You can set up your iOS/iPadOS company devices (so-called supervised devices) so that they can be used either exclusively for business (Company Owned Business Only - COBO) or for both business and private use (Company Owned Personally Enabled - COPE).
In the case of a device designated for business use only, the company retains full control over the device. If supervised devices are also permitted to be used privately, users simply gain access by using their private Apple ID. The personal area on a company-owned device, including personal apps, data and usage, is neither visible nor accessible to the company.
Aim
In this How-To we will show you how to set up supervised devices as either COBO or COPE devices.
Implementation
Setting up COBO devices
- To start, proceed as described in the help article Embedding company-owned iOS/iPadOS devices (COBO/COPE).
- In the ADE profile, remove the checkmark for Apple-ID and iCloud login (arrow in illus.). This prevents the user from entering an Apple-ID during the setup.
- Under Administration→ Policies click on the plus button (left arrow in illus.) to create a policy for iOS/iPadOS devices (right arrow in illus.).
- Keep the selection Supervised devices (arrow in illus.).
- Entfernen Sie jetzt das Häkchen aus der Checkbox Ändern von Accounteinstellungen erlauben (Pfeil im Bild).
- Then select the policy you created (left arrow in illus.) and assign it to the desired users, groups or devices (right arrow in illus.).
- Now users can no longer log in with an Apple account (arrow in illus.).
The company has full control over the device and can control it remotely. Apps can be installed and uninstalled and global guidelines implemented. The device can be located and, if necessary, reset.
Setting up COPE devices
- To start, proceed as described in the help article Embedding company-owned iOS/iPadOS devices (COBO/COPE).
- In the ADE profile place a checkmark in the box for Apple-ID and iCloud login (arrow in illus.). This will allow the user to enter their Apple ID during the device setup.
- Access to the account settings on the device is not restricted. Changes can be made at any time via the device settings (arrow in illus.).
As before, the company has control over the device, but not over the personal space. This, including its apps, data and usage, is neither visible nor accessible to the company.