iOS

Password

    Password required : Numerical password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Device block grace period
  • Allow unlock device using fingerprint
  • Password required : Compound password
    Policy defines requirements for device password. Once done, user must set the device password.
  • Password length
  • Required number of special characters
  • Number of attempts to unlock
  • Number of passwords saved
  • Password expiration
  • Device block grace period
  • Allow unlock device using fingerprint
  • Allow device password changes (supervisor mode)
  • Allow modifying Touch ID fingerprints (supervisor mode)
  • Max inactive time
  • Policy defines user inactive time duration, then blanks the screen and blocks the device with the current password.

Functionality

    Force device periodically connection to the server
  • Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
  • Allow use of the camera
  • Policy determines whether you can use camera
  • Allow using FaceTime
  • Policy defined if the device may perform video and audio connections in FaceTime mode.
  • Allow to take screenshots and record screen
  • Policy determines whether the user can take screenshots and record the screen.
  • Allow use AirDrop (supervisor mode)
  • Policy determines whether the user can use the AirDrop sharing feature. If the policy is disabled, the user cannot use the AirDrop feature in any applications and the AirDrop option is removed from the Control Center. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow use iMessage (supervisor mode)
  • Policy determines whether the user can use iMessage.
  • Allow use Apple Music service (supervised only)
  • Policy determines whether the user has access to Apple Music service. If the policy is disabled, the Music application returns to the classic mode. This rule applies only to devices running iOS 9.3.0 and later.
  • Allow use radio service (supervisor mode)
  • Policy determines whether the user can use iTunes radio. This rule applies only to devices running iOS 9.3.0 and later.
  • Allow voice dialing while device is locked
  • Policy determines whether the user can make voice calls while the device is locked.
  • Allow using Siri assistant
    Policy defines using the Personal Assistant and Knowledge Navigator.
  • Allow using Siri assistant with blocked screen
  • Enable Siri profanity filter (supervisor mode)
  • Show user-generated content in Siri (supervisor mode)
  • Allow iBooks Store (supervisor mode)
  • Policy determines whether the iBook Store is available on the device. If the policy is disabled, the user does not have access to the iBooks Store.
  • Allow removing apps (supervisor mode)
  • Specify whether a user can remove apps from an iOS device. Applying this rule to an unsupervised device may have unexpected results.
  • Allow purchasing with apps
  • Policy defines purchasing with apps.
  • iTunes password required for purchases
  • Policy defines if iTunes password is required for purchasing with apps.
  • Make iCloud backup copy
  • Policy defines if use may make a backup copy in iCloud.
  • Synchronization of documents with iCloud
  • Policy defines if user may synchronize documents with iCloud. Applying this rule to an unsupervised device may have unexpected results.
  • Allow iCloud Keychain
  • Policy determines whether the user can use the iCloud Keychain on the device. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow managed apps to store data in iCloud
  • Policy determines whether managed applications can store internal application data in iCloud. This rule applies only to devices running iOS 8.0.0 and later.
  • Allow backup of enterprise books
  • Policy determines whether the device backup may include an enterprise books. This rule applies only to devices running iOS 8.0.0 and later.
  • Allow notes and highlights sync for enterprise books
  • Policy determines whether the device can synchronize notes and highlights for enterprise books. This rule applies only to devices running iOS 8.0.0 and later.
  • Allow iCloud photo sharing
  • Policy determines whether the user can enable photo sharing with iCloud. If the policy is disabled, the user can not share the stream of photos to other people. If policy is disabled, images and videos may be lost.
  • Allow use iCloud Photo Library (supervisor mode)
  • Policy determines whether a user can upload photos to iCloud Photo Library. This rule applies only to devices running iOS 9.0.0 and later.
  • Allow use My Photo Stream
  • Policy determines whether the user can enable My Photo Stream. If the policy is disabled, photos in My Photo Stream will be deleted from the device and the Camera Roll will no longer be added to My Photo Stream.
  • Allow data synchronization in roaming
  • Policy defines if the device may automatically synchronize data in roaming.
  • Force encrypted backup copies
  • Policy defines if encrypted backup copies must be forced.
  • Force limited ad tracking
  • Policy determines whether applications on the device can use the Advertising Identifier to provide targeted ads to users. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow Apple personalized advertising
  • If unchecked, limits Apple personalized advertising. Available in iOS 14 and later.
  • Allow Erase All Content and Settings (supervisor mode)
  • Policy determines whether the user can use the Erase All Content and Settings option to wipe the device
  • Accept untrusted TLS certificates
  • Policy defines if untrusted TLS certificates may be accepted.
  • Allow automatic updates to certificate trust settings
  • Policy determines whether the device allows automatic updates for trusted certificates over a wireless connection. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow installing additional configuration profiles (supervisor mode)
  • Policy determines whether the user can install additional configuration profiles on the device.
  • Allow modifying account settings (supervisor mode)
  • Policy determines whether the user can change the account settings which is added to the device. If the policy is disabled, the user cannot add new accounts and modify the settings of the accounts currently in use. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow Bluetooth changes (supervisor mode)
  • Policy determines whether the user can change the Bluetooth settings on the device. This rule applies only to devices running iOS 10.0.0 and later.
  • Allow modifying cellular data app settings (supervisor mode)
  • Policy determines whether the user can change the mobile data usage settings for the applications installed on the device. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow device name changes (supervisor mode)
  • Policy determines whether the user can change the device name. This rule applies only to devices running iOS 9.0.0 and later.
  • Allow modifying Find My Friends settings (supervisor mode)
  • Policy determines whether the user can change the “Find my friends” settings. The policy works if Find My Friend application is installed on the device. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow notification changes (supervisor mode)
  • Policy determines whether the user can change the notification settings on the device. This rule applies only to devices running iOS 9.3.0 and later.
  • Allow configuring restrictions (supervisor mode)
  • Policy determines whether the user can configure their own restrictions on the device to prevent access to applications or device functionality. This rule applies only to devices running iOS 8.0.0 and later.
  • Allow wallpaper changes (supervisor mode)
  • Policy determines whether the user can change the wallpaper of the device screen. This rule applies only to devices running iOS 9.0.0 and later.
  • Allow join only Wi-Fi networks installed by profiles (supervisor mode)
  • Policy determines whether the device can join only to Wi-Fi networks installed by the management profile.
  • Allow pairing with a computer that is not an Apple Configurator (supervisor mode)
  • Policy determines whether the device can be paired with a computer that is not an Apple Configurator. This rule applies only to devices running iOS 7.0.0 and later.
  • Enable Activation Lock for devices with Apple Business Manager (supervisor mode)
  • The policy enforces the use of Activation Lock for devices in supervisor mode with Apple Apple Business Manager.
  • Allow Activation Lock (supervisor mode)
  • The policy allows Activation Lock for devices in supervisor mode.
  • Allow open documents from managed sources in unmanaged destinations
  • Policy determines whether the user can open documents and attachments from managed applications and accounts in personal applications. Safari and AirDrop will continue to display all applications as a possible source where the user can open documents regardless of the setting for this rule, or the rule “Allow documents from unmanaged sources in managed destinations”. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow documents from unmanaged sources in managed destinations
  • Policy determines whether the user can open documents and attachments from personal applications and accounts in managed applications. Safari and AirDrop will continue to display all applications as a possible source where the user can open documents regardless of the setting for this rule, or the rule “Allow open documents from managed sources in unmanaged destinations”. This rule applies only to devices running iOS 7.0.0 and later.
  • Force AirDrop to be unmanaged
  • Policy determines whether AirDrop is to be seen as a source for opening in managed applications. This rule applies only to devices running iOS 9.0.0 and later.
  • Allow use Handoff
  • Policy determines whether the user can use the feature to transfer user activities among multiple devices associated with the user. This rule applies only to devices running iOS 8.0.0 and later.
  • Allow Internet results in Spotlight (supervisor mode)
  • Policy determines whether the user can use Spotlight search returns to Internet search when searching for content on a device. This rule applies only to devices running iOS 8.0.0 and later.
  • Send diagnostic data to Apple
    Policy defines if diagnostic data should be sent to Apple.
  • Allow modifying diagnostics settings (supervisor mode) – Policy determines whether the user can change the diagnostic settings.
  • Enable Apple Watch wrist detection
  • Policy determines whether the Apple Watch must use the wrist detection function. This rule applies only to devices running iOS 8.2.0 and later.
  • Allow pairing with Apple Watch (supervisor mode)
  • Policy determines whether the user can pair the device with an Apple Watch. This rule applies only to devices running iOS 9.0.0 and later.
  • Require device passcode on first AirPlay pairing
  • Policy determines whether a password is required during the first pairing with AirPlay devices. If policy is enabled, all devices receiving an AirPlay request, must use a pairing password. This rule applies only to devices running iOS 7.1.0 and later.
  • Allow use predictive keyboard (supervisor mode)
  • Policy determines whether the user can use predictive keyboards. This rule applies only to devices running iOS 8.1.3 and later.
  • Allow use keyboard shortcuts (supervisor mode)
  • Policy determines whether the user can use keyboard shortcuts on the device keyboard. This rule applies only to devices running iOS 9.0.0 and later.
  • Allow use auto-correction (supervisor mode)
  • Policy determines whether the user can use keyboard auto-correction. This rule applies only to devices running iOS 8.1.3 and later.
  • Allow use spell check (supervisor mode)
  • Policy determines whether the user can use spell checking when writing text. This rule applies only to devices running iOS 8.1.3 and later.
  • Allow use Define (supervisor mode)
  • The policy determines whether the user can use the Define function to search for definitions with a double click.
  • Show Wallet notifications in Lock screen
  • Policy determines whether Wallet notifications are displayed on a locked device screen.
  • Show Control Center in lock screen
  • Policy determines whether the user can access Control Center on the lock screen. This rule applies only to devices running iOS 7.0.0 and later.
  • Show Notification Center in lock screen
  • Policy determines whether the user access the Notifications view in Notification Center on the lock screen. This rule applies only to devices running iOS 7.0.0 and later.
  • Show Today view in lock screen
  • Policy determines whether the user can access the Today view in Notification Center on the lock screen. This rule applies only to devices running iOS 7.0.0 and later.
  • Allow AirPrint (supervisor mode)
  • If unselected, disables AirPrint. Requires a supervised device. Available in iOS 11 and later.
  • Allow AirPrint ceredentials storage (supervisor mode)
  • If unselected, disables keychain storage of user name and password for AirPrint. Requires a supervised device. Available in iOS 11 and later.
  • Allow AirPrint iBeacon discovery (supervisor mode)
  • If unselected, disables iBeacon discovery of AirPrint printers, which prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Requires a supervised device. Available in iOS 11 and later.
  • Allow cellular plan modification (supervisor mode)
  • Ifunselected, users can’t change any settings related to their cellular plan. Requires a supervised device. Available in ios 11 and later.
  • Allow dictation (supervisor mode)
  • If unselected, disallows dictation input. Requires a supervised device. Available in iOS 10.3 and later.
  • Allow eSIM modification (supervisor mode)
  • If unselected, disables modifications to the eSIM setting. Requires a supervised device. Available in iOS 12.1 and later.
  • Allow password autofill
  • If unselected, disables the AutoFill Passwords feature in iOS (with Keychain and third-party password managers) and the user isn
  • Allow password request from nearby devices (supervisor mode)
  • If unselected, disables requesting passwords from nearby devices. Requires a supervised device. Available in iOS 12 and later.
  • Allow password sharing via AirDrop (supervisor mode)
  • If unselected, disables sharing passwords with the Airdrop Passwords feature. Requires a supervised device. Available in iOS 12 and later.
  • Allow personal hotspot modification (supervisor mode)
  • If unselected, disables modifications of the personal hotspot setting. Requires a supervised device. Available in iOS 12.2 and later.
  • Allow setup to new device (supervisor mode)
  • If unselected, unmanaged apps can read from managed contacts accounts. If Allow open documents from managed sources in unmanaged destinations is selected, this restriction has no effect. Available in iOS 12 and later. Also available for user enrollment.
  • Allow unmanaged apps to read contacts from managed accounts
  • If unselected, unmanaged apps can read from managed contacts accounts. If Allow open documents from managed sources in unmanaged destinations is selected, this restriction has no effect. Available in iOS 12 and later. Also available for user enrollment.
  • Allow connect devices via USB (supervisor mode)
  • If unselected, allows the device to always connect to USB accessories while locked. Requires a supervised device. Available in iOS 11.4.1 and later.
  • Allow create VPN (supervisor mode)
  • If unselected, disables the creation of VPN configurations. Requires a supervised device. Available in iOS 11 and later.
  • Delayed software updates (supervisor mode)
  • If selected, delays user visibility of software updates. Requires a supervised device. Available in iOS 11.3 and later.
  • Delay software updates (supervisor mode)
  • Sets how many days to delay a software update on the device. With this restriction in place, the user doesn’t see a software update until the specified number of days after release.Requires supervised device. Available in ios 11.3 and later.
  • Require authentication before password autofill (supervisor mode)
  • If selected, the user must authenticate before passwords or credit card information can be autofilled in Safari and Apps. If this restriction isn’t enforced, the user can toggle this feature in settings. Only supported on devices with face id or touch id a supervised device. Available ios 11 and later.
  • Require automatic date and time (supervisor mode)
  • If selected, enables the Set Automatically feature in Date Time and can’t be disabled by the user. The device’s time zone is updated only when device can determine its location using a cellular connection or wi-fi with services enabled. Requires supervised device. Available in ios 12 and later.
  • Require turned on Wi-Fi (supervisor mode)
  • If selected, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use. Requires a supervised device. Available in iOS 13.0 and later.

Apps

    Allow using iTunes store
  • Policy defines the use of iTunes store.
  • Allow use News app (supervisor mode)
  • Policy determines whether the user can use the News app. This rule applies only to devices running iOS 9.0.0 and later for the United States region only.
  • Allow use podcasts (supervisor mode)
  • Policy determines whether the user can add new podcasts. This rule applies only to devices running iOS 8.0.0 and later.
  • Allow App Clips (supervisor mode)
  • If unchecked, prevents an user from adding any App Clips, and removes any existing App Clips on the device. Requires a supervised device. Available in iOS 14.0 and later.
  • Allow use of Game Center (supervisor mode)
    Policy determines whether the Game Center is available on the device. If the policy is disabled, the Game Center icon is removed from the home screen and the user cannot use the Game Center
  • Allow multiplayer gaming (supervisor mode) – Policy determines whether the user can use multiplayer in games. If the “Allow add friends to Game Center” policy is disabled, the user can only play multiplayer games with existing friends. If the policy is disabled, the user cannot use multiplayer in games and cannot add new friends to the Games Center.
  • Adding Friends from Game Center – Policy defines adding Friends from Game Center.
  • Allow use of Safari
    Policy determines whether the Safari is available on the device. If the policy is disabled, the Safari and Web Clips will be removed from the device.
  • Allow autocomplete of fields – Policy defines if browser may use autocomplete
  • Force fraud warning – Policy determines whether the Safari warns user if they visit a web site marked as threatened or compromised.
  • Allow use of JavaScript – Policy defines if browser may use JavaScript.
  • Allow pop-ups – Policy defines if browser should block pop-ups.
  • Accept cookies – Policy defines if browser may use cookies.
  • Email domains – Policy defines email domains that will be considered as default email domains. Email addresses from other domains will be highlighted as external email in Mail app.
  • Web domains – Policy defines domains that will be considered as default. This means that if you download a document from the default domain using Safari, it will be considered a managed item. Depending on the open-in policy, the document can be opened by managed or unmanaged applications.
  • Password AutoFill domains – Policy defines whether users can save passwords in Safari from URLs matching the listed patterns.
  • Allow App Store (supervisor mode)
    If unselected, disables the App Store, and its icon is removed from the Home screen. Users are unable to install or update their apps. In iOS 10 and later, MDM commands can override this restriction. As of iOS 13, this restriction requires a supervised device. Available in iOS 4 and later.
  • Allow App Store (supervisor mode)
  • Allow automatic app downloads (supervisor mode)
  • Allow QuickPath keyboard (supervisor mode)
  • If unselected, disables QuickPath keyboard. Requires a supervised device. Available in iOS 13 and later.
  • Allow Files to access network drivers (supervisor mode)
  • If unselected, prevents connecting to network drives in the Files app. Requires a supervised device. Available in iOS 13.1 and later.
  • Allow Files to access USB drivers (supervisor mode)
  • If unselected, prevents connecting to any connected USB devices in the Files app. Requires a supervised device. Available in iOS 13.1 and later.
  • Allow Find My Device (supervisor mode)
  • If unselected, disables Find My Device in the Find My app. Requires a supervised device. Available in iOS 13 and later.
  • Allow Find My Friends (supervisor mode)
  • If unselected, disables Find My Friends in the Find My app. Requires a supervised device. Available in iOS 13 and later.
  • Allow to write contacts to unmanaged accounts
  • If selected, managed apps can write contacts to unmanaged contacts accounts. If allow open documents from managed sources in unmanaged destinations is selected, this restriction has no effect. Available in iOS 12 and later.
  • Allow system apps removal (supervisor mode)
  • If unselected, disables the removal of system apps from the device. Requires a supervised device. Available in iOS 11 and later.
  • Require trusted TLS certificates for AirPrint (supervisor mode)
  • If selected, requires trusted certificates for TLS printing communication. Requires a supervised device. Available in iOS 11 and later.

Media

    Ratings region
    Policy determines which region will be used for content ratings.
  • Movies – Policy determines the maximum allowed rating for movies that users can download from the iTunes Store. Use this rule to block access to new and existing movies that exceed a maximum rating. If set to “Do not allow movies,” all movies purchased from iTunes Store are hidden and users can not preview, purchase, or download movies.
  • TV Shows – Policy determines the maximum allowed rating for TV shows that users can download from the iTunes Store. Use this rule to block access to new and existing TV shows that exceed a maximum rating. If set to “Do not allow TV shows,” all TV shows purchased from the iTunes Store are hidden and users cannot preview, purchase, or download TV shows.
  • Apps – Policy determines the maximum allowed rating for apps that users can download from the App Store. Use this rule to block access to new and existing apps that exceed a maximum rating. This rule does not apply to built-in iOS apps. If set to “Do not allow apps,” all apps purchased from the App Store are hidden and users cannot install or update apps.
  • Allow playback of explicit music, podcasts, and iTunes U media
  • Policy determines that explicit music or video content purchased from the iTunes Store or listed in iTunes U is available on an iOS device. Explicit content is flagged by content providers, such as record labels, when sold through the iTunes Store or distributed through iTunes U. If this rule is not selected, explicit music or video content on the device is hidden and users cannot preview, purchase, or download explicit music or video content.
  • Allow explicit sexual content in iBooks Store
  • Policy determines that explicit sexual content purchased from the iBooks Store is available on an iOS device. Explicit content is flagged by content providers when sold through the iBooks Store. If this rule is not selected, explicit books on the device are hidden and users cannot preview, purchase, or download books with explicit sexual content.

Web content filter

    Content filtering
    Policy defines whether you can use web content filter to limit the websites that a user can view in Safari or other browser apps on an iOS device.
  • Turn on automatic filtering – This option enables automatic filtering to identify and block inappropriate content. You can also include specific websites using the following settings “Permitted URLs” and “Blacklisted URLs”
  • Permitted URLs – This option enables automatic filtering to identify and block inappropriate content. You can also include specific websites using the following settings.
  • Blacklisted URLs – Policy defines whether you can add one or more URLs to deny access to specific websites. Users cannot view websites in this list regardless of whether automatic filtering allows access.

Education

    Allow remote screen observation (supervisor mode)
  • If unselected, disables remote screen observation by the Classroom app. If allow screenshot is unselected, the Classroom app doesn’t observe remote screens required a supervised device until ios 13. Available in 12 and later.
  • Require automatically join to classes (supervisor mode)
  • If selected, automatically gives permission to the teacher’s requests without prompting the student. Requires a supervised device. available in ios 11 and later.
  • Require request permission to leave classes (supervisor mode)
  • If selected, a student enrolled in an unmanaged course through Classroom requests permission from the teacher when attempting to leave the course. Requires a supervised device. Available in iOS 11.3 and later.
  • Allow app and device lock (supervisor mode)
  • If selected, allows the teacher to lock apps or the device without prompting the student. Requires a supervised device. Available in iOS 11 and later.
  • Allow screen observation (supervisor mode)
  • If selected and Allow remote screen observation is also selected, a student enrolled in a managed course via the Classroom app automatically gives permission to that course teacher’s requests to observe the student’s screen without prompting student. Requires a supervised device. Available in ios 11 and later.