Skip to content

Configure device supervision

You can configure Macs that are allowed to supervise your Apple Business Manager iPhones and iPads. These Macs can pair with a device even if you block USB pairing in general.

To configure a Mac for device supervision, upload its supervision identity certificate to the Apple Business Manager profile in Sophos Mobile.

Do as follows:

  1. On the Mac, create a new organization in Apple Configurator or use an existing organization.
  2. Open the Keychain Access app.
  3. Under My certificates, export the organization’s certificate.

    There’s one certificate for each organization you’ve configured in Apple Configurator.

    Ensure that you export the certificate in CER format, that is, with a .cer file extension.

  4. In your Apple Business Manager profile in Sophos Mobile, go to the USB pairing tab and configure the following settings:

    1. Clear the Allow USB pairing with all hosts check box.
    2. Select Upload host certificate to upload the certificate file.
  5. Optional: To configure another Mac for device supervision, do one of the following:

    • Upload another certificate to the Apple Business Manager profile.
    • Share the organization between the Macs by doing the following:

      Export the organization from Apple Configurator on the first Mac and import it on the second Mac.

    • Share the supervision identity between the Macs by doing the following:

      On the first Mac, export the supervision identity from Apple Configurator in PKCS #12 format with a .p12 file extension. On the second Mac, use Keychain Access to open the .p12 file.

For details about managing organizations and supervision identities, see Apple Configurator 2 User Guide: Organization preferences in Apple Configurator 2.