I got my iPad from my school, who had initially installed a profile on my device. But the iPad is now mine, and as a result they have uninstalled the profile.
However, it still shows that my iPad is “supervised and managed” by my school, so what does that mean?
If you are still seeing enrollment information, then it sounds like they did not issue the unmanage command to the device. There are a few items to make note of here. First, there is how to handle the distribution of the device to a person - disassociation of the unit from the EDU institution. The second is issuing the unmanage command to drop the device from active management. Please note, this could have impact to apps, data, and settings.
Let's start by understanding how the unit was originally setup. Please note, I do not have knowledge of your specific institution but if they are following the rules, this is how it would done. First, the school would have a relationship with Apple through Apple School Manager (ASM). ASM will link hard (Macs, iPhones, iPads, and Apple TVs) and soft assets (App Store Apps and Books) to the EDU. The hard assets are linked at time of purchase and if ASM is setup properly, the hard assets are automatically assigned to an MDM (this is the management server).
Once the devices appear in the MDM, they can be assigned to a pre-stage policy that defines the basics of enrollment. This is known as automated enrollment (previously called DEP). When the unit is powered up for the first time, it will check in with Apple's activation servers and they will tell the unit it is an institutional device and that it should talk to the MDM for enrollment directions. The MDM will deliver the enrollment profiles and then the unit will complete any other tasks the MDM has defined (app installation, profile delivery). The automated enrollment method provides supervision. Supervised devices allow the greatest level of management control as the chain of custody can be proven, allowing admins the highest level of device management.
So, now the question is, "how does this back down?" There is really two steps the institution needs to do to disassociate the device from the EDU and allow it to be a "retail" device. The first step is that they need to "release the device" from ASM. By performing this action, the EDU is saying "we don't own this device any longer." Releasing the device does NOT unmanage it. It only breaks the chain of custody, disassociating the physical device from its relationship to the EDU. Thus, if it was to be erased, it would no longer go through an automated enrollment process.
Ah, but you may not want to erase the unit. If not, the second step that is needed is that the unit needs to be sent an unmanage command from the MDM. This command will tell the device to unenroll itself from active management. Now, this may have consequences. If you have apps installed from the MDM, it is possible that they will delete once the device unenrolls. Likewise, if you have profiles that provide specific settings, these settings will be removed from the device. For example, this may include certificates and wifi network settings (one example).
By performing these two steps, the EDU can completely disassociate from the device (no longer "owned" and no longer managed). It is now a "retail" unit and can be used independent of the organization. If erased it will go through a full setup process.
Hope this is helpful,
Reid
If you are still seeing enrollment information, then it sounds like they did not issue the unmanage command to the device. There are a few items to make note of here. First, there is how to handle the distribution of the device to a person - disassociation of the unit from the EDU institution. The second is issuing the unmanage command to drop the device from active management. Please note, this could have impact to apps, data, and settings.
Let's start by understanding how the unit was originally setup. Please note, I do not have knowledge of your specific institution but if they are following the rules, this is how it would done. First, the school would have a relationship with Apple through Apple School Manager (ASM). ASM will link hard (Macs, iPhones, iPads, and Apple TVs) and soft assets (App Store Apps and Books) to the EDU. The hard assets are linked at time of purchase and if ASM is setup properly, the hard assets are automatically assigned to an MDM (this is the management server).
Once the devices appear in the MDM, they can be assigned to a pre-stage policy that defines the basics of enrollment. This is known as automated enrollment (previously called DEP). When the unit is powered up for the first time, it will check in with Apple's activation servers and they will tell the unit it is an institutional device and that it should talk to the MDM for enrollment directions. The MDM will deliver the enrollment profiles and then the unit will complete any other tasks the MDM has defined (app installation, profile delivery). The automated enrollment method provides supervision. Supervised devices allow the greatest level of management control as the chain of custody can be proven, allowing admins the highest level of device management.
So, now the question is, "how does this back down?" There is really two steps the institution needs to do to disassociate the device from the EDU and allow it to be a "retail" device. The first step is that they need to "release the device" from ASM. By performing this action, the EDU is saying "we don't own this device any longer." Releasing the device does NOT unmanage it. It only breaks the chain of custody, disassociating the physical device from its relationship to the EDU. Thus, if it was to be erased, it would no longer go through an automated enrollment process.
Ah, but you may not want to erase the unit. If not, the second step that is needed is that the unit needs to be sent an unmanage command from the MDM. This command will tell the device to unenroll itself from active management. Now, this may have consequences. If you have apps installed from the MDM, it is possible that they will delete once the device unenrolls. Likewise, if you have profiles that provide specific settings, these settings will be removed from the device. For example, this may include certificates and wifi network settings (one example).
By performing these two steps, the EDU can completely disassociate from the device (no longer "owned" and no longer managed). It is now a "retail" unit and can be used independent of the organization. If erased it will go through a full setup process.
Hope this is helpful,
Reid
Supervised is a stated that enables additional management features when managed. When being supervised a watermark of sorts is placed on the device by the supervising entity indicating who placed it in that state. This "watermark" continues to persist until the device is wiped completely. If the management profile is not visible in Settings > General > VPN & Device Management, then it is simply a remnant of the devices past life and is not a concern. If it bothers you, you can choose to wipe the device completely, and upon setup, the message will be gone.
What does it mean if my device is supervised, but the supervisor has uninstalled the profile?
