Device monitoring is a crucial aspect of managing Apple in your business, but it’s important to understand what it’s good for, what its limitations are, and how you can ensure you get a distribution going right.
About Apple @ Work: Bradley Chambers has led a corporate IT network since 2009. Through his experience in distributing and managing firewalls, switches, a mobile device management system, enterprise-class Wi-Fi, 100s Macs and 100s iPads, Bradley will Highlight ways Apple IT executives distribute Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple can improve its IT department products.
Audit gives organizations control over the iOS devices they own and manage. With device monitoring, you can apply additional restrictions such as turning off AirDrop or disabling the App Store. Supervision can only be turned on when a device is set up as new. If you want to monitor and existing device, it must be dried beforehand.
By default, an iPhone or iPad is not monitored. Supervision can only be turned on when setting up a new device. If your iPhone, iPad, or iPod touch is not currently monitored, your administrator will need to delete the device to configure the monitor completely. Most organizations will typically monitor their devices through the mobile device management system using the device registration program through Apple School Manager or Apple Business Manager. However, some organizations with limited devices may use an application such as Apple Configurator or iMazing Configurator to monitor locally. Apple Configurator is only available for macOS, so for Windows users, iMazing Configurator is the only option.
In my opinion, it is important to monitor all the devices an organization owns and manages. The only reason you do not use surveillance is to put your own device application in place where employees register their iOS devices to access enterprise resources such as a secure Wi-Fi network or internal enterprise applications. If your company has monitored your devices and sees an alert that it can monitor your location, you can rest assured that the only time they have access to your location is if the device is put in ‘Lost Mode’.
The primary reason I recommend a monitoring model is for the extra controls it gives you when managing iOS devices. When a device is under surveillance, you can do things like restrict access to certain standard apps, not allow USB device connections, disable AirDrop, force Bluetooth on, force Wi-Fi on and enable additional restrictions and much more. A detailed list can be found on Apple’s support website. An important thing for device monitoring is that it prevents users from resetting the factory to the device without putting it in DFU mode. If the device is monitored using Apple School / Business Manager, an iOS device from DFU will be forced to re-register in MDM when activated. This feature provides a good deterrent against theft, as the devices are useless without signing up for MDM and can be located.
Unpack under the supervision of the device
I recommend all companies and schools to supervise their company-owned units. Whenever possible, pair it with Apple School / Business Manager and use the device enrollment program. It offers a zero-touch distribution model, making rollout even faster. If you only have a handful of devices to configure, you can check out iMazing Configurator (especially on Windows) or Apple Configurator for local monitoring.
Photo by Adeolu Eletu on Unsplash
FTC: We automatically use affiliate links for revenue. More.
Check out 9to5Mac on YouTube for more Apple news: