Configuring the device in supervised mode and enrolling it into the Cytomic MDM solution
The process to configure an iOS device in supervised mode is carried out independently from the process to enroll it into the Cytomic MDM solution.
When you configure an iOS device in supervised mode, all data and apps on the device delete. To create a backup of the data and restore it after the procedure has been completed, see Configuring an iOS device in supervised mode without loss of data.
To verify that the iOS device is in supervised mode, see Verifying that the device is supervised
Creating the Blueprint
- 
                                                On the macOS computer, open the Apple Configurator 2 app. Select File, New Blueprint. The All Blueprints window opens, showing all Blueprints created so far. The newly created Blueprint is automatically selected. 
- 
                                                Type the name of the new Blueprint. Press Enter. 
Getting the Advanced EPDR MDM solution enrollment URL
- 
                                                Verify you have a valid Apple certificate uploaded to the Advanced EPDR management console. To generate a certificate, see Creating and importing the digital certificate into the Advanced EPDR console. If your certificate is about to expire, see Renewing the Apple certificate. 
- 
                                                Make sure your company’s iOS devices do not have a third-party MDM profile already installed. If they do, delete the profile from your devices. For more information about the implications of deleting a third-party MDM profile, see Managing iOS devices with an MDM solution and Enrollment types supported by Advanced EPDR. 
- 
                                                Select the Computers menu at the top of the Advanced EPDR management console. Click the Add computers button. A window opens with the platforms supported by Advanced EPDR. 
- 
                                                Click the iOS icon. The iOS window opens with information about the previously uploaded certificate. 
                                                 
                                                
                                            
- 
                                                To add the iOS device to a group created in the management console, select Add computers to this group. From the drop-down list, select a folder. 
- 
                                                Click the Send URL by email button. The email program installed on the computer opens. 
- 
                                                Enter the email address of the user that will use the iOS device you want to enroll. Click Send. 
Preparing the device
- 
                                                In the Apple Configurator 2 app, select the created Blueprint and click Prepare in the top bar. The Prepare devices window opens. 
- 
                                                In Prepare with, select Manual configuration, Supervise devices, and Allow devices to pair with other computers. Click Next. The Enroll in MDM server window opens. 
- 
                                                In Server, select Do not enroll in MDM. Click Next. The Sign in to Apple Business Manager or Apple School Manager window opens. 
- 
                                                Click Skip. The Create an organization window opens. 
- 
                                                Enter your company’s details. Click Next. 
- 
                                                Select Create a new supervision identity. Click Next. The Configure iOS Setup Assistant window opens. 
- 
                                                Choose which steps will be presented to the user in the Setup Assistant the first time the user turns on the iOS device. Click Prepare. A window opens that prompts for the macOS computer administrator credentials. 
- 
                                                Click Update settings. A pop-up window opens that shows the status of the configuration process. 
- 
                                                After the procedure is complete, the Blueprint is created and ready to be applied to all relevant iOS devices. 
Applying the Blueprint to iOS devices
Before enrolling a supervised iOS device into an MDM solution, make sure the Find My iPhone option is disabled.
- 
                                                Disable Find My iPhone on the user’s iOS device. 
- 
                                                Connect the iOS device to the macOS computer with a USB cable. The Apple Configurator 2 app must be open during the process. The message Trust this computer? appears on the mobile device. 
- 
                                                Tap Trust. 
- 
                                                In the Apple Configurator 2 app, click All devices in the top bar. After connecting, you can see the device in the Apple Configurator window. 
- 
                                                Right-click the device. A drop-down menu appears. 
- 
                                                Click Apply. Select the created Blueprint. A window opens for you to confirm you want to apply the Blueprint. 
- 
                                                When you click Apply, the following actions are taken on the iOS device: - 
                                                        The device is reset to its factory-default settings. 
- 
                                                        All data and apps are deleted from the device. 
- 
                                                        The device is placed in supervised mode. 
 
- 
                                                        
Verifying that the device is supervised
- 
                                                In the Apple Configurator 2 app, click Supervised in the top bar. The new supervised device is shown. 
- 
                                                Tap Settings on the iOS device. In the upper-left corner, under the phone name, the message “This iPhone is supervised and managed by (company name)” is shown. 
Enrolling the supervised device into the Cytomic MDM solution
- 
                                                Configure the email app on the supervised iOS device. Download the message that contains the MDM enrollment URL. This message was sent earlier from the Advanced EPDR console. 
- 
                                                Tap the link. A window opens that shows the message This website is trying to download a configuration profile. Do you want to allow this? 
- 
                                                Tap Allow. After the profile has been downloaded to the iOS device, the message Profile downloaded appears. 
- 
                                                Open the Settings app on the iOS device. The Settings window opens. 
- 
                                                Tap General. The General window opens. 
- 
                                                Tap VPN and device management. The WatchGuard MDM Service downloaded profile is shown. 
- 
                                                Tap WatchGuard MDM Service. The Install profile window opens with information about the security of the downloaded file. 
- 
                                                Tap Install in the upper-right corner. You are asked to enter the phone password. 
- 
                                                Enter the password. A Warning message appears, indicating that the device will be managed remotely. 
- 
                                                Tap Install in the upper-right corner. The Remote Management window opens. 
- 
                                                Tap Trust. The profile is installed. After a few minutes, the Advanced EPDR agent is downloaded and installed automatically. 
- 
                                                After the app is downloaded and installed, tap it to run it for the first time. The message "WatchGuard Mobile Security" Would Like to Send You Notifications appears. 
- 
                                                Tap the Allow button. The device is added to the Advanced EPDR console and the configuration process is complete.