Apple device supervision.
iOS Device Management
What is iOS Supervised Mode?
Apple iOS device supervision, also known as iOS supervised mode, is a way for organizations and IT admins to remotely manage and control the iPhone, iPad, Apple Watch, and Apple TV. Supervised mode allows you to configure various settings, behaviors, and content on an iOS device — such as kiosk mode (App Lock), remote installation of apps, remote factory reset, and even disabling Touch ID or Face ID.
Frequently, supervised mode is enabled with an iOS MDM (Mobile Device Management), a software service that allows centralized management and policy control over all supervised devices. While iOS devices can initially be set up in supervised mode without an MDM, you'll need an MDM for any remote management features, which are crucial once you have more than a handful of iOS devices to manage.
There is no functional difference between "Apple device supervision" and "supervised mode." The distinction is merely contextual: Apple device supervision refers to the capabilities available for managing devices in supervised mode. Supervised mode describes a feature of the device itself that must be active to enable those device supervision capabilities. Make sense?
What is iOS Unsupervised Mode?
Technically, "unsupervised mode" is not a feature. It simply refers to an iOS device that is not in supervised mode. A device that is not in supervised mode cannot be controlled using the features of device supervision — even using manual setup.
For example, disabling access to any iOS settings is impossible when a device is unsupervised. This means that the end user can revert any changes made by the device owner (e.g., disabling Face / Touch ID, AirPlay, iMessage). Even Guided Access (single app) mode can be disabled if a device is unsupervised simply by holding down the hard keys until it is force rebooted.
Perhaps most importantly, an unsupervised device can be factory reset (erased), removing all configuration and data. While unsupervised devices can still have MDM profiles installed on them, they can be removed at any time by the device user. This makes any restrictions imposed by that profile defeatable.
What Are the Features of iOS Supervised Mode?
For the end user of a device, supervised mode acts as a way to restrict the content, behavior, and settings of an iOS device like the iPhone, iPad, Apple Watch, or Apple TV. There are a large number of ways supervised devices can be configured, but some common supervised mode functions include:
- Remote location access (MDM only)
- Remote factory reset / erase (MDM only)
- Remotely lock screen (MDM only)
- Enable kiosk / single app mode (iOS App Lock)
- Restrict internet or website access
- Remotely install apps without user permission (MDM only)
- Configure VPN settings
- Disable apps and App Store access
- Disable automatic app updates
- Disable notifications
- Disable AirPlay, iCloud, Siri, iMessage
This list isn't by any means complete. The full set of features that can be configured on a supervised iOS device is listed here, and the available device behavior restrictions are listed here.
Apple Device Supervision Checklist: Do I Need Supervised Mode?
We've created a simple checklist to determine if iOS supervised mode is right for you. See if the descriptions below apply to your use case.
- I am managing more than 5 iOS devices.
- I must lock my iOS devices to a single app or website.
- I need to install applications remotely on my iOS devices without user intervention.
- My iOS devices must be restricted from personal or other unauthorized use.
- My iOS devices contain sensitive company / organizational data that must be protected.
- I need to locate or erase my iOS devices remotely.
If you answered yes to any of the above statements, you should investigate using supervised mode. But using supervised mode is more than turning some feature flags on and off — you must implement these policies and restrictions at scale. Deploying, updating, and managing supervised mode devices requires another critical layer: an iOS MDM.
Do I Need MDM To Use iOS Supervised Mode?
Technically, you do not "need" an MDM service to use iOS devices in supervised mode. But in any real-world scenario, an MDM is crucial for using supervised mode effectively.
Device configuration profiles (MDM profiles — think of them as the set of "rules" you install on an end device) can be created using the Apple Configurator tool (published by Apple) without using an iOS MDM. But while some Apple device supervision features do not technically require MDM software to work, it would be highly cumbersome and time-consuming to deploy MDM profiles to iOS devices manually — and highly prone to mistakes and undesired outcomes. Manual deployment requires connecting each iOS device physically to a Mac computer via USB, one at a time. And once that device is disconnected from the computer, you cannot control or configure it remotely.
Put another way, you cannot remotely manage, monitor, or deploy content to supervised mode iOS devices without using an MDM. It would be akin to operating a fleet of taxis without a central garage, dispatch radios, or GPS — you would have no idea what was happening with your taxis once they were in operation, no control over where they went, or any ability to recall them.
Can I Use Apple Configurator as My Supervised Mode MDM?
Because most MDM solutions come with a monthly or annual device fee, you may be curious if Apple Configurator could work as a "free" iOS MDM — especially if you manage only a few devices.
Apple Configurator can create a device (MDM) profile, deploy that profile to a device, and set that device to supervised mode. But Apple Configurator is an extremely limited tool designed chiefly to help administrators and organizations create device configuration "blueprints" — think of it as a laboratory test bench to an MDM's assembly line and control hub. They serve two entirely different purposes. Most notably, Apple Configurator can only control a supervised device while it is physically connected via USB to the Mac computer Apple Configurator is running on. This means Apple Configurator cannot manage or control a device remotely. This limitation alone makes it vastly different from MDM, which is explicitly designed for remote device management and control.
The table below can help you understand the key limitations of Apple Configurator as compared to an MDM solution.
Source: Apple
Apple Configurator could be a workable solution to enable supervised mode if you manage one device, or perhaps a small number (fewer than five) in a single location. But in reality, the challenges would quickly become apparent, and the time you'd spend every time you needed to change your configuration would cost you far more than a basic MDM solution. And if you ever needed to add more devices, an MDM would become necessary almost immediately.
Can I Use Unsupervised Mode To Manage My iOS Devices?
Theoretically, you could try using a feature like iOS Guided Access to lock your devices to a single application without ever enabling supervised mode. (Remember, there is no specific feature called "unsupervised mode;" this term just describes any iOS device not in supervised mode.) You would also have to manually turn off features that might allow someone to "escape" Guided Access, which is easier said than done.
But using iOS devices for something like a kiosk or display signage with only Guided Access and a few settings changes is just asking for trouble. Not only is Guided Access easily defeatable by anyone with some basic Googling ability, but you won't have access to any of the deeper configuration features and restrictions available to a supervised mode device.
Therefore, unsupervised mode is only viable for multi-purpose devices (e.g., COPE; corporate owned, personally enabled). In any dedicated or single-purpose role — especially with a group of devices — unsupervised mode will leave your devices vulnerable to tampering or other unauthorized access.
iOS MDM for Supervised Mode: Next Steps
If you're ready to take the next step in your iOS device management journey, choosing the right MDM solution to manage those devices is important. Esper offers next-gen device management for iOS, Android, and mixed fleets with both — all from a single pane of glass. Head here to learn more about our products and how they can take your devices to the next level.
Next-Gen MDM Software
More iOS Resources:
FAQ
.svg){kind=small}
