Force device periodically connection to the server
- Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
Allow use of the camera
- Policy determines whether you can use camera
Allow using FaceTime
- Policy defined if the device may perform video and audio connections in FaceTime mode.
Allow to take screenshots and record screen
- Policy determines whether the user can take screenshots and record the screen.
Allow use AirDrop (supervisor mode)
- Policy determines whether the user can use the AirDrop sharing feature. If the policy is disabled, the user cannot use the AirDrop feature in any applications and the AirDrop option is removed from the Control Center. This rule applies only to devices running iOS 7.0.0 and later.
Allow use iMessage (supervisor mode)
- Policy determines whether the user can use iMessage.
Allow use Apple Music service (supervised only)
- Policy determines whether the user has access to Apple Music service. If the policy is disabled, the Music application returns to the classic mode. This rule applies only to devices running iOS 9.3.0 and later.
Allow use radio service (supervisor mode)
- Policy determines whether the user can use iTunes radio. This rule applies only to devices running iOS 9.3.0 and later.
Allow voice dialing while device is locked
- Policy determines whether the user can make voice calls while the device is locked.
Allow using Siri assistant
Policy defines using the Personal Assistant and Knowledge Navigator.
- Allow using Siri assistant with blocked screen
- Enable Siri profanity filter (supervisor mode)
- Show user-generated content in Siri (supervisor mode)
Allow iBooks Store (supervisor mode)
- Policy determines whether the iBook Store is available on the device. If the policy is disabled, the user does not have access to the iBooks Store.
Allow removing apps (supervisor mode)
- Specify whether a user can remove apps from an iOS device. Applying this rule to an unsupervised device may have unexpected results.
Allow purchasing with apps
- Policy defines purchasing with apps.
iTunes password required for purchases
- Policy defines if iTunes password is required for purchasing with apps.
Make iCloud backup copy
- Policy defines if use may make a backup copy in iCloud.
Synchronization of documents with iCloud
- Policy defines if user may synchronize documents with iCloud. Applying this rule to an unsupervised device may have unexpected results.
Allow iCloud Keychain
- Policy determines whether the user can use the iCloud Keychain on the device. This rule applies only to devices running iOS 7.0.0 and later.
Allow managed apps to store data in iCloud
- Policy determines whether managed applications can store internal application data in iCloud. This rule applies only to devices running iOS 8.0.0 and later.
Allow backup of enterprise books
- Policy determines whether the device backup may include an enterprise books. This rule applies only to devices running iOS 8.0.0 and later.
Allow notes and highlights sync for enterprise books
- Policy determines whether the device can synchronize notes and highlights for enterprise books. This rule applies only to devices running iOS 8.0.0 and later.
Allow iCloud photo sharing
- Policy determines whether the user can enable photo sharing with iCloud. If the policy is disabled, the user can not share the stream of photos to other people. If policy is disabled, images and videos may be lost.
Allow use iCloud Photo Library (supervisor mode)
- Policy determines whether a user can upload photos to iCloud Photo Library. This rule applies only to devices running iOS 9.0.0 and later.
Allow use My Photo Stream
- Policy determines whether the user can enable My Photo Stream. If the policy is disabled, photos in My Photo Stream will be deleted from the device and the Camera Roll will no longer be added to My Photo Stream.
Allow data synchronization in roaming
- Policy defines if the device may automatically synchronize data in roaming.
Force encrypted backup copies
- Policy defines if encrypted backup copies must be forced.
Force limited ad tracking
- Policy determines whether applications on the device can use the Advertising Identifier to provide targeted ads to users. This rule applies only to devices running iOS 7.0.0 and later.
Allow Apple personalized advertising
- If unchecked, limits Apple personalized advertising. Available in iOS 14 and later.
Allow Erase All Content and Settings (supervisor mode)
- Policy determines whether the user can use the Erase All Content and Settings option to wipe the device
Accept untrusted TLS certificates
- Policy defines if untrusted TLS certificates may be accepted.
Allow automatic updates to certificate trust settings
- Policy determines whether the device allows automatic updates for trusted certificates over a wireless connection. This rule applies only to devices running iOS 7.0.0 and later.
Allow installing additional configuration profiles (supervisor mode)
- Policy determines whether the user can install additional configuration profiles on the device.
Allow modifying account settings (supervisor mode)
- Policy determines whether the user can change the account settings which is added to the device. If the policy is disabled, the user cannot add new accounts and modify the settings of the accounts currently in use. This rule applies only to devices running iOS 7.0.0 and later.
Allow Bluetooth changes (supervisor mode)
- Policy determines whether the user can change the Bluetooth settings on the device. This rule applies only to devices running iOS 10.0.0 and later.
Allow modifying cellular data app settings (supervisor mode)
- Policy determines whether the user can change the mobile data usage settings for the applications installed on the device. This rule applies only to devices running iOS 7.0.0 and later.
Allow device name changes (supervisor mode)
- Policy determines whether the user can change the device name. This rule applies only to devices running iOS 9.0.0 and later.
Allow modifying Find My Friends settings (supervisor mode)
- Policy determines whether the user can change the “Find my friends” settings. The policy works if Find My Friend application is installed on the device. This rule applies only to devices running iOS 7.0.0 and later.
Allow notification changes (supervisor mode)
- Policy determines whether the user can change the notification settings on the device. This rule applies only to devices running iOS 9.3.0 and later.
Allow configuring restrictions (supervisor mode)
- Policy determines whether the user can configure their own restrictions on the device to prevent access to applications or device functionality. This rule applies only to devices running iOS 8.0.0 and later.
Allow wallpaper changes (supervisor mode)
- Policy determines whether the user can change the wallpaper of the device screen. This rule applies only to devices running iOS 9.0.0 and later.
Allow join only Wi-Fi networks installed by profiles (supervisor mode)
- Policy determines whether the device can join only to Wi-Fi networks installed by the management profile.
Allow pairing with a computer that is not an Apple Configurator (supervisor mode)
- Policy determines whether the device can be paired with a computer that is not an Apple Configurator. This rule applies only to devices running iOS 7.0.0 and later.
Enable Activation Lock for devices with Apple Business Manager (supervisor mode)
- The policy enforces the use of Activation Lock for devices in supervisor mode with Apple Apple Business Manager.
Allow Activation Lock (supervisor mode)
- The policy allows Activation Lock for devices in supervisor mode.
Allow open documents from managed sources in unmanaged destinations
- Policy determines whether the user can open documents and attachments from managed applications and accounts in personal applications. Safari and AirDrop will continue to display all applications as a possible source where the user can open documents regardless of the setting for this rule, or the rule “Allow documents from unmanaged sources in managed destinations”. This rule applies only to devices running iOS 7.0.0 and later.
Allow documents from unmanaged sources in managed destinations
- Policy determines whether the user can open documents and attachments from personal applications and accounts in managed applications. Safari and AirDrop will continue to display all applications as a possible source where the user can open documents regardless of the setting for this rule, or the rule “Allow open documents from managed sources in unmanaged destinations”. This rule applies only to devices running iOS 7.0.0 and later.
Force AirDrop to be unmanaged
- Policy determines whether AirDrop is to be seen as a source for opening in managed applications. This rule applies only to devices running iOS 9.0.0 and later.
Allow use Handoff
- Policy determines whether the user can use the feature to transfer user activities among multiple devices associated with the user. This rule applies only to devices running iOS 8.0.0 and later.
Allow Internet results in Spotlight (supervisor mode)
- Policy determines whether the user can use Spotlight search returns to Internet search when searching for content on a device. This rule applies only to devices running iOS 8.0.0 and later.
Send diagnostic data to Apple
Policy defines if diagnostic data should be sent to Apple.
- Allow modifying diagnostics settings (supervisor mode) – Policy determines whether the user can change the diagnostic settings.
Enable Apple Watch wrist detection
- Policy determines whether the Apple Watch must use the wrist detection function. This rule applies only to devices running iOS 8.2.0 and later.
Allow pairing with Apple Watch (supervisor mode)
- Policy determines whether the user can pair the device with an Apple Watch. This rule applies only to devices running iOS 9.0.0 and later.
Require device passcode on first AirPlay pairing
- Policy determines whether a password is required during the first pairing with AirPlay devices. If policy is enabled, all devices receiving an AirPlay request, must use a pairing password. This rule applies only to devices running iOS 7.1.0 and later.
Allow use predictive keyboard (supervisor mode)
- Policy determines whether the user can use predictive keyboards. This rule applies only to devices running iOS 8.1.3 and later.
Allow use keyboard shortcuts (supervisor mode)
- Policy determines whether the user can use keyboard shortcuts on the device keyboard. This rule applies only to devices running iOS 9.0.0 and later.
Allow use auto-correction (supervisor mode)
- Policy determines whether the user can use keyboard auto-correction. This rule applies only to devices running iOS 8.1.3 and later.
Allow use spell check (supervisor mode)
- Policy determines whether the user can use spell checking when writing text. This rule applies only to devices running iOS 8.1.3 and later.
Allow use Define (supervisor mode)
- The policy determines whether the user can use the Define function to search for definitions with a double click.
Show Wallet notifications in Lock screen
- Policy determines whether Wallet notifications are displayed on a locked device screen.
Show Control Center in lock screen
- Policy determines whether the user can access Control Center on the lock screen. This rule applies only to devices running iOS 7.0.0 and later.
Show Notification Center in lock screen
- Policy determines whether the user access the Notifications view in Notification Center on the lock screen. This rule applies only to devices running iOS 7.0.0 and later.
Show Today view in lock screen
- Policy determines whether the user can access the Today view in Notification Center on the lock screen. This rule applies only to devices running iOS 7.0.0 and later.
Allow AirPrint (supervisor mode)
- If unselected, disables AirPrint. Requires a supervised device. Available in iOS 11 and later.
Allow AirPrint ceredentials storage (supervisor mode)
- If unselected, disables keychain storage of user name and password for AirPrint. Requires a supervised device. Available in iOS 11 and later.
Allow AirPrint iBeacon discovery (supervisor mode)
- If unselected, disables iBeacon discovery of AirPrint printers, which prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Requires a supervised device. Available in iOS 11 and later.
Allow cellular plan modification (supervisor mode)
- Ifunselected, users can’t change any settings related to their cellular plan. Requires a supervised device. Available in ios 11 and later.
Allow dictation (supervisor mode)
- If unselected, disallows dictation input. Requires a supervised device. Available in iOS 10.3 and later.
Allow eSIM modification (supervisor mode)
- If unselected, disables modifications to the eSIM setting. Requires a supervised device. Available in iOS 12.1 and later.
Allow password autofill
- If unselected, disables the AutoFill Passwords feature in iOS (with Keychain and third-party password managers) and the user isn
Allow password request from nearby devices (supervisor mode)
- If unselected, disables requesting passwords from nearby devices. Requires a supervised device. Available in iOS 12 and later.
Allow password sharing via AirDrop (supervisor mode)
- If unselected, disables sharing passwords with the Airdrop Passwords feature. Requires a supervised device. Available in iOS 12 and later.
Allow personal hotspot modification (supervisor mode)
- If unselected, disables modifications of the personal hotspot setting. Requires a supervised device. Available in iOS 12.2 and later.
Allow setup to new device (supervisor mode)
- If unselected, unmanaged apps can read from managed contacts accounts. If Allow open documents from managed sources in unmanaged destinations is selected, this restriction has no effect. Available in iOS 12 and later. Also available for user enrollment.
Allow unmanaged apps to read contacts from managed accounts
- If unselected, unmanaged apps can read from managed contacts accounts. If Allow open documents from managed sources in unmanaged destinations is selected, this restriction has no effect. Available in iOS 12 and later. Also available for user enrollment.
Allow connect devices via USB (supervisor mode)
- If unselected, allows the device to always connect to USB accessories while locked. Requires a supervised device. Available in iOS 11.4.1 and later.
Allow create VPN (supervisor mode)
- If unselected, disables the creation of VPN configurations. Requires a supervised device. Available in iOS 11 and later.
Delayed software updates (supervisor mode)
- If selected, delays user visibility of software updates. Requires a supervised device. Available in iOS 11.3 and later.
Delay software updates (supervisor mode)
- Sets how many days to delay a software update on the device. With this restriction in place, the user doesn’t see a software update until the specified number of days after release.Requires supervised device. Available in ios 11.3 and later.
Require authentication before password autofill (supervisor mode)
- If selected, the user must authenticate before passwords or credit card information can be autofilled in Safari and Apps. If this restriction isn’t enforced, the user can toggle this feature in settings. Only supported on devices with face id or touch id a supervised device. Available ios 11 and later.
Require automatic date and time (supervisor mode)
- If selected, enables the Set Automatically feature in Date Time and can’t be disabled by the user. The device’s time zone is updated only when device can determine its location using a cellular connection or wi-fi with services enabled. Requires supervised device. Available in ios 12 and later.
Require turned on Wi-Fi (supervisor mode)
- If selected, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use. Requires a supervised device. Available in iOS 13.0 and later.