@Melissa Thanks for checking. I am sorry for not coming out and saying that a device swap was needed. I thought we were referring to a deployment with devices being swapped. You can also do the following:
Backup Device A
Restore Backup on Device B (forcing it through DEP)
Backup Device B
Restore Back on Device B and DEP should come down
This is very frustrating and is an Apple issue that needs to be addressed.
I still don't think this is the scenario I'm seeing.
I backed up from an unsupervised, non-DEP, non-managed iPhone 6s (DEVICE 1).
I restored that backup to a DEP, Supervised, Mandatory iPhone 8 (DEVICE 2), and the DEP settings did not come down, and the device was not supervised or managed.
That should have worked. It works if I don't do a restore and set the phone up as new (so I know the DEP and Meraki settings are correct). It seems restoring the unsupervised backup overrides the DEP.
Are you saying I would then need to back up again from the iPhone 8, wipe the phone, and then restore again to the iPhone 8 in order to get the DEP settings and supervision?
That would stink to have to sit with the user to back up, erase and restore a brand new phone, after they've already gone through the setup once.
Hi @CherylA - so sorry for the delay. The key piece I've learned in this thread is that it is possible to use "restore from backup" and supervise a device, but only if the backup is made on a different device than the one you intend to supervise. It does not seem that this process works on all models, as you were unable to restore from backup and apply supervised settings when moving from an unsupervised iPhone 6 on an iPhone 8.
To be honest - the majority of folks I work with that ask this question (about restoring from backup) are trying to supervise the device they have in hand. In that case, I think we've determined the above process will not work for them.
This is a huge kick in the conkers for someone like me who has to retrospectively supervise almost 200 devices.
This is only retrospective because Apple used to make it so damned hard to enroll into DEP. Since they've now made it much easier, i now have a DEP account i now need to get all our devices into DEP then supervise them.
You all the rest of the nightmare i'm about to have, as some of you have been through it / standing on the precipice. 😞
Understood - it sounds like Apple is aware of the issue and may fix it at some point...
In the meantime, the main complaint I hear about this is around losing is text history. If your users absolutely need to save this - there are other ways to do it. I've seen people use 3rd party programs like TouchCopy to download texts from a device before wiping it.
For any in-app data, they can still backup to iCloud before wiping on a per-app basis and sync those apps AFTER set up. They would just not be able to use the "restore from backup" option in the initial set up steps (which I would recommend you hide/skip when applying DEP settings).
It's not an ideal solution, I understand!
Thank you so much for sharing your experience! That's really interesting that you were able to restore from (and unsupervised) backup to an iphone 6s and have supervision persist. It sounds like you're right about the iphone 8 maybe having a restriction built in. I'll see what I can find out about that!
I love the thorough analysis 🙂 I wouldn't have thought to mix models!!
To be clear - once the device is supervised, you should be able to use the "restore from backup" feature in future wipes/factory reset and have that supervision persist on the device. It's just an issue when first applying supervision to a device that's already out in the field/being used.
@CherylA I reached out to another community of Apple admins about your issue and I am going to see if anyone lets me know they are seeing the same thing. Just to make sure, did you go into Meraki and verify settings were assigned under DEP for that device that forced supervsion and made MDM mandatory?
@jared_f Yes, I verified the settings. I tried all of these things multiple times. If I did the setup without a restore, the device was supervised. If I wiped the device and did the setup with a restore, the device was no longer supervised (restoring from an unsupervised backup).
I put together a quick guide on this topic. The TabPilot video in the guide is really great and covers the basics of configuring DEP to allow you to enroll devices not bought from Apple, watch it first. Please excuse any typos, I did this in a tad of a rush - but there seems to be a little confusion and hesitation and I thought this would be a good idea to throw out there.
As noted in guide, please don't hesitate to reach out if you have any questions for me!
Have a great weekend!
@jared_f why don't you do a YouTube video of the process so people can see before and after and the whole process ...
Good afternoon! I apologize for my absence from this post. Melissa hit this right on the head. I have had a couple of conversations with Meraki about this and since we are changing the supervised state of the phone, it is recommended to do an "iCloud Sync" and not restore from a backup. Using this method you do lose iMessages (text), phone call data, voicemail, installed apps, and songs not purchased through iTunes. You do maintain contacts, photos, and app data so long as it is stored in iCloud. Users can verify that there data is in iCloud by going to iCloud.com. I have went through about 14 phones so far with no issues or complaints. For the users that don't participate in iCloud, they weren't concerned that they received a fresh slate. We also made sure to prime everyone weekly before transitioning to the new phones by sending emails with information about the transition and as well as how to back up the data for themselves. Apple has many excellent KBs for saving your data. Having the phones in a supervised state is really important. I don't know why you wouldn't want to supervise a fleet of phones just due to the fact that you can't disable the iCloud Activation lock on the phones if the previous user doesn't log out of iCloud entirely. This was one of the main reasons we chose to implement Meraki System Manager MDM. With all of that said, I really appreciate everyone's participation in this thread and hope that it helps others out along the way. Have a great weekend everyone!
I can assure you that if you backup to iCloud meraki will come down on the device. I will make a video walk through to show this.
I don't doubt that. Just curious if the device will be supervised and the profile non-removable. Especially when the backup is taken from a non-supervised phone. The more information everyone can present here, the better off we will all be. Thank you all for your contributions.
@CMurdaugh Yes it will. While I don't disagree with the fact that users can just "sync" their information to iCloud a lot of people like having the apps download and having text restored.
The Device Enrollment Programs purpose is to force managmement, lock profiles, and supervise devices. Apple has built an intended fail safe that if a user selects and unsupervised backup the device will become supervised by any means possible.
So yes! A user can restored an unsupervised backup on an iPad if the following pre-requistes are met:
-Device was added to DEP (Apple Configurator, Purchase # from Apple, Etc.)
-Device was assigned to your Meraki MDM Server
-Enrollment settings are pushed from the Meraki dashboard before the user begins setup.
It really makes no sense and would defeat the reason Apple created this program if a user could just select an unsupervised backup and get around DEP (supervision, profile being mandatory.)