|
Name
|
Enter a name that identifies this configuration.
|
|
Description
|
Enter a description that clarifies the purpose of this configuration.
|
Device functionality
|
iOS All Versions
|
Enable use of device features.
|
|
Allow screenshots and screen recording
|
Select to allow the device user to take screen captures using the built-in iOS screen capture feature.
|
|
Allow remote screen observation (iOS 9.3 and later) |
Select to allow user to observe remote screen. |
|
Allow force unprompted managed classroom screen observation (Supervised only - iOS 10.3+)
|
(Applicable for iPads only) Select to allow unprompted message on the screen when a supervised iPad is configured with managed classes.
|
|
Allow automatic sync while roaming
|
Select to allow synchronization of mail accounts while the device is outside of its home country.
|
|
Allow Siri
|
Select to allow the personal assistant app on supported devices.
|
|
Allow Siri while device is locked
|
Select to allow the personal assistant app to perform tasks even when the device is locked.
|
|
Enable Siri profanity filter (Supervised only) |
Select to enable the Siri profanity filter. |
|
Allow voice dialing
|
Select to allow users to dial a contact or number by talking to the device.
|
|
Allow In-App Purchase
|
Select to allow users to make purchases through apps running on the device.
|
|
Allow passbook while device is locked
|
Select to allow Passbook notifications to display while the device is locked.
|
|
Allow lock screen Control Center
|
Select to allow access to Control Center from the lock screen.
|
|
Allow lock screen Notifications view
|
Select to allow notifications to be displayed on the lock screen.
|
|
Allow lock screen Today view
|
Select to allow access to the Today view from the lock screen.
|
|
Allow Open In from managed to unmanaged apps
|
Requires Gold license.
Select to allow documents in managed apps and accounts to be opened in unmanaged apps and accounts. Disabling this option prevents exchange of documents from managed to unmanaged apps and accounts. For example, you might want to keep enterprise documents from being opened with personal apps. You can also use this option (disable) together with a managed domains configuration to ensure that data downloaded from managed domains can only be opened in a managed app.
|
|
Allow Open In from unmanaged to managed apps
|
Requires Gold license.
Select to allow documents in unmanaged apps and accounts to be opened in managed apps and accounts. Disabling this option prevents exchange of documents from unmanaged to managed apps and accounts. For example, you might want to keep users from sending personal documents using company email. You can also use this option (turn off) together with a managed domains configuration to ensure that data downloaded from unmanaged domains cannot be opened in a managed app.
|
|
Require passcode on first AirPlay pairing
|
Select to require the Apple TV to display a passcode that the user must enter on the iOS device to authorize the initial pairing of the devices.
|
|
Force Password on AirPlay incoming requests (tvOS up to 10.1)
|
Select to require the user to enter password for all incoming AirPlay requests.
Default: Deselected
|
|
iOS All Versions Supervised
|
|
Allow Apple Books
|
Select to allow access to the Apple Books app.
|
|
Allow explicit sexual content in iBooks Store (iOS and tvOS 11.3 and later)
|
Select to allow users to download iBooks store material that has been tagged as erotica.
|
|
Allow account modification
|
Select to allow users with supervised iOS 7 devices to add email accounts and make changes to email accounts that have already been configured.
|
|
Allow app cellular data modification
|
Select to allow users to make changes to cellular data settings for apps.
|
|
Allow Find My Friends modification
|
Select to allow users to make changes to the Find My Friends app settings.
|
|
Allow pairing with non- Configurator hosts
|
Select to allow host pairing for iTunes synchronization. In effect, enabling this option allows supervised devices to sync with iTunes on a Mac other than the supervision host. Disabling this option disables all host pairing with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled.
|
|
Allow AirDrop
|
Select to allow use of AirDrop on the device. AirDrop is Apple’s ad hoc Wi-Fi system that enables file sharing with nearby users. By restricting this feature, you ensure that sensitive documents are not leaked to unauthorized or unsecured devices.
|
|
Allow Touch ID / Face ID to unlock device |
Select to allow Touch ID or Face ID to unlock the devices. |
|
Allow Spotlight search to return Internet search results |
Select to allow Spotlight search to return Internet search results. |
|
Allow app in single app mode
|
Enter comma separated list of bundle IDs for apps that can autonomously enter single app mode on iOS supervised devices. For example, you can specify custom exam apps for students. As soon as the student launches the app, the app enters single app mode to ensure that the student cannot use other resources while taking the exam. This feature applies to apps developed for autonomous single app mode. Supervision is established with Apple Configurator.
|
|
iOS 8+
|
|
Allow Enterprise books to be backed up
|
Select to allow personal backup of iBooks, ePub, and PDF documents that were pushed to the device using MDM.
|
|
Allow Enterprise books notes and highlights to be synced
|
Select to allow the notes and highlights added to Enterprise books to be synchronized to iTunes.
|
|
Force Apple Watch wrist detection
|
Select to hide on-screen notifications unless someone is wearing the Apple Watch.
|
|
iOS 8+ Supervised
|
|
Allow predictive keyboard
|
Select to allow users to enable iOS prediction of the word being typed, enabling users to tap one of three predictions to complete the word.
|
|
Allow keyboard auto-correction
|
Select to allow use of auto-correction with Bluetooth keyboards.
|
|
Allow keyboard spell check
|
Select to allow use of spell check with Bluetooth keyboards.
|
|
Allow keyboard definition lookup
|
Select to allow definition lookup with Bluetooth keyboards.
|
|
Allow modifying Touch ID fingerprints / Face ID faces
|
Select to allow Touch ID or Face ID settings to be changed.
|
|
iOS 9+ Supervised
|
|
Allow keyboard shortcuts on iPads
|
Select to allow use of keyboard shortcuts on the iPad.
|
|
Allow modification of wallpaper
|
Select to allow users to change wallpaper images.
|
|
Allow pairing with Apple watch
|
Select to allow pairing of the iPhone with the Apple watch.
|
|
Allow modification of device name
|
Select to allow user to change the name of the device.
|
|
Allow modification of enterprise app trust setting |
Select to allow user to change the enterprise app trust settings. |
|
iOS 9.3+ Supervised
|
|
|
Allow modification of notifications settings |
Select to allow user to change notification settings. |
|
iOS 9.3.2+ Supervised
|
|
|
Allow diagnostic submission modification |
Select to allow user to change settings related to submission of diagnostic data to Apple. |
|
iOS 10+ Supervised
|
|
Allow Bluetooth modification
|
Select to allow user to modify the Bluetooth setting on supervised devices. Useful in such cases as shared iPads used for the Classroom app for Education where Bluetooth is required to run the app.
|
|
iOS 10.3+ Supervised
|
|
Allow dictation
|
Select to allow the user to talk to the iPhone or iPad instead of typing.
|
|
iOS 11+ Supervised
|
|
Allow AirPrint
|
Select to allow AirPrint feature for wireless printing.
|
|
Allow AirPrint Credential Storage
|
Select to allow keychain storage of username and password for the AirPrint.
|
|
Allow Airprint iBeacon Discovery
|
Select to allow the user to set iBeacon discovery of AirPrint printers.
|
|
Allow adding VPN configurations
|
Select to allow the user to create VPN configuration
|
|
Force Airprint Trusted TLS Requirement
|
Select to allow trusted certificates for TLS printing communication.
Default: Deselected
|
|
Allow System App Removal
|
Select to allow the removal of system app.
|
|
Allow modifying cellular plan settings
|
Select to allow users to modify cellular plan settings.
|
|
Allow setting up new nearby devices
|
Select to allow users to setup new nearby devices.
|
|
Automatically join Classroom classes without prompting
|
Select to allow users to automatically join classroom classes without any prompt.
Default: Deselected
|
|
Allow Classroom to lock an app and lock the device without prompting
|
Select to allow classroom to lock an app and the device without prompting the user.
Default: Deselected
|
|
Force the user to authenticate before passwords or credit card information can be autofilled in Safari and apps
|
Device owner must authenticate before passwords or credit card information can be auto filled in Safari browser and in applications.
Default: False
|
|
iOS 11.3+
|
|
|
Allow pairing with Remote app (tvOS 11.3 and later) |
Select to allow pairing the device with the Remote app. |
|
Allow incoming AirPlay requests (tvOS 11.3 and later) |
Select to allow incoming AirPlay requests. |
|
iOS 11.3+ Supervised
|
|
Allow USB restricted mode
|
Select to allow user to access USB restricted mode.
|
|
Defer software updates for 30 days (for iOS 11.3, tvOS 12.2 and later with supervised devices only)
|
Select to enter the number of days by which you want to defer software updates. The default is 30 days, and the maximum is 90 days.
Default: Deselected
|
|
Require teacher permission to leave Classroom unmanaged classes
|
Select to allow user to get the required teacher permission to leave classroom unmanaged classes.
|
|
iOS 12+ Supervised |
|
Force automatic Date & Time (iOS 12.0 & tvOS 12.2 and later) |
Select to turn on the Date & Time "Set Automatically" feature. It cannot be turned off by the user.
Default: False
|
|
Allow modifying eSIM settings (iPhone XS, iPhone XS Max, & iPhone XR - iOS 12.1 and later versions)
|
Select to allow user to modify the eSim configuration on supported devices. This option also prevents users from adding or removing a cellular plan in Settings on their devices.
Default: True
|
|
iOS 12.2+ Supervised
|
|
Allow modifying Personal Hotspot settings
|
Select to allow the user to modify Personal Hotspot settings.
Default: True
|
|
iOS 13.0+
|
|
Allow Files Network Drive Access |
Select to allow the user to connect to network drives in the Files app.
Default: True
|
|
Allow Files USB Drive Access |
Select to allow the user to connect to any connected USB devices in the Files app.
Default: True
|
|
iOS 13.0+ Supervised
|
|
Allow Continuous Path Keyboard
|
Select to enable continuous path keyboard (swipe or trace typing).
Default: True
|
|
Allow Device Sleep |
Select to enable device sleeping.
Default: True
|
|
Allow Find Device |
Select to enable Find My Device in the Find My app.
Default: True
|
|
Allow Find My Friend |
Select to enable Find My Friends in the Find My app.
Default: True
|
|
Force WiFi Power On
|
Select to enable WiFi power to be in the on state.
Default: False
|
|
iOS 13.4+
|
|
|
Allow Guest Session for shared iPad |
If false, temporary sessions are not available on Shared iPad.
Default: True
|
|
iOS 14.0+
|
|
|
Allow Apple Personalized Advertising
|
If false, limits Apple personalized advertising. This will prevent Apple from using the user's information for targeting ads. This may not reduce the number of ads received, but the ads will be less relevant to the user.
Default: True
|
|
iOS 14.0+ Supervised
|
|
|
Allow App Clips
|
If false, prevents a user from adding any App Clips, and removes any existing App Clips on the device.
Default: True
|
|
iOS 14.2+ Supervised
|
|
|
Allow NFC
|
If false, disables NFC. Requires a supervised device. Available in iOS 14.2 and later.
Default: True
|
|
iOS 14.5+
|
|
|
Allow Auto Unlock
|
Administrators can use the existing allowAutoUnlock restriction to manage this feature. If false, disallows auto unlock. Available in macOS 10.12 and later, and iOS 14.5 and later.
Default: true
|
|
Force on Device only Dictation
|
If true, disables connections to Siri servers for the purposes of dictation.
Default: false
|
|
iOS 14.5+ Supervised
|
|
|
Allow unpaired external boot to recovery
|
If true, allows devices to be booted into recovery by an unpaired device.
Default: false
|
|
Force WiFi to allowed networks only
|
If true, limits device to only join WiFi networks set-up via configuration profile.
Default: false
If the Force WiFi to allowed networks only restriction is enabled and WiFi configuration is not distributed to the device, the WiFi connection is lost.
|
|
iOS 15+
|
|
|
Force on Device only Translation
|
If true, the device won’t connect to Siri servers for the purposes of translation.
Default: false
|
|
Require Managed Pasteboard
|
If true, copy and paste functionality respects the allowOpenFromManagedToUnmanaged and allowOpenFromUnmanagedToManaged restrictions.
Default: false
|
|
iOS 15.2+
|
|
|
Allow Mail Privacy Protection
|
If false, disables Mail Privacy Protection on the device. Available in iOS 15.2 and later.
When the Allow Mail Privacy Protection configuration is installed and enabled from the Ivanti Neurons for MDM administrative portal, the Protect Mail Activity toggle is enabled on the device and the following options are visible:
- Hide IP Address - The email sender cannot link the email to your online activity or determine your location
- Block All Remote Content - Prevents the email sender from seeing your email activities
Default: true
|
|
iOS 15.4+
|
|
|
Allow Apple TV's automatic screen saver (tvOS 15.4 and later)
|
If false, disables Apple TV’s automatic screen saver. Available in tvOS 15.4 and later.
Default: true
|
|
iOS 16.0+ |
|
|
Allow Rapid Security Response Installation |
To disable the responses.
The user cannot install rapid security responses. |
|
Allow Rapid Security Response Removal |
To block the user from being able to undo the responses.
The user cannot remove rapid security responses. |
|
iOS 17.0+ Supervised
|
|
Allow iPhone widgets on Mac devices |
Select to allow the iPhone widgets to appear on Mac devices that uses the same AppleID of the iPhone for iCloud on both the devices. |
|
iOS 17.2+ Supervised
|
|
Allow Live Voice Mail |
Select to enable live voicemail on the device.
|
|
Force Preserve ESIM On Erase |
Select to preserve the eSIM when the system erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset.
The system doesn’t preserve eSIM if Find My initiates to erase the device.
|
|
iOS 17.4+ Supervised
|
|
Allow Marketplace App Installation |
Select to allow the users from downloading apps from alternative marketplaces. This Restriction when set to false, will prevent users from installing new alternative marketplace apps and apps installed from those marketplaces. |
|
Allow Auto Dim |
Select to allow auto dimming option on iPads with OLED displays. |
|
iOS 17.5+ Supervised
|
|
Allow Web distribution App Installation
|
This allowWebdistributionAppInstallation restriction when set to false, will prevent users from installing apps directly from new alternative websites. It is applicable for supervised devices only.
|
Applications
|
iOS All Versions
|
Enable access to applications on the devices.
|
|
Allow installing apps
|
Select to enable the user to install applications from the Apple App Store. Deselect to disable the App Store and remove its icon from the Home Screen.
|
|
All use of camera
|
Select to enable the user to operate the camera. Deselect to disable the camera and remove its icon from the Home screen.
|
|
Allow use of Safari
|
Select to allow use of the Safari web browser. Deselect to disable the Safari web browser, remove its icon from the Home screen, and prevent users from opening web clips.
|
|
Enable autofill
|
Select to turn on the autofill feature for fields displayed in Safari.
|
|
Force fraud warning
|
Select to prompt Safari to attempt to prevent the user from visiting websites identified as being fraudulent or compromised.
|
|
Enable JavaScript
|
Select to turn on Javascript support for Safari.
|
|
Block pop-ups
|
Select to block pop-ups for Safari.
|
|
iOS All Versions Supervised
|
|
Allow removing apps
|
Select to allow users to remove apps from the device.
|
|
Allow use of Game Center
|
Select to allow access to Game Center.
|
|
Allow adding Game Center friends
|
Select to allow users to add friends to Game Center.
|
|
Allow multiplayer gaming
|
Select to allow users to play games that include other users.
|
|
Allow iMessage
|
Select to allow use of iMessage.
|
|
Accept cookies
|
Select Never, Always, or From Visited sites.
|
|
Allow FaceTime
|
Select to allow the user to run FaceTime if the camera is enabled.
|
|
iOS 8+
|
|
Allow managed applications to use cloud sync
|
Select to allow managed apps to use cloud sync.
|
|
Allow Activity Continuation
|
Select to allow activity continuation in apps supporting Handoff.
|
|
iOS 8+ Supervised
|
|
Allow use of Podcasts
|
Select to allow use of Podcasts.
|
|
iOS 9+
|
|
Allow trusting of new enterprise app authors
|
Select to allow user to access new enterprise apps.
|
|
iOS 9+ Supervised
|
|
Allow App Store
|
Select to allow user access to the Apple App store.
|
|
Allow automatic app download
|
Select to allow the app to download files, data, updates with prompting the user.
|
|
Allow News app
|
Select to allow use of the News app.
|
|
iOS 9.3+ Supervised
|
|
|
Allow iTunes Radio |
Select to allow use of iTunes radio. |
|
Allow Apple Music |
Select to allow use of Apple Music. |
|
Allow Listed App Bundle IDs
|
Select to allow only bundle IDs listed in the array to be shown or launchable. Include the value com.apple.webapp to allow all webclips.
|
|
Blocked App Bundle IDs
|
Select to prevent bundle IDs listed in the array from being shown or launchable. Include the value com.apple.webapp to restrict all webclips.
|
|
iOS 13.0+ Supervised
|
|
Allow use of iTunes Store
|
Select to allow use of the iTunes Music Store. Deselect to disable iTunes Music store and remove its icon from the Home screen.
|