for supervised iOS and iPadOS
The Device feature restrictions section lets you restrict user access to features of the iOS MDM device.
Device feature restrictions settings for Pro View
Parameter |
Description |
|---|---|
General |
|
Prohibit voice dial on a locked device |
Use of the voice dialing function on a locked mobile device. If the check box is cleared, the user can use voice commands to dial phone numbers on a locked mobile device. If the check box is selected, the user cannot use voice commands to dial phone numbers on a locked mobile device. This check box is cleared by default. |
Prohibit screenshots and screen recording |
Ability to take a screenshot or video from the screen of the iOS MDM device. If the check box is cleared, the user can take and save screenshots and videos from the screen of the mobile device. If the check box is selected, the user cannot take and save screenshots and videos from the screen of the mobile device. This check box is cleared by default. |
Prompt for password for each purchase on iTunes Store |
Use of the restriction password for purchasing media content in iTunes Store. If the check box is selected, prior to making the first purchase via iTunes Store, the user has to specify a restriction password in the purchase restriction settings and subsequently use it for preventing accidental or unauthorized purchases. After the account has been verified when the user is making purchases, the restriction password does not have to be re-entered for 15 minutes. If the check box is cleared, the user is not required to enter the restriction password before making purchases in iTunes Store. This check box is cleared by default. |
Prohibit backup in iCloud |
Automatic backup of data from the iOS MDM device to iCloud. Copies of data already stored in iCloud are not created during the backup process. Copies of media content that was received by synchronizing the device with a computer and not purchased from iTunes Store are not created either. If the check box is cleared, the user can save backup copies of mobile device data in iCloud. Backup copies of data are saved in iCloud on a daily basis when the device is enabled, locked, and connected to a power source. If the check box is selected, the user cannot save backup copies of mobile device data in iCloud. This check box is cleared by default. |
Prohibit storing documents and data in iCloud |
Automatic backup of documents in iCloud. iCloud documents can be opened and edited on other devices on which the iCloud service is configured. If the check box is cleared, the user can save documents in iCloud, and open and edit them on other devices in applications that support iCloud (such as TextEdit). If the check box is selected, the user is not allowed to save documents in iCloud. This check box is cleared by default. |
Prohibit device unlock using Touch ID and Face ID |
Touch ID and Face ID make it possible to use a fingerprint or facial recognition as a password for unlocking the iOS MDM device. Touch ID and Face ID can also be used for authentication of purchases by means of Apple Pay, iTunes Store, App Store, and Book Store, and to sign in to apps. If the check box is cleared, the user can use a fingerprint or facial recognition instead of entering a password to unlock the mobile device. If the check box is selected, the user cannot use Touch ID or Face ID for unlocking the mobile device. This check box is cleared by default. |
Prohibit iCloud keychain |
Automatic synchronization of the account credentials of an iOS MDM device user with the user's other Apple devices. The synchronized data is stored in iCloud Keychain. Data in iCloud Keychain is encrypted. iCloud Keychain makes it possible to save the following data in iCloud:
If the check box is cleared, the user can synchronize data of accounts with the user's other Apple devices. If the check box is selected, the user is not allowed to use iCloud Keychain on the mobile device. This check box is cleared by default. |
Prohibit iCloud photo sharing |
Use of iCloud photo sharing on the iOS MDM device to grant other users access to photos and videos on the iCloud server. The other users need to have the iCloud photo sharing feature configured. If the check box is cleared, the iCloud photo sharing feature is available to the user. Users of other devices can view the user's photos and videos, leave comments, and add their own photos and videos. The user can also access the data of other users on the iCloud server. If the check box is selected, the iCloud photo sharing feature is not available to the user. The user cannot grant other users access to the user's photos and videos on the iCloud server, or access the data of other users on the iCloud server. This check box is cleared by default. |
Disable encryption of backup copies |
Encryption of backup copies of iOS MDM device data in the iTunes app on the user's computer. If the check box is cleared, when a backup copy of mobile device data is created in the iTunes app, data is encrypted automatically and protected with a password. In this case, the user cannot encrypt backup copies of device data in the iTunes app. If the check box is selected, the user can choose whether to encrypt backup copies of data in the iTunes app. This check box is cleared by default. |
Limit ad tracking |
Use of IFA (Identifier for advertisers) technology for keeping track of websites visited and apps launched on the iOS MDM device. IFA makes it possible to configure ad tracking on the mobile device according to the user's interests. If the check box is selected, IFA technology is disabled on the user's mobile device. If the check box is cleared, IFA technology is enabled on the mobile device and keeps track of visited websites and started apps in order to show targeted ads. This check box is cleared by default. |
Prohibit users from accepting untrusted TLS certificates |
Use of untrusted TLS certificates for providing an encrypted communication channel between apps on the iOS MDM device (Mail, Contacts, Calendar, Safari) and corporate resources. If the check box is cleared, the user may allow the use of an untrusted TLS certificate after being shown a warning. If the check box is selected, the use of untrusted TLS certificates is blocked. This check box is cleared by default. |
Prohibit automatic updates of trusted certificates |
Automatic updates of trusted certificates on the iOS MDM device. If the check box is cleared, changes made to the trust settings of a certificate are applied automatically. If the check box is selected, changes to trust settings of a certificate are not applied automatically. After being shown a warning, the user may choose to apply changes to trust settings of the certificate. This check box is cleared by default. |
Prohibit installing configuration profiles |
Use of additional configuration profiles on the iOS MDM device. If the check box is cleared, the user can install additional configuration profiles on the mobile device. If the check box is selected, the user cannot install additional configuration profiles on the mobile device. This check box is cleared by default. |
Prohibit modifying account settings |
Option that lets the user add new accounts (such as email accounts) and edit account settings on the iOS MDM device. If the check box is cleared, the mobile device user can add new accounts and edit the settings of existing accounts. If the check box is selected, the mobile device user is not allowed to add new accounts and edit the settings of existing accounts. This check box is cleared by default. |
Prohibit non-Configurator hosts |
Protection of the iOS MDM device against third-party connections. A third-party connection is a connection to other devices or synchronization with Apple services, such as iTunes. If the check box is cleared, the user can synchronize the iOS MDM device with other devices and Apple services. If the check box is selected, non-Configurator hosts on the user's mobile device are blocked. This check box is cleared by default. |
Prohibit non-managed apps from using documents from managed apps |
Ability to use non-managed (personal) apps on the iOS MDM device to open documents created by using managed (corporate) apps and accounts. Non-managed apps are apps installed, configured, and managed by the mobile device user. If the check box is cleared, the user can use non-managed apps to open documents created in managed corporate apps. If the check box is selected, the user is not allowed to use non-managed apps to open documents created by using managed apps. For example, this setting prevents a confidential email attachment from a managed email account from being opened in the user's personal apps. This check box is cleared by default. |
Prohibit managed apps from using documents from non-managed apps |
Ability to use managed (corporate) apps on the iOS MDM device to open documents created by using non-managed (personal) apps and accounts of the user. Non-managed apps are apps installed, configured, and managed by the mobile device user. If the check box is cleared, the user can use managed apps to open documents created by using non-managed apps. If the check box is selected, the user is not allowed to use managed apps to open documents created by using non-managed apps. For example, this setting prevents a document from a personal iCloud account from being opened in a corporate app. This check box is cleared by default. |
Prohibit sending diagnostic and personal data to Apple |
Automatic receiving of diagnostic data and information on iOS MDM device usage and transmission of a report with this data to Apple for analysis. If the check box is cleared, after being shown a warning, the user may allow transmission of reports with diagnostic data and information on mobile device usage to Apple. If the check box is selected, transmission of reports with diagnostic data and information on mobile device usage to Apple is blocked. This check box is cleared by default. |
Prompt for password on first connection via AirPlay |
Use of a password upon connection of the iOS MDM device to devices compatible with AirPlay. The password is used for safe transmission of media content. If the check box is selected, before the first connection of the mobile device to devices compatible with AirPlay, the user must specify a password in the AirPlay security settings and subsequently enter it. If the check box is cleared, the user can decide whether to use a password when connecting the mobile device to devices compatible with AirPlay. This check box is cleared by default. |
Apps |
|
Prohibit use of camera |
Use of the camera on the user's mobile device. If the check box is cleared, the user is allowed to use the device camera. If the check box is selected, use of the device camera is disabled. The user cannot take photos, record videos, or use the FaceTime app. The camera icon on the device home screen is hidden. This check box is cleared by default. |
Prohibit FaceTime |
Use of the FaceTime app on the user's mobile device. This check box is available if the use of the device camera is allowed. This setting is available if the Prohibit use of camera check box is cleared. If the check box is cleared, the user can make and receive calls using FaceTime. If the check box is selected, the FaceTime app is disabled on the user device. The user cannot make or receive video calls. This check box is cleared by default. |
Prohibit AirDrop |
Use of the AirDrop feature for transmitting user data from the iOS MDM device to other Apple devices. If the check box is cleared, the user can use AirDrop to transmit data to other Apple devices. If the check box is selected, the user cannot transmit data to other Apple devices by using AirDrop. This check box is cleared by default. |
Prohibit iMessage |
Use of the iMessage service on the user's mobile device. If the check box is cleared, the user can send and receive messages by using iMessage. If the check box is selected, iMessage is not available on the mobile device. The user cannot send or receive messages via iMessage. This check box is cleared by default. |
Prohibit Book Store |
Access to Book Store from the Apple Books app on the user's mobile device. If the check box is cleared, the user can visit Book Store from the Apple Books app installed on the device. If the check box is selected, the user cannot visit Book Store from the Apple Books app. This check box is cleared by default. |
Prohibit Siri |
Usage of the Siri app on the user's mobile device. If the check box is cleared, the user can use Siri voice commands on the mobile device. If the check box is selected, the user cannot use Siri voice commands on the mobile device. This check box is cleared by default. |
Prohibit when device is locked |
Use of Siri voice commands when the user's mobile device is locked. The user's mobile device has to be password-protected. If the check box is cleared, the user can use Siri voice commands on a locked mobile device. If the check box is selected, the user cannot use Siri voice commands on a locked device. This check box is cleared by default. |
Prohibit use of profanity filter |
This option disables the filtering of profanity while using the Siri app on the mobile device. If the check box is cleared, profanity is filtered while the user uses the Siri app. If the check box is selected, profanity is not filtered while the user uses the Siri app. This check box is cleared by default. |
Prohibit Siri from using internet search |
This option prohibits Siri from using internet search for voice commands on the iOS MDM device. If the check box is cleared, Siri can search the internet for answers to the user's questions. If the check box is selected, Siri cannot search the internet for information. This check box is cleared by default. |
Prohibit installation of apps from Apple Configurator and iTunes |
The user can independently install apps on an iOS MDM device. If the check box is cleared, the user can independently install or update apps on a mobile device from App Store by using iTunes or Apple Configurator. If the check box is selected, the user cannot install or update apps from App Store by using iTunes or Apple Configurator on a mobile device. Installation and updates are available only for corporate apps. The App Store icon is hidden on the home screen of the iOS MDM device. This check box is cleared by default. |
Prohibit removing apps |
This option allows removing apps from the mobile device. If the check box is cleared, the user can remove apps installed via App Store or iTunes from the device. If the check box is selected, the user cannot remove apps installed via App Store or iTunes from the mobile device. This check box is cleared by default. |
Prohibit in-app purchases |
Use of the in-app purchase system on the mobile device. If the check box is cleared, the user can make purchases in apps installed on the mobile device. If the check box is selected, the user cannot make purchases in apps installed on the mobile device. This check box is cleared by default. |
Network |
|
Prohibit automatic sync while roaming |
Prohibit automatic synchronization of user data when the iOS MDM device is roaming. If the check box is cleared, the user can enable automatic data synchronization when the device is roaming. Enabling automatic synchronization in roaming can result in unexpected mobile service costs. If the check box is selected, the user is not allowed to use automatic data synchronization when the device is roaming. This check box is cleared by default. |
Notifications |
|
Prohibit Wallet on-screen notifications when screen is locked |
Use of Wallet notifications on the lock screen of the iOS MDM device. If the check box is cleared, Wallet notifications are displayed on the lock screen of the mobile device. If the check box is selected, Wallet notifications are not displayed on the lock screen of the mobile device. To work with Wallet, the user must unlock the device. This check box is cleared by default. |
Hide Control Center when screen is locked |
Ability to go to Control Center of the iOS MDM device when the device is locked. If the check box is cleared, the user can go to Control Center when the device is locked. If the check box is selected, the user cannot go to Control Center when the device is locked. This check box is cleared by default. |
Hide Notification Center when screen is locked |
Ability to go to Notification Center of the iOS MDM device when the device is locked. If the check box is cleared, the user can go to Notification Center by swiping the lock screen down. If the check box is selected, the user cannot go to Notification Center when the device is locked. This check box is cleared by default. |
Hide Today View when screen is locked |
Display of information from Today View on the screen of a locked iOS MDM device. The Today section of the Notification View shows the following information:
If the check box is cleared, the user can view notifications from Today View on a locked mobile device. If the check box is selected, Today View is not displayed on the locked mobile device. This check box is cleared by default. |