This iPhone is supervised and managed by … Learn more about device supervision…on a personal iPhone?

In some organizations, some employees are provided a company purchased iPhone and then allowed to keep it after a certain time has passed. The first thing that you as an IT administrator want to do is most likely ensure the device is no longer managed and contains no company data. Apple walks you through the steps of releasing a iOS device from Apple Business Manager with a final note stating: “After a device is released, it must be erased and restored.

You would think this would be very simple, but unfortunately it’s not. The process of personalizing an iPhone can be quite convoluted in some scenarios because there are some remnants that get left behind if you try to simply restore the data on the iPhone after an erase and restore.

You might argue, the user should not keep any personal data on a company phone, but the lines get blurred especially as most people prefer to carry one device. It’s not unreasonable for someone who is getting gifted a company phone to perhaps want to retain the settings, apps and data on the phone that are personal without having any of the company data on it restored. Sure, you can just tell the user to erase and setup the phone as new, but reconfiguring an iPhone can be quite a lot to ask of someone! In any case, this blog post is not about the merits of mixing personal and corporate data on one device so that’s all I’ll say on the matter.

The problem: This iPhone is supervised…even after a restore!

Before I continue, note that the following scenario was tested in iOS 12 & iOS 13 and with a MDM profile that was set to be unremovable.

There are going to be a lot of steps here for you to reproduce the issue and a subsequent number of steps if you want to work around the issue.

Continue reading This iPhone is supervised and managed by … Learn more about device supervision…on a personal iPhone?

Disable iCloud Desktop and Documents Sync

Apple is still currently testing 10.12.4 Beta 7 as of the time of this post, but they apparently have introduced a new payload preference that can be managed through a configuration profile. You can read more about this preference key publicly through their documentation (no login required). The new preference key is allowCloudDesktopAndDocuments which accepts a boolean value. If set to false, disallows macOS cloud desktop and document services. Defaults to true. Available only in macOS 10.12.4 and later. For enterprises, this is a rather important preference that should have probably been released when 10.12 first released, but better late than never.

Continue reading Disable iCloud Desktop and Documents Sync