When an iCloud backup is restored to the same device, all supervision and profiles come from the backup regardless of how it was configured in the Automatic Device Enrolment Program (previously known as the Device Enrolment Program). For this reason, when restoring backups each user should transition to a new or different device to ensure Automatic Device Enrolment Program supervision and MDM enrolment are enforced and functional.
Examples:
- If you configure a device to be supervised and enrolled in MDM using the Automatic Device Enrolment Program, then restore a backup made when the same device was unsupervised, the device will be unsupervised.
- If you configure a device to be supervised and enrolled in MDM using the Automatic Device Enrolment Program, then restore a backup made when the same device was supervised and enrolled, the device will have a broken enrolment and the state will be undefined, and unsupported
- If you restore a backup made when the same device was supervised by Apple Configurator and enrolled in MDM, the device will remain supervised and enrolled, but the MDM profile will be removable, because Apple Configurator cannot lock MDM enrollment.
- If you restore the backup to a different device that is configured for supervision and MDM enrolment via the Automatic Device Enrolment Program, the device will remain supervised and MDM enrolment will not be removable.
More information:
- James Ridsdale - JNUC - "Bringing VPP & DEP to Life"
- VMware Workspace One (previously Airwatch) - "How to restore an ADE (DEP) Device from iCloud Backup for use with Workspace ONE"
- Apple - "Back up and restore managed apps, documents and data"