I have an odd issue at my company with a recent batch of iPhones purchased a few months back.
We've been using DEP with Microsoft InTune as our MDM for a few years now, but a batch of about 40 phones were shipped to use without DEP registration. The phones were deployed to the users before we realized this, but we figured no big deal, the carrier can easily add them after the fact, and they phones should shift into supervised mode.
Well, the carrier did get them added, we saw them show up in DEP/ABM, and then saw them sync over to InTune.
But, the phones have not shifted over to supervised mode. Subsequent batches of phone orders were registered with DEP before they shipped to us, and we've seen no problems with them.
I've tried a number of things, and had support calls with both Apple and Microsoft.
What I've found is that if one of the affected phones is restored from a previous iTunes backup, it never prompts to install the management profile. Apple had me do the reset and restore process a few different ways. Microsoft had me try a few things as well.
I also tried removing the device from DEP, waiting a few days, then adding it back in with Configurator. But, I still see the same results.
Apple told me they see that it was assigned a management profile, but not that it was installed.
I also tried resetting a device, then setting it up as a new device first. This did give me the management profile prompt, and set the phone in supervised mode. BUT, when I restored a backup, it was back as a non-supervised device.
Now, part of the point of supervised mode is to prevent people from stealing a device, wiping it and using it. But, if all you have to do to bypass supervision is restore a backup, that's a pretty big problem. Of course, this is a unique scenario, because as far as I know, we don't see the same problem in the subsequent batches of phones. It only seems to exist with those that were added to DEP after the fact.
Also, all this resetting and restoring is not a reasonable solution to force upon our users to fix the problem, it's pretty inconvenient.
We've been using DEP with Microsoft InTune as our MDM for a few years now, but a batch of about 40 phones were shipped to use without DEP registration. The phones were deployed to the users before we realized this, but we figured no big deal, the carrier can easily add them after the fact, and they phones should shift into supervised mode.
Well, the carrier did get them added, we saw them show up in DEP/ABM, and then saw them sync over to InTune.
But, the phones have not shifted over to supervised mode. Subsequent batches of phone orders were registered with DEP before they shipped to us, and we've seen no problems with them.
I've tried a number of things, and had support calls with both Apple and Microsoft.
What I've found is that if one of the affected phones is restored from a previous iTunes backup, it never prompts to install the management profile. Apple had me do the reset and restore process a few different ways. Microsoft had me try a few things as well.
I also tried removing the device from DEP, waiting a few days, then adding it back in with Configurator. But, I still see the same results.
Apple told me they see that it was assigned a management profile, but not that it was installed.
I also tried resetting a device, then setting it up as a new device first. This did give me the management profile prompt, and set the phone in supervised mode. BUT, when I restored a backup, it was back as a non-supervised device.
Now, part of the point of supervised mode is to prevent people from stealing a device, wiping it and using it. But, if all you have to do to bypass supervision is restore a backup, that's a pretty big problem. Of course, this is a unique scenario, because as far as I know, we don't see the same problem in the subsequent batches of phones. It only seems to exist with those that were added to DEP after the fact.
Also, all this resetting and restoring is not a reasonable solution to force upon our users to fix the problem, it's pretty inconvenient.
