Why must that prevent backup from an Apple Configurator MDM-supervised device that is paired to an admin Macbook, with MDM policy to prevent mobile pairing with any other Macbook? There is a full cryptographic chain to verify the supervising device, which already has full MDM policy control of the mobile device. What security is being added by preventing that authorized supervisor from doing a forensic backup?