|
Name
|
Enter brief text that identifies this group of iOS restriction settings.
|
N/A
|
N/A
|
|
Description
|
Enter additional text that clarifies the purpose of this group of iOS restriction settings.
|
N/A
|
N/A
|
|
Device Functionality
|
|
|
Allow use of camera
|
Select to disable the camera and remove its icon from the Home screen. Users will be unable to take photographs.
Clearing this restriction also disables the Allow FaceTime restriction.
|
allowCamera
|
Yes
|
|
Allow FaceTime
|
When deselected, disables video conferencing.
|
allowVideoConferencing
|
Yes
|
|
Allow screenshots and screen recording
|
When deselected, users are unable to save screenshots or record video of the display.
When deselected, this restriction prevents the Classroom app from observing remote screens. Available for iOS 9.0 or supported newer versions.
|
allowScreenShot
|
Yes
|
|
Allow AirPlay and View Screen by Classroom (supervised devices only)
|
Select to enable remote screen observation. Available for iOS 9.3 or supported newer versions.
|
allowRemoteScreenObservation
|
Yes
|
|
Allow Classroom to perform AirPlay and View Screen without prompting (iOS 10.3 and later with supervised devices only)
|
Select to enable remote screen observation without prompting.
Available for iOS 10.3 or supported newer versions.
|
forceClassroomUnpromptedScreenObservation
|
Yes
|
|
Allow AirDrop (supervised devices only)
|
If deselected, AirDrop is disabled.
|
allowAirDrop
|
Yes
|
|
Allow iMessage (supervised devices only)
|
When deselected, disables the use of the Messages app with supervised devices.
|
allowChat
|
Yes
|
|
Allow Apple Music (with supervised devices only)
|
If disabled, Music service is disabled and Music app reverts to classic mode. Available for iOS 9.3 or supported newer versions.
|
allowMusicService
|
Yes
|
|
Allow Radio (supervised devices only)
|
If disabled, iTunes Radio is disabled. Available for iOS 9.3 or supported newer versions.
|
allowRadioService
|
Yes
|
|
Allow voice dialing while device is locked
|
When deselected, disables voice dialing.
|
allowVoiceDialing
|
Yes
|
|
Allow Siri
|
When deselected, disables Siri.
|
allowAssistant
|
Yes
|
|
Allow Siri while device is locked
|
When deselected, the user is unable to use Siri when the device is locked. This restriction is ignored if the device does not have a passcode set.
|
allowAssistantWhileLocked
|
Yes
|
|
Enable Siri profanity filter (supervised devices only)
|
When selected, forces the use of the profanity filter assistant. Available for iOS 8.0 or supported newer versions.
|
forceAssistantProfanityFilter
|
No
|
|
Show user-generated content in Siri (supervised devices only)
|
If deselected, prevents Siri from querying user-generated content from the web.
|
allowAssistantUserGeneratedContent
|
Yes
|
|
Allow Siri Suggestions (supervised devices only)
|
If deselected, prevents Siri from offering suggestions for apps, people, search results, and more.
|
allowSpotlightInternetResults
|
Yes
|
|
Allow server-side logging of Siri commands (iOS 12.2 and later)
|
If deselected, disables server-side Siri logging.
Applicable to iOS 12.2 or supported newer versions.
|
allowSiriServerLogging
|
Yes
|
|
Allow Apple Books (supervised devices only)
|
Select to allow access to iBookstore.
|
allowBookstore
|
Yes
|
|
Allow installing apps using Apple Configurator and iTunes (supervised devices only)
|
When deselected, the App Store is disabled and its icon is removed from the Home screen. Users are unable to install or update their applications.
This setting does not affect installation of in-house apps.
|
allowAppInstallation
|
Yes
|
|
Allow installing apps using App Store (supervised devices only)
|
When deselected, the App Store is disabled and its icon is removed from the Home screen. However, users may continue to use host apps (iTunes, Configurator) to install or update their apps.
Available for iOS 9.0 or supported newer versions.
This restriction is unavailable if Allow installing apps using Apple Configurator and iTunes is deselected.
|
allowUIAppInstallation
|
Yes
|
|
Allow automatic app downloads (supervised devices only)
|
If deselected, prevents automatic downloading of apps purchased on other devices. Does not affect updates to existing apps.
If selected, apps purchased by the device user will be automatically downloaded.
This restriction is unavailable if Allow installing apps using Apple Configurator and iTunes is deselected.
|
allowAutomaticAppDownloads
|
Yes
|
|
Allow removing apps (supervised devices only)
|
If deselected, disables removal of apps from iOS devices.
Available for iOS 9.0 or supported newer versions.
|
allowAppRemoval
|
Yes
|
|
Allow System App Removal (iOS 11.0 and later with supervised devices only)
|
When deselected, disables the removal of system apps from the device.
Available for iOS 11.0 or supported newer versions.
|
allowSystemAppRemoval
|
Yes
|
|
Allow App Clips (iOS 14.0 and later with supervised devices only)
|
When deselected, prevents a device user from adding any App Clips and removes any existing App Clips on the device.
Available for iOS 14.0 or supported newer versions.
|
allowAppClips
|
Yes
|
|
Allow Personalized Advertising (iOS 14.1 and later)
|
When deselected, limits personalized advertising.
Available for iOS 14.1 or supported newer versions.
|
allowApplePersonalizedAdvertising
|
Yes
|
|
Allow NFC (iOS 14.2 and later)
|
When deselected, NFC is not allowed on the device. This is not specific to device registration.
Available for iOS 14.2 or supported newer versions.
|
allowNFC
|
Yes
|
|
Force Dictation Processing Only on Device (iOS 14.3 and later)
|
When selected, uses the native dictation program that sends information such as voice input, contacts, and location to Apple (when necessary) for processing your requests.
Available for iOS 14.3 or supported newer versions.
|
forceOnDeviceOnlyDictation
|
No
|
|
Allow In-App Purchases
|
When deselected, prohibits in-app purchasing.
|
allowInAppPurchases
|
Yes
|
|
Require iTunes Store password for all purchases
|
When selected, forces device users to enter their iTunes password for each App Store transaction.
|
forceITunesStorePasswordEntry
|
Yes
|
|
Allow iCloud backup
|
When deselected, disables backing up the device to iCloud.
|
allowCloudBackup
|
Yes
|
|
Allow iCloud documents & data
|
When deselected, disables document and key-value syncing to iCloud.
|
allowCloudDocumentSync
|
Yes
|
|
Allow iCloud Keychain
|
If deselected, disables iCloud Keychain synchronization.
|
allowCloudKeychainSync
|
Yes
|
|
Allow managed apps to store data in iCloud
|
If deselected, prevents managed applications from using cloud sync.
|
allowManagedAppsCloudSync
|
Yes
|
|
Allow backup of enterprise books
|
Select to allow device users to back up enterprise-managed books to iCloud.
Available for iOS 8.0 or supported newer versions.
|
allowEnterpriseBookBackup
|
Yes
|
|
Allow notes and highlights sync for enterprise books
|
Select to allow device users to synchronize with iCloud their notes and highlights in enterprise-managed books.
Available for iOS 8.0 or supported newer versions.
|
allowEnterpriseBookMetadataSync
|
Yes
|
|
Allow iCloud photo sharing
|
If deselected, Shared Photo Stream will be disabled.
|
allowSharedStream
|
Yes
|
|
Allow iCloud Photo Library
|
If deselected, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device will be removed from local storage.
Available for iOS 9.0 or supported newer versions.
|
allowCloudPhotoLibrary
|
Yes
|
|
Allow My Photo Stream (disallowing can cause data loss)
|
When deselected, disables Photo Stream.
|
allowPhotoStream
|
Yes
|
|
Allow automatic sync while roaming
|
When deselected, disables global background fetch activity when an iOS phone is roaming. Background fetch allows apps to update data in the background in anticipation of users accessing the app data.
|
allowGlobalBackgroundFetchWhenRoaming
|
Yes
|
|
Force encrypted backups
|
When selected, encrypts all backups. Automatically selected due to SCEP requirements.
|
forceEncryptedBackup
|
Yes
|
|
Force limited ad tracking
|
If selected, limits ad tracking.
|
forceLimitAdTracking
|
No
|
|
Allow Erase All Content and Settings (supervised devices only)
|
Deselect to disable the “Erase All Content and Settings” option in the Reset section of iOS devices.
|
allowEraseContentAndSettings
|
Yes
|
|
Allow user to accept untrusted TLS certificates
|
Select to allow the device user to accept untrusted HTTPS certificates. If this option is not selected, then the device will automatically reject untrusted HTTPS certificates without prompting the device user.
|
allowUntrustedTLSPrompt
|
Yes
|
|
Allow automatic updates to certificate trust settings
|
If deselected, over-the-air PKI updates are disabled. Setting this restriction to false does not disable CRL and OCSP checks.
|
allowOTAPKIUpdates
|
Yes
|
|
Allow trusting new enterprise app authors
|
If deselected, prevents trusting enterprise apps from other companies.
Available for iOS 9.0 or supported newer versions.
|
allowEnterpriseAppTrust
|
Yes
|
|
Allow installing configuration profiles (supervised devices only)
|
If deselected, the user is prohibited from installing configuration profiles and certificates interactively.
|
allowUIConfigurationProfileInstallation
|
Yes
|
|
Allow adding VPN configurations (iOS 11.0 and later with superviseed devices only)
|
When selected, allows the creation of VPN configurations.
Available for iOS 11.0 or supported newer versions.
|
allowVPNCreation
|
Yes
|
|
Allow Classroom to lock to an app and lock the device without prompting (iOS 11.0 and later with supervised devices only)
|
If selected, allow the teacher to lock apps or the device without prompting the student.
Available for iOS 11.0 or supported newer versions.
|
forceClassroomUnpromptedAppAndDeviceLock
|
Yes
|
|
Automatically join Classroom classes without prompting (iOS 11.0 and later with supervised devices only)
|
If selected, automatically give permission to the teacher’s requests without prompting the student.
Available for iOS 11.0 or supported newer versions.
|
forceClassroomAutomaticallyJoinClasses
|
Yes
|
|
Require teacher permission to leave Classroom unmanaged classes (iOS 11.3 and later with supervised devices only)
|
Requires teacher approval for a student to leave a Classroom unmanaged classes from their device.
Available for iOS 11.3 or supported newer versions.
|
forceClassroomRequestPermissionToLeaveClasses
|
Yes
|
|
Allow modifying account settings (supervised devices only)
|
Select to allow users to modify accounts settings, such as adding or removing mail accounts and modifying iCloud and iMessage settings, and so on.
|
allowAccountModification
|
Yes
|
|
Allow modifying Bluetooth settings (iOS 10.0 and later supervised devices only)
|
If deselected, prevents the modification of Bluetooth settings. For supervised devices only.
Available in iOS 10.0 or supported newer versions.
|
allowBluetoothModification
|
Yes
|
|
Allow modifying cellular data app settings (supervised devices only)
|
If deselected, changes to cellular data usage for apps are disabled.
|
allowAppCellularDataModification
|
Yes
|
|
Allow modifying cellular plan settings (iOS 11.0 and later with supervised devices only)
|
If deselected, changes to cellular plan settings are disabled.
|
allowCellularPlanModification
|
Yes
|
|
Allow modifying device name (supervised devices only)
|
If deselected, prevents device name from being changed.
Available for iOS 9.0 or supported newer versions.
|
allowDeviceNameModification
|
Yes
|
|
Allow modifying Find my Friends settings (supervised devices only)
|
If deselected, changes to the Find My Friends app are disabled.
|
allowFindMyFriendsModification
|
Yes
|
|
Allow modifying notification settings (supervised devices only)
|
If disabled, notification settings cannot be modified. Available for iOS 9.3 or supported newer versions.
|
allowNotificationsModification
|
Yes
|
|
Allow modifying passcode (supervised devices only)
|
iOS 9.0 and later with supervised devices only. If deselected, prevents device passcode from being added, changed, or removed.
|
allowPasscodeModification
|
Yes
|
|
Allow modifying Touch ID fingerprints / Face ID faces (supervised devices only)
|
If deselected, prevents device users from changing their TouchID or Face ID settings.
This restriction is automatically deselected if the preceding restriction [Allow modifying passcode (iOS 9.0 and later with supervised devices only)] is deselected.
Available for iOS 9.0 or supported newer versions.
|
allowFingerprintModification
|
Yes
|
|
Allow Screen Time (supervised devices only)
|
For iOS 9.0- 11.x - If deselected, disables the "Enable Restrictions" option in Settings > Restrictions on iOS devices.
For iOS 12.0 or supported newer versions - If this option is deselected, the "Enable Screen Screen Time" option on iOS devices will be disabled (Settings > Restrictions.)
|
allowEnablingRestrictions
|
Yes
|
|
Allow modifying Wallpaper supervised devices only)
|
If deselected, prevents wallpaper from being changed.
Available for iOS 9.0 or supported newer versions.
|
allowWallpaperModification
|
Yes
|
|
Allow modifying Personal Hotspot settings (iOS 12.2 and later with supervised devices only)
|
Deselecting disables the device user's ability to modify the personal hotspot.
Available for iOS 12.2 or supported newer versions.
|
allowPersonalHotspotModification
|
Yes
|
|
Allow changing USB restricted in Settings (supervised devices only)
|
Select to enable USB restricted mode.
Available for iOS 12.0 or supported newer versions.
|
allowUSBRestrictedMode
|
Yes
|
|
Allow pairing with non-Configurator hosts (supervised devices only)
|
Select to allow host pairing for iTunes synchronization. Disabling this option disables all host pairing with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled. Host pairing lets the administrator control which devices an iOS device can pair with.
|
allowHostPairing
|
Yes
|
|
Allow documents from managed apps to unmanaged apps
|
Select to allow documents in managed apps and accounts to be opened in unmanaged apps and accounts. Disabling this option prevents exchange of documents from managed to unmanaged apps and accounts. For example, you might want to keep enterprise documents from being opened with personal apps.
If you have enabled the “Open only with Docs@Work, and protect with encryption” option for attachment control, it is recommended to disable this restriction. Enabling this restriction, may cause
A '?' icon will be visible on the attachment.
See "iOS managed app configuration" in the Core Apps@Work Guide.
|
allowOpenFromManagedToUnmanaged
|
Yes
|
|
Allow documents from unmanaged apps to managed apps
|
Select to allow documents in unmanaged apps and accounts to be opened in managed apps and accounts. Disabling this option prevents exchange of documents from unmanaged to managed apps and accounts. For example, you might want to keep users from sending personal documents using company email.
|
allowOpenFromUnmanagedToManaged
|
Yes
|
|
Treat AirDrop as unmanaged destination
|
If selected, AirDrop will not be displayed as a sharing destination. This prevents confidential data from being shared through AirDrop.
This restriction requires deselecting the allowOpenFromManagedToUnmanaged restriction.
Available for iOS 9.0 or supported newer versions.
|
forceAirDropUnmanaged
|
Yes
|
|
Allow Handoff
|
Select to enable the Handoff feature, which allows users to seamlessly continue working where they left off using any Apple device on which they are logged in with their Apple ID.
Available for iOS 8.0 or supported newer versions.
|
allowActivityContinuation
|
Yes
|
|
Allow sending diagnostic and usage data to Apple
|
When deselected, this prevents the device from automatically submitting diagnostic reports to Apple.
|
allowDiagnosticSubmission
|
Yes
|
|
Allow modifying diagnostics settings (supervised devices only)
|
When deselected, the diagnostic submission and app analytics settings in the Diagnostics & Usage pane in Settings cannot be modified.
Available for iOS 9.3.2 or supported newer versions.
|
allowDiagnosticSubmissionModification
|
Yes
|
|
Allow Touch ID / Face ID to unlock device
|
Selected (default) means a PIN is required instead of FaceID to unlock device. De-selected means the use of FaceID is allowed in place of a PIN.
|
allowFingerprintForUnlock
|
Yes
|
|
Force Apple Watch Wrist Detection
|
If selected, paired Apple Watches are forced to use the wrist detection feature. Wrist detection allows the WatchOS to determine when the watch is being worn, and enable security features (such as a passcode) accordingly.
Available for iOS 8.2 or supported newer versions.
|
forceWatchWristDetection
|
No
|
|
Allow pairing with Apple Watch (supervised devices only)
|
If deselected, the device user will not be able to pair their device with an Apple Watch. Currently paired Apple Watches are unpaired and erased.
Available for iOS 9.0 or supported newer versions.
|
allowPairedWatch
|
Yes
|
|
Require passcode on first AirPlay pairing
|
If set to true, forces all devices receiving AirPlay requests from this device to use a pairing password when pairing for the first time.
|
forceAirPlayOutgoingRequestsPairingPassword
|
No
|
|
Allow setting up new nearby devices (iOS 11.0 and later with supervised devices only)
|
If deselected, device users cannot use their Apple devices to set up and configure other Apple devices.
Available for iOS 11.0 or supported newer versions.
|
allowProximitySetupToNewDevice
|
Yes
|
|
Allow AirPrint (iOS 11.0 and later and supervised devices only)
|
When deselected, disables Air Print feature.
Available for iOS 11.0 or supported newer versions.
|
allowAirPrint
|
Yes
|
|
Allow storage of AirPrint credentials in Keychains (iOS 11.0 and later with supervised devices only)
|
Supervised only. When disabled, prohibits keychain storage of username and password for Airprint.
Available for iOS 11.0 or supported newer versions.
|
allowAirPrintCredentialsStorage
|
Yes
|
|
Disallow AirPrint to destinations with untrusted certificates (iOS 11.0 and later with supervised devices only)
|
When selected, requires trusted certificates for TLS printing communication.
Available for iOS 11.0 or supported newer versions.
|
forceAirPrintTrustedTLSRequirement
|
No
|
|
Allow discovery of AirPrint printers using iBeacons (iOS 11.0 and later and supervised devices only)
|
When selected, disables iBeacon discovery of AirPrint printers, preventing spurious AirPrint Bluetooth beacons from phishing for network traffic.
Available for iOS 11.0 or supported newer versions.
|
allowAirPrintiBeaconDiscovery
|
Yes
|
|
Allow predictive keyboard (supervised devices only)
|
If deselected, disables the predictive keyboard.
Available for iOS 8.1.3 or supported newer versions.
|
allowPredictiveKeyboard
|
Yes
|
|
Allow keyboard shortcuts (with supervised devices only)
|
If deselected, keyboard shortcuts cannot be used.
Available for iOS 9.0 or supported newer versions.
|
allowKeyboardShortcuts
|
Yes
|
|
Allow auto correction (supervised devices only)
|
If deselected, disables keyboard auto-correction.
Available for iOS 8.1.3 or supported newer versions.
|
allowAutoCorrection
|
Yes
|
|
Allow spell check (supervised devices only)
|
If deselected, disables spell check.
Available for iOS 8.1.3 or supported newer versions.
|
allowSpellCheck
|
Yes
|
|
Allow Define (supervised devices only)
|
If deselected, disables definition look-up.
Available for iOS 8.1.3 or supported newer versions.
|
allowDefinitionLookup
|
Yes
|
|
Allow dictation (iOS 10.3 and later with supervised devices only)
|
When deselected, disables dictation input method. Disabled automatically when using Advanced Audio Coding (AAC) mode.
Available for iOS 10.3 or supported newer versions.
|
allowDictation
|
Yes
|
|
Allow Wallet notifications in Lock screen
|
If deselected, Wallet notifications will not be shown on the lock screen.
|
allowPassbookWhileLocked
|
Yes
|
|
Show Control Center in Lock screen
|
If disabled, prevents Control Center from appearing on the Lock screen.
|
allowLockScreenControlCenter
|
Yes
|
|
Show Notification Center in Lock screen
|
If deselected, the Notifications view in Notification Center on the lock screen is disabled.
|
allowLockScreenNotificationsView
|
Yes
|
|
Show Today view in Lock screen
|
If deselected, the Today view in Notification Center on the lock screen is disabled.
|
allowLockScreenTodayView
|
Yes
|
|
Defer software updates for __days (iOS 11.3, tvOS 12.2 and later with supervised devices only)
|
Enter the number of days by which you want to defer software updates. The default is 30 days, and the maximum is 90 days.
Available for iOS 11.3 and tvOS 12.2 or supported newer versions.
|
enforcedSoftwareUpdateDelay
forceDelayedSoftwareUpdates
|
No
|
|
Force Password on AirPlay incoming requests (tvOS up to 10.1)
|
Select to force the usage of a password for all AirPlay incoming requests for device pairing.
Available for tvOS 11.3 or supported newer versions.
|
forceAirPlayIncomingRequestsPairingPassword
|
No
|
|
Allow incoming AirPlay requests (tvOS 11.3 and later)
|
Select to allow incoming AirPlay requests.
Available for tvOS 11.3 or supported newer versions.
|
allowAirPlayIncomingRequests
|
Yes
|
|
Allow pairing with Remote app (tvOS 11.3 and later)
|
Select to allow pairing with a remote app.
Available for tvOS 11.3 or supported newer versions.
|
allowPairingRemoteApp
|
Yes
|
|
Force automatic date & time setting (iOS 12.0, tvOS 12.2 and later with supervised devices only)
|
When selected, the user cannot turn it off. Note that the device's time zone will only be updated when the device can determine its location.
Available for iOS 12.0 and tvOS 11.3 or supported newer versions.
|
forceAutomaticDateAndTime
|
No
|
|
Allow AutoFill Password
(iOS 12.0 and later with supervised devices only)
|
Select to allow password autofill.
Available for iOS 12.0 or supported newer versions.
|
allowPasswordAutoFill
|
Yes
|
|
Allow nearby devices to request passwords (iOS / tvOS 12.0, and later with supervised devices only)
|
Select to allow nearby devices to request device passwords.
Available for iOS 12.0 and tvOS 12.0 or supported newer versions.
|
allowPasswordProximityRequests
|
Yes
|
|
Allow users to share their passwords using AirDrop Passwords feature
(iOS 12.0 and later with supervised devices only)
|
Select to allow users to share their device passwords using Airdrop Passwords feature.
Available for iOS 12.0 or supported newer versions.
|
allowPasswordSharing
|
Yes
|
|
Allow managed apps to write contacts to unmanaged contacts account (iOS 12.0 and later)
|
Select to allow managed apps to write contacts to unmanaged contacts account.
Available for iOS 12.0 or supported newer versions.
|
allowManagedToWriteUnmanagedContacts
|
Yes
|
|
Allow unmanaged apps to read from managed contacts account (iOS 12.0 and later)
|
Select to allow unmanaged apps to read from managed contacts account.
Available for iOS 12.0 or supported newer versions.
|
allowUnmanagedToReadManagedContacts
|
Yes
|
|
Allow modifying the eSim configuration (iOS 12.1 and later with supervised devices only)
|
Select to allow modifying the eSim configuration, which allows adding or removing a cellular plan.
Available for iOS 12.1 or supported newer versions.
|
allowESIMModification
|
Yes
|
|
Allow continuous path keyboard (iOS 13.0 and later with supervised devices only)
|
Select to allow continuous path keyboard on supervised devices.
Available for iOS 13.0 or supported newer versions.
|
allowContinuousPathKeyboard
|
Yes
|
|
Allow device sleep (tvOS 13.0 and later with supervised devices only)
|
Select to allow device to sleep.
Available for tvOS 13.0 or supported newer versions.
|
allowDeviceSleep
|
Yes
|
|
Allow Find My Device (iOS 13.0 and later with supervised devices only)
|
Select to allow Find My Device in the Find My app for supervised devices.
Available for iOS 13.0 or supported newer versions.
|
allowFindMyDevice
|
Yes
|
|
Allow Find My Friends (iOS 13.0 and later with supervised devices only)
|
Select to allow Find My Friends for supervised devices.
Available for iOS 13.0 or supported newer versions.
|
allowFindMyFriends
|
Yes
|
|
Allow turning Wi-Fi on or off (iOS 13.0 and later with supervised devices only)
|
Select to force Wi-Fi power on/off for supervised devices.
Available for iOS 13.0 or supported newer versions.
|
forceWiFiPowerOn
|
No
|
|
Allow USB drive access in Files app (iOS 13.0 and later with supervised devices only)
|
Select to allow USB drive access in Files app.
Available for iOS 13.0 or supported newer versions.
|
allowFilesUSBDriveAccess
|
Yes
|
|
Allow Network drive access in Files app (iOS 13.0 and later with supervised devices only)
|
Select to allow network drive access in the Files app.
Available for iOS 13.0 or supported newer versions.
|
allowFilesNetworkDriveAccess
|
Yes
|
|
Join only WiFi networks installed by a WiFi payload (iOS 14.5 and later supervised devices only)
|
If selected, limits device to only join Wi-Fi networks set-up via configuration profile. Requires a supervised device.
|
forceWiFiToAllowedNetworksOnly
|
No
|
|
Allow auto unlock (iOS 14.5 and later)
|
Selected by default, allows the ability to unlock Face ID-enabled phone with an associated Apple Watch. If deselected, disallows auto unlock.
|
allowAutoUnlock
|
Yes
|
|
Allow putting into recovery mode from an unpaired device (iOS 14.5 and later supervised only)
|
If selected, allows devices to be booted into recovery by an unpaired device. Requires a supervised device.
|
allowUnpairedExternalBootToRecovery
|
No
|
|
Application Restrictions
|
|
|
Allow Use of iTunes Store
|
When deselected, the iTunes Music Store is disabled and its icon is removed from the Home screen. Users cannot preview, purchase, or download content.
|
allowiTunes
|
Yes
|
|
Allow News (supervised devices only)
|
If deselected, prevents the device user from accessing News.
Available for iOS 9.0 or supported newer versions.
|
allowNews
|
Yes
|
|
Allow Podcasts (supervised devices only)
|
Select to display the default Apple Podcast app. Deselect to hide the Apple Podcast app.
Available for iOS 8.0 or supported newer versions.
|
allowPodcasts
|
Yes
|
|
Allow use of Game Center (supervised devices only)
|
When deselected, Game Center is disabled and its icon is removed from the Home screen.
|
allowGameCenter
|
Yes
|
|
Allow multiplayer gaming
|
When deselected, prohibits multiplayer gaming. Disabled when Allow use of Game Center is deselected.
|
allowMultiplayerGaming
|
Yes
|
|
Allow adding Game Center friends
|
When deselected, prohibits adding friends to Game Center. Disabled when Allow use of Game Center is deselected.
|
allowAddingGameCenterFriends
|
Yes
|
|
Allow use of Safari
|
Deselect to disable the Safari web browser, remove its icon from the Home screen, and prevent users from opening web clips.
When deselected, the following restrictions are also disabled: Enable autofill, Force fraud warning, Enable Javascript, Block pop-ups, Accept cookies.
Safari is required for updating configurations on iOS devices that are not managed with Apple's MDM protocol.
|
allowSafari
|
Yes
|
|
Enable autofill
|
Select to turn on the autofill feature for fields displayed in Safari.
|
safariAllowAutoFill
|
Yes
|
|
Force authentication before AutoFill (iOS 11.3 and later with supervised devices only, Face ID only)
|
Select to require Face ID authentication before AutoFill
Available for iOS 11.3 or supported newer versions.
|
forceAuthenticationBeforeAutoFill
|
Yes
|
|
Force fraud warning
|
Select to prompt Safari to attempt to prevent users from visiting websites identified as being fraudulent or compromised.
|
safariForceFraudWarning
|
No
|
|
Enable Javascript
|
Select to turn on Javascript support for Safari.
|
safariAllowJavaScript
|
Yes
|
|
Block pop-ups
|
Select to block pop-ups for Safari.
|
safariAllowPopups
|
No
|
|
Accept cookies
|
Select an option from the drop-down list to control when Safari browser accepts cookies on devices. Options include Never, From visited sites, From Websites I Visit, and Always.
|
safariAcceptCookies
|
Always
|
|
Media Content Ratings
|
|
|
Ratings region
|
Select a region from the drop-down list to change the region associated with the rating selections for applications, TV shows, and movies.
|
N/A
|
United States
|
|
Allowed content ratings: Movies
|
Select a rating limit for movies stored on the device:
Don’t Allow Movies
G
PG
PG-13
R
NC-17
Allow All Movies
|
N/A
|
Allow All Movies
|
|
Allowed content ratings:
TV Shows
|
Select a rating limit for TV shows stored on the device:
Don’t Allow TV Shows
TV-Y
TV-Y7
TV-G
TV-PG
TV-14
TV-MA
Allow All TV Shows
|
N/A
|
Allow All TV shows
|
|
Allowed content ratings:
Apps
|
Select a rating limit for applications on the device:
Don’t Allow Apps
4+
9+
12+
17+
Allow All Apps
|
N/A
|
Allow All Apps
|
|
Allow playback of explicit music, podcasts, & iTunes U media (iOS and tvOS 11.3 and later)
|
When de-selected, explicit music or video content purchased from the iTunes Store is hidden. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store.
Available for iOS 11.3 and tvOS 11.3 or supported newer versions.
|
allowExplicitContent
|
Yes
|
|
Allow explicit sexual content in iBooks Store (iOS and tvOS 11.3 and later)
|
Select to allow users to download iBookstore material that has been tagged as erotica.
Available for iOS 11.3 and tvOS 11.3 or supported newer versions.
|
allowBookstoreErotica
|
Yes
|