The fact that iPhones are hard to dump is actually the main protection against threats when your phone is stolen or taken away from you (from a more or less legitimate-looking organization or person). It's a pretty good thing overall.
Why must that prevent backup from an Apple Configurator MDM-supervised device that is paired to an admin Macbook, with MDM policy to prevent mobile pairing with any other Macbook? There is a full cryptographic chain to verify the supervising device, which already has full MDM policy control of the mobile device. What security is being added by preventing that authorized supervisor from doing a forensic backup?
