Device Management

Managing and maintaining a fleet of iOS devices requires software and services to ensure optimal operation and governance. The following details outline how to gain supervision of a device.

Note: for iPads and other iOS devices that have previously been deployed, see Settings for Jamf Now for details on accessing the device settings.

Setting Up Supervision of an iOS Device

Requirements:

  • Apple Device Enrollment Program (DEP)

  • Volume Purchasing Program (VPP)

  • Apple Push Notification certificates (APN)

  • Multi-Device Management (MDM) - Jamf Pro or Jamf Now

  • Apple Configurator 2

Device Enrollment Program: Managed by CMP IT, all macOS and iOS devices purchased by Central are added to DEP by default. Any device purchased by CMOA will have to be manually enrolled in Jamf Pro or Jamf Now.

Volume Purchasing Program: VPP is managed by CMP IT and permissions are granted to a unique administrator Apple ID. See 1Password for details.

Apple Push Notification: APN certificate is managed by another administrator account. See 1Password for details. Why two different accounts? For whatever reason, these two accounts could not overlap and/or the original account could not be used for VPP because it was already associated with the Apple Developer Program.

Multi-Device Management: MDM refers to the software used to manage iOS devices. This includes the assignment of certificates and access to the DEP and VPP programs. CMP IT supports Jamf Pro software whereas CMOA uses the more consumer friendly Jamf Now software. One day we’ll have to migrate to Jamf Pro—Rainy Day Project.

Apple Configurator 2: Devices purchased through DEP come pre-configured with Supervision, the permissions needed to completely manage the device. Devices not purchased through DEP require the Apple Configurator 2 software to gain that same level of permission on the device. Any device not purchased by CMP-IT or have otherwise been completely reformatted, will require the use of the Apple Configurator 2 software to establish Supervision of the device.

Supervision can be tested by plugging the device into a machine loaded with Apple Configurator 2. In the main tab menu, toggle from All Devices to Supervised. If the plugged in device has Supervision, it will appear in the filtered menu.

Steps Updated 1/27/20

Common Errors/Issues

If the device was already registered with the Device Enrollment Program (DEP), you may experience issues setting up the device. See: https://support.jamfnow.com/hc/en-us/articles/207704656

Also, during the Prepare process, you may get an error message regarding WiFi. WiFi connections may have to be established and then restart the Prepare process, the second time around there should be no erasing of the device data. See solution for details: https://discussions.apple.com/thread/8074031

Setup iPad

These steps are for setting up a new iPad out-of-the-box or resetting a previously configured iPad:

  1. Connect device to Administrator’s MacBook Pro with USBc connector

  2. Hello screen

  3. Pick language

  4. Choose Set Up Manually

  5. Pick WiFi network - CMPStaff SSID but use exhibit password. See 1Password.

  6. Data & Privacy, select Continue

  7. Create Passcode, always use 1895

  8. Apps & Data, choose Don’t Transfer Apps & Data

  9. This is a critical step: Do not set up iTunes or iCloud with Apple ID. Select, forgot password or I don’t have an Apple ID and then choose, Set Up Later in Settings

  10. Terms and Conditions, select Agree

  11. Express Settings, choose Customize Settings and Install Updates Manually

  12. Disable Location services

  13. Turn off Siri

  14. Screen Time, Set up Later in Settings

  15. iPod Analytics, Don’t Share

  16. Screen Mode, Light

  17. Launch iTunes on MacBook and wait until you see the Welcome to your device screen or the prompt to login to your Apple ID

  18. Then open Apple Configurator 2…

    • Go through the steps below… it may take a few times to keep the network connected through the process…

    • You can tell you have supervision by checking the supervision tab in configurator… if the device is listed then you are supervised. Also, on the iPad > Settings top left should indicate that the device is supervised.

Apple Configurator 2

  • Apple Configurator 2 is available from the App Store

  • Connect your iOS device to a Mac and launch Apple Configurator 2

  • From the "Action" menu at the top of your screen, select "Prepare"

  • Select "Manual" configuration

    • Check - Supervise devices

    • Check - Allow devices to pair with other computers — see former step 5.

  • While the Device Enrollment Program enrolls devices into Jamf Now, you will select "Do not enroll in MDM" for this manual process

  • Now you can check the box to Supervise your iOS device

  • You can enter organization information to display details about the institution that owns this device

  • Unless you have previously worked with Supervision Identities, you will simply "Generate a new supervision identity" to complete this process

  • You have the option to skip steps in the Setup Assistant - Don’t show any of the steps

  • Click "Prepare" to erase the device and reboot as a Supervised device


  • Once the devices has been prepped, you can use Open Enrollment to enroll devices into JAMF Now and take advantage of the additional features that require Supervision.

Note, these steps where taken from the following article: How to Supervise an iOS Device with Apple Configurator 2. You must login to Jamf.com to access this article.

PreviousMigrate DatabaseNextSettings for iOS

Last updated