Supporting Data reconciliation does not bring back / evaluate accounts from the managed resource. It only brings back group information. Since most of the times your accesses will be basically group memberships, having this information will allow you to define accesses in ITIM. A normal reconciliation brings back both groups information and accounts from the target system and possible enforces policy evaluation for each account.
The reason that it is advised to do the group reconciliation seperately is that since it can possibly affect the access definitions you have, you would want to have this in place before you actually reconcile the accounts and evaluate the policies that apply to them.
To give you a solid example, you might have an ldap service, where an ldap server is your managed system. In this ldap server you have configured 2 groups GrpA, and GrpB and you wnat to control membership to these groups. First you will do a Supporting Data reconciliation for your ldap service and those groups will become known to ISIM. You can now go to Manage Groups in the ITIM console and enable these groups as accesses in ITIM. ( if you haven't done the reconciliation of supporting data before, then ISIM would not be aware of the groups in the target system).
Another example is when you want to have these group memberships as entitlemtns in Provisioning Policies. After you have reconciled supporting data, you can go and create a new Provisioning Policy with the group membership as entitlement. Then depending on if the entitlement is automatic or manual the users will get provisioned this access.