Device Functionality
A Restrictions payload disables specific applications or functionality on the device. Each device can only use one Restrictions payload. If there is more than one Restrictions payload applied to the folder the device is in, only the payload with the highest priority will be sent to the device. You can view the payloads that have been sent to the device by viewing device details.
When you are using a Restrictions payload, ensure you are not locking down functionality that is required for other operations. For example, watch for the following scenarios:
• Do not block the Settings application if you are using a Passcodes payload, since the user needs to access Settings in order to set or change a passcode.
• Ensure software payloads have been distributed and the desired apps have been installed on the device before you disallow installing apps.
• Ensure your white-listed apps are installed on the device before you apply a payload to enable whitelisting.
A Restrictions payload for Android offers the following options:
|
Payload Name |
The name of the payload. |
|
Allow installing apps |
Allows the user to install apps. |
|
Allow use of camera |
Allows the user to launch the camera application. |
|
Encrypt storage card (Android 3.0+) |
Encrypts the information saved on an external storage card, such as an SD card. |
|
Allow Settings Application |
Allows the user to access and change the Android device settings. |
|
Allow Web applications |
Allows the user to launch a Web browser. |
|
Allow Default Web browser |
Allows the user to launch the default Web browser. |
|
Allow Mail applications |
Allows the user to launch email applications. |
|
Allow use of YouTube |
Allows the user to use a YouTube application. |
|
App Lists |
Allows you to list specific applications that will be allowed or blocked on the device. When creating a Restrictions payload for Android devices, you can establish a list of blocked or approved apps for kiosk mode. A White List indicates the approved apps and prevents all other apps from launching. A Black List indicates apps not approved for use and redirects users to the home screen when an unapproved app is launched. If you create a White List, you must select a default home app from the Restrictions payload screen. After deploying the payload, tap the Home button on a device to launch the specified home app. Holding down the home button or navigating to a blocked app displays a dialog box that lists the available apps. To block or add a specific app, you can type the name and package details in the text boxes and click Add. Type the friendly name for the app in the Name text box, and the Android package name in the Package text box. For example, in order to block or add a Gmail app, type: Gmail com.google.android.gm You can also click Browse for more apps to search the Google Play Store for the name of the application — this will populate the name and package details. To delete an app from the list, enable the checkbox next to the name of the app and click Delete. In order to override app restrictions on the device, you must set a Smart Device Client Administrator Password from the System Settings screen in Avalanche. After setting the password and syncing the device, you can input the password on a device to disable app restrictions. To deactivate app restrictions, edit the original payload, disable Use App List, redeploy the payload, and sync the desired devices. Deploying white or blacklisting restrictions on a Samsung SAFE device will disable both hard and soft home keys. |
The iOS Restrictions payload offers the following options:
|
Payload Name |
The name of the payload. |
|
Allow installing apps |
Allows the user to install apps. |
|
Allow use of camera |
Allows the user to launch the camera application. |
|
Allow FaceTime |
Allows the user to place or receive FaceTime calls. |
|
Allow screen capture |
Allows the user to save a screenshot of the display. |
|
Allow automatic sync while roaming |
Allows the device to sync accounts automatically even when the device is roaming. |
|
Allow Siri |
Allows the user to use Siri, voice commands, or dictation. |
|
Allow Siri while locked |
Allows the user to use Siri without entering a passcode when the device is locked. |
|
Allow Siri querying user-generated content (Supervised only) |
Allows the user access to content in Siri added by other users. |
|
Allow voice dialing |
Allows the user to dial using a voice command. |
|
Allow Passbook while device locked |
Allows the device to display Passbook notifications while the device is locked. |
|
Allow In-App Purchase |
Allows the user to make purchases through installed apps. |
|
Force user to enter password for all purchases |
Forces the user to type in his iTunes Store account password each time he makes a purchase. |
|
Allow multiplayer gaming |
Allows the user to play multiplayer games in the Game Center. |
|
Allow adding Game Center friends |
Allows the user to add friends in the Game Center. |
|
Allow Control Center while locked |
Allows the user to swipe up to view the Control Center even when the device is locked. |
|
Allow Notification View while locked |
Allows the user to view notifications even when the device is locked. |
|
Allow Today view while locked |
Allows the user to swipe down to see the Today view even when the device is locked. |
|
Allow iBooks Store |
Allows the user to access the iBooks Store. |
|
Allow use of AirDrop |
Allows the user to access AirDrop. |
|
Allow account change |
Allows the user to change account settings. |
|
Allow cellular data usage for apps |
Allows apps on the device to use a cellular data connection. |
|
Allow use of iTunes Store |
Allows the user to access the iTunes Store. |
|
Allow use of YouTube |
Allows the user to open the YouTube app. |
|
Allow use of iTunes Store |
Allows the user to launch and use the iTunes store. |
|
Limit ad tracking |
Prevents the device's ID from being used for advertisement tracking. |
|
Allow Web browser |
Allows the user to launch Safari. When this option is disabled, the user will not be able to launch Safari, but will still be able to launch other Web browsers, such as Chrome. |
|
Enable autofill |
Allows the user to turn on Safari's autofill feature. |
|
Force fraud warning |
When the user visits a fraudulent or compromised web site, Safari displays a warning. |
|
Allow JavaScript |
Allows web pages that the user accesses using Safari to run JavaScript. |
|
Block pop-ups |
Sets Safari to block pop-up messages. |
|
Accept cookies |
Allows Safari to accept all cookies, reject all cookies, or accept cookies only from sites that are directly accessed. |
|
Allow change to Find My Friends (Supervised only) |
Allows applications to access Find My Friends. |
|
Allow explicit content |
Allows the user to see explicit music or video content in the iTunes Store. Explicit content is flagged by content providers. |
|
Ratings region |
The media region with the rating system the device should use in allowing content. |
|
Allowed content ratings |
Movies. The level of allowed content for movies. TV Shows. The level of allowed content for TV shows. Apps. The level of allowed content for apps. |
Kiosk Mode (Supervised device only)
|
Enable kiosk mode |
Also known as guided access, this option limits the device to only run the application specified. When kiosk mode is enabled, the device will only launch the app specified and will block other apps. To specify the app for kiosk mode, use the Apple ID. To exit kiosk mode, an administrator must modify the payload to turn off kiosk mode and update the device. Kiosk mode is only available for devices that are in Supervised mode. For more information, see your Apple documentation. |
| Disable Autolock | Prevents the device from locking automatically. |
| Disable device rotation | Disables the display from changing orientation when the device is rotated. |
| Disable ringer switch | Disables any functionality associated with the ringer switch. |
| Disable sleep/wake button | Disables any functionality associated with the sleep/wake button. |
| Disable touch | Disables the touch functionality of the screen. |
| Disable volume button | Disables any functionality of the volume button. |
| Allow Assistive Touch | Allows the user to use Assistive Touch features to make the device more accessible. This option is for users who have problems touching the screen or pressing buttons. |
| Allow Assistive Touch adjustment | Allows the user to configure Assistive Touch options. |
| Allow invert colors | Allows the user to invert the colors on the screen. |
| Allow user to adjust color inverting | Allows the user to configure color inversion options. |
| Allow mono audio | Allows the user to switch the audio output to mono. |
| Allow Speak Selection | Allows the user to select text and use the Speak Selection feature for text-to-speech. |
| Allow VoiceOver | Allows the user to use VoiceOver features to make the device more accessible. This option is for users who need audible presentation of screen materials or menus. |
| Allow user to adjust VoiceOver | Allows the user to configure VoiceOver options. |
| Allow zoom | Allows the user to use zoom features. |
| Allow user to change zoom | Allows the user to change the zoom settings. |
| Autonomous permitted App IDs to run |
Allows apps identified by the bundle IDs listed to enter Single App Mode. This option only applies if you have apps that have the ability to enter Single App Mode. Avalanche does not make apps enter Single App Mode, it only allows the app to do it. |
|
Allow backup |
Allows the user to back up the device using iCloud. |
|
Allow document Sync |
Allows the user to store documents in iCloud. |
|
Allow Photo Stream |
Allows the user to use Photo Stream. If Photo Stream is disabled after the device user has shared photos using Photo Stream, photos already shared will be removed. |
|
Allow shared photo streams |
Allows the user to share his photo stream and view others' photo streams. |
|
Allow unlocking by Touch ID |
Allows the user to use Touch ID to unlock the device. |
|
Allow Host Pairing |
Allows the device to pair with computers other than the computer used to put the device in Supervised mode. |
|
Allow diagnostic data to be sent to Apple |
Allows the device to send diagnostic data to Apple. |
|
Allow user to accept untrusted certificates |
Allows the user to accept TLS certificates that can't be verified. This setting is enforced for Safari, Mail, Contacts, and Calendar. |
|
Allow open from managed to unmanaged Apps/Accounts |
Allows the user to switch to unmanaged applications or accounts from a managed app or account. For example, if the email app is managed but the browser app is not, the user would be allowed to click on a link in an email that launches the browser. |
|
Allow open from unmanaged to managed Apps/Accounts |
Allows the user to switch to managed applications or accounts from an unmanaged app or account. For example, if the email app is managed but the browser app is not, the user would be allowed to click on a link on a web page that launches the email app. |
|
Allow Over-The-Air PKI Updates |
Allows public key infrastructure updates. If this option is not enabled, you may experience issues with any application that depends on certificates, including Internet browsers. |
|
Allow interaction while install config profile (Supervised only) |
Allows the administrator to send down configuration profiles silently, without user interaction. |
|
Force encrypted backups |
Forces the user to encrypt any backups using iTunes. |
For some of the options in a Restrictions payload for iOS, the device must be manually configured to be in Supervised mode using Apple Configurator. For information on Supervised mode, see your Apple documentation.
This page refers to an older version of the product.View the current version of the User Guide.
The topic was:
Inaccurate
Incomplete
Not what I expected
Other
