About Supervised Mode on iOS Devices

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

Supervised mode gives an administrator more control of an iOS device owned by their organization, and provides greater flexibility to configure apps and manage devices. Before a device is powered on or activated, an administrator can apply configuration profiles for apps and resources on the device, schedule the installation of apps, or restrict app usage.

To use the URL filtering and anti-phishing capabilities provided by WatchGuard Endpoint Security, you must configure iOS devices in supervised mode.

By default, iPhones and iPads are not supervised. You can enable supervision when you set up a new device. If an existing iPhone or iPad is not supervised, when you configure the device in supervised mode, it resets the device to factory-default settings. All data, programs, and settings are deleted.

To determine whether a device is supervised, open Settings. The supervision message shows in the heading of the Settings page.

If a device is already in supervised mode, you do not have to reset the device and you can proceed to install the WatchGuard Mobile Security app from the WatchGuard MDM solution or a third-party MDM solution. For information on how to enable supervised mode and install the WatchGuard Mobile Security app, see:

• Install the WatchGuard Mobile Security iOS App on Supervised Devices (WatchGuard MDM Solution)
• Install the WatchGuard Mobile Security iOS App on Supervised Devices (Third-Party MDM Solution)

When you configure a device in supervised mode, the device resets to factory-default settings. All data, programs, and settings are deleted. You can restore data stored in iCloud when you sign in with your Apple ID on the reset device. For information on how to back up and restore apps and data when iCloud is not available or sufficient, see the Knowledge Base article, Supervised iOS Devices: Back Up and Restore without Losing Data, before you enable supervised mode.

Requirements for Supervised Mode

To configure supervised mode for an iOS device, make sure you have:

• A computer that runs macOS 10.15.6 or higher
• Apple Configurator 2 app for integration with the WatchGuard MDM
• Lightning or USB cable to attach the iOS device to the macOS computer

To install the iOS app in supervised mode on a device enrolled in a third-party MDM solution, the MDM solution must be able to import external configuration files

Apple Configurator 2 is an app on the macOS computer that enables you to configure iOS devices in supervised mode. In Apple Configurator 2, you can create configuration profiles and a blueprint to push the same supervision to multiple devices.

Configuration Profile

A configuration profile is a container of settings and restrictions to apply to a functional area of an iOS device, such as Wi-Fi or email.

Blueprint

A blueprint stores the profiles and apps you want to send to a device to configure it. The blueprint includes mobile device management (MDM) information. You can also use the blueprint to enable or disable parts of the Setup Assistant that the user sees the first time they power on the device.

For more information on Apple Configurator 2, see the Apple Configurator 2 User Guide on the Apple website.

Related Topics

Mobile Device Management for iOS Devices