Restrictions and Network
The Restrictions & Network settings manage various functions that are available to supervised devices.
iOS uses advanced Mobile Device Management (MDM) configurations for devices that are configured with a Supervised profile. The administrator can tether a device to a macOS computer and use Apple Configurator 2 to supervise a device or supervise the device over-the-air as part of the Apple Device Enrollment Program (DEP).
Note: You cannot supervise an iOS device from a Windows
computer.
Restrictions & Network settings
The following table describes the functions that the administrator can manage on a supervised iOS
device. Enable Configure Settings on a Supervised device to configure the
settings.
| Policy setting | Description | Supported devices |
|---|---|---|
| Apps Exempted from Rating Restrictions BundleIds | This setting enables administrators to exempt specific apps from age-based rating restrictions by specifying their bundle IDs. | iOS 26.1+ |
| Allow Safari Private Browsing | If this setting is disabled, the system prevents users from using private browsing session in Safari. | iOS 26.0+ |
| Allow Safari History Clearing | If this setting is disabled, the system prevents users from clearing their browsing history in Safari and can ensure that browsing data remains available for administrative review and compliance purposes. | iOS 26.0+ |
| Allowed Camera Restriction BundleIDs | Note: This setting is displayed only when the user disables the Allow Use of
Camera restriction.
Users can define a list of app bundle identifiers that retain
access to the device camera when global camera restrictions are enforced. |
iOS 26.0+ |
| Denied ICCIDs For RCS | User enters ICCIDs (Integrated Circuit Card Identifiers) in this field. The system prevents
users from using Rich Communication Services (RCS) messaging for SIM cards with ICCIDs that match
entries in the specified list. Note: A maximum of four ICCIDs can be configured in this
field.
|
iOS 26.0+ |
| Denied ICCIDs For iMessage and FaceTime | If this setting is disabled, the system prevents users from activating iMessage and FaceTime
on SIM cards with ICCIDs that match entries in the specified list. Note: A maximum of four ICCIDs can
be configured in this field.
|
iOS 26.0+ |
| Allow Apple Intelligence Report | If this setting is disabled, the system disables Apple Intelligence reports. | iOS 18.4+ |
| Allow Default Calling App Modification | If this setting is disabled, the system prevents the calling app preference modification. | iOS 18.4+ |
| Allow Default Messaging App Modification | If this setting is disabled, the system prevents the default messaging app preference modification. | iOS 18.4+ |
| Allow external intelligence workspace IDs | Currently, only a single workspace ID is supported. If this setting is enabled, Apple Intelligence allows only the given external integration workspace ID to be used, and requires a sign-in to make requests. The user is required to sign in to integrations that support signing in. Multiple payloads combine by using an intersect operation. As a result, the allowed set of workspace IDs can become the empty set if conflicting values are specified in multiple payloads. |
iOS 18.3+ |
| Allow Notes transcription summary | If this setting is disabled, the system disables the transcription summarization in Notes. | iOS 18.3+ |
| Allow visual intelligence summary | If the setting is disabled, the system disables visual intelligence summarization. | iOS 18.3+ |
| Allow Notes transcription | If this setting is disabled, the system disables transcription in Notes. | iOS 18.2+ |
| Allow summarization in Safari | If this setting is disabled, the system disables the ability to summarize content in Safari. | iOS 18.2+ |
| Allow Mail Smart Replies | If this setting is disabled, the system disables smart replies in Mail. | iOS 18.2+ |
| Allow satellite connection | If this setting is disabled, the system prohibits the connection to and use of satellite services. | iOS 18.2+ |
| Allow external intelligence integrations sign-in | Disabling this setting forces external intelligence providers into an anonymous mode. If a user is already signed in to an external intelligence provider, applying this restriction signs them out. | iOS 18.2+ |
| Allow default browser modification | Disabling this setting disables the default browser preference modification. The MDM settings command to set the default browser preference still works when this setting is enabled. | iOS 18.2+ |
| Allow call recording | Disabling this setting prevents the calls from being recorded. | iOS 18.1+ |
| Allow mail summary | Disabling this setting prevents emails from being summarized. | iOS 18.1+ |
| Allow RCS messaging | Disabling this setting prevents RCS messaging services. | iOS 18.1+ |
| Allow apps to be hidden | Disabling this setting prevents the apps from being hidden. | iOS 18.0+ |
| Allow apps to be locked | Disabling this setting prevents the apps from being locked. | iOS 18.0+ |
| Allow Image Playground | Disabling this setting prohibits the use of image generation. | iOS 18.0+ |
| Allow Image Wand | Disabling this setting prohibits the use of Image Wand. | iOS 18.0+ |
| Allow iPhone Mirroring | Disabling this setting prohibits the use of iPhone Mirroring that prevents the iPhone from mirroring to Mac devices. | iOS 18.0+ |
| Allow Personalized Handwriting Results | If this setting is disabled, the system disables iOS and iPadOS from generating text in the user’s handwriting. | iOS 18.0+ |
| Allow Writing Tools | Disabling this setting disables the Apple Intelligence writing tools. | iOS 18.0+ |
| Allow Genmoji | Disabling this setting prohibits creating new Genmoji. | iOS 18.0+ |
| Allow E-SIM Outgoing Transfers | If this setting is disabled, it prevents the transfer of an eSIM from the device on which the restriction is installed to a different device. | iOS 18.0+ |
| Allow app installation from a website (in eligible regions) | Disabling this setting prohibits the device from installing apps directly from the web. | iOS 17.5+ |
| Allow auto-dim | Disabling this setting disables auto dim on devices and prevents the device from dimming. | iOS 17.5+ |
| Allow Marketplace App Installation | Disabling this setting prevents the users from installing apps from alternative app marketplaces. | iOS 17.4+ |
| Allow Live Voicemail | If this setting is disabled, the system disables live voicemail on the device. | iOS 17.2+ |
| Force Preserve E-SIM |
If this setting is enabled, the system prevents the eSIM from being erased when a device is set to wipe after multiple incorrect passcode entries. Note: The operating system doesn’t preserve an eSIM if Find My initiates erasing the device.
|
iOS 17.2+ |
| Allow Handoff | Allows user to use the Handoff feature to transfer activities on the device to other iOS devices. If this setting is disabled, it stops the activity continuation. Applicable only to personal Apple IDs. | iOS 17.0+ |
| Allow iCloud Photo Library | The user can download a library of images from iCloud on the device. If this setting is disabled, images that are not downloaded, but stored locally are removed from the device. | iOS 17.0+ |
| Maximum Allowed Content Rating for Movies | This setting allows the administrator to set the maximum content rating for movies that are downloaded from iTunes. Any app that exceeds the specified rating cannot be downloaded or accessed. Select a rating from the list. | iOS 17.0+ |
| Maximum Allowed Content Rating for TV Shows | This setting allows the administrator to set the maximum content rating for television shows that are downloaded from iTunes. Any app that exceeds the specified rating cannot be downloaded or accessed. Select the rating from the list. | iOS 17.0+ |
| Maximum Allowed Content Rating for Applications | This setting allows the administrator to set the maximum content rating for apps that are downloaded from iTunes. Any app that exceeds the specified rating cannot be downloaded or accessed. Select the rating from the list. | iOS 17.0+ |
| Accept Cookies on Safari | The Safari browser can accept cookies based on selected intervals. Select the intervals from
the list as follows.
|
iOS 17.0+ |
| Block Pop-ups on Safari | Use this setting to control whether Safari can display pop-up messages and open new tabs in the browser window. | iOS 17.0+ |
| Enable JavaScripts on the Websites | Safari can run JavaScript embedded in websites that are accessed through the browser on the device. | iOS 17.0+ |
| Allow In-App Purchase | The user can purchase items through apps on the device. If this setting is disabled, a user cannot make purchases in an app. However, the user can still purchase individual apps, not purchase items through the app. | iOS 17.0+ |
| Allow Automatic Synchronization While Roaming | The user can automatically synchronize features on the device while the device is roaming. | iOS 17.0+ |
| Allow Shared Photo Stream | The user can share images that are uploaded to iCloud with other users. | iOS 17.0+ |
| Allow Web Results in Spotlight Search | Use this setting to control how Spotlight searches content on supervised devices. When disabled, Spotlight searches only local content on the device and prevents internet search results from appearing in Spotlight. | iOS 17.0+ |
| Allow Touch ID/Face ID | Users cannot add or remove existing biometric information. The Touch ID and the Face ID settings do not affect the general passcode settings. | iOS 17.0+ |
| Allow Automatic Unlock | If this setting is disabled, it restricts the unlocking of the device automatically through Apple Watch. | iOS 17.0+ |
| Allow iPhone Widgets On Mac | This setting is turned on by default. When this setting is turned on, MaaS360® allows iPhone widgets on a Mac that is signed-in with the same Apple ID for iCloud. | iOS 17.0+ |
| Allow Rapid Security Response Installation | If this setting is disabled, Apple does not automatically push security fixes to supervised
devices. If this setting is enabled, Apple automatically pushes security fixes by default. iPhone
users do not need to restart the phone for these updates to take effect. Path on the device is . |
iOS 16.0+ |
| Allow Rapid Security Response Removal | If this setting is disabled, users cannot remove the rapid security response from supervised devices. | iOS 16.0+ |
| Allow Mail Privacy Protection | If this setting is disabled, the device cannot use Mail Privacy Protection. Path on the device is . |
iOS 15.2+ |
| Allow iCloud Private Relay | If this setting is disabled, the system disables the user from turning on iCloud Private Relay. | iOS 15.0+ |
| Allow Unpaired External Boot to Recovery | If this setting is enabled, it allows users to start iOS or iPad OS devices into Recovery Mode from an external host computer (unpaired host). By default, an external host computer cannot start a device in Recovery Mode. | iOS 14.5+ |
| Force On Device only Dictation | If this setting is enabled, this setting prevents the use of Siri for dictation on a supervised device. By default, users can use dictation to enter text with many apps and features that use the keyboard on devices. | iOS 14.5+ |
| Allow Near Field Communication | Users can use Near Field Communication (NFC) to exchange wireless information on a supervised device. If this setting is disabled, it disables users from using built-in NFC hardware in compatible devices that use iOS 14.2 or later. | iOS 14.0+ |
| Allow App Clips | Users can use App Clips on a supervised device. App Clips are a small part of an app that
allows the user to do a task quickly. The default is Allow.App Clips are available in Safari, Maps, and Messages, or through NFC tags, QR codes, and App Clip codes (unique markers that take you to specific App Clips). |
iOS 14.0+ |
| Allow Shared Device Guest Session | This setting enables guest login sessions on a shared iPad device. The default is
Restrict. For more information about shared iPad temporary sessions, see https://support.apple.com/en-in/guide/deployment/dep9a34c2ba2/web. |
iOS 13.4+ |
| Allow adding Game Center friends | Disabling this setting disables users to add contacts from the Game Center social network on
a supervised device. The default is Allow. |
iOS 13.0+ |
| Allow Cloud Backup | Users can back up the contents of a supervised device onto iCloud. The default is
Allow. |
iOS 13.0+ |
| Allow Cloud Keychain Sync | Users can synchronize information such as a Safari username and password, credit card
details, or wifi settings onto iCloud. The default is Allow. |
iOS 13.0+ |
| Allow Documents Sync | Users can synchronize documents that are uploaded to iCloud. The default is
Allow. |
iOS 13.0+ |
| Allow Explicit Music and podcasts Purchased from iTunes | Users can download explicit material from Apple services on a supervised device. The default
is Allow. |
iOS 13.0+ |
| Allow Find My iPhone | Users cannot use the Find My app on a supervised device. The default is
Allow. The default is Allow. |
iOS 13.0+ |
| Allow Find My Friends | Users cannot use the Find My Friends app on a supervised device. The default is
Allow.Note: For iOS 13.0+ devices, the Find My Friends and
Find My iPhone settings are combined with Find My app.
These settings function as follows.
|
iOS 13.0+ |
| Allow Network Drives access Files app | If this setting is disabled, the users cannot connect to mapped network drives in the Files
app. The default is Allow. |
iOS 13.0+ |
| Allow QuickPath keyboard | Users cannot use the QuickPath keyboard, which is a swipe-based keyboard that allows user
inputs without removing finger from the screen, on a supervised device. The default is
Allow. |
iOS 13.0+ |
| Allow USB Drive access Files app | Users can connect to any USB devices that are present in the Files app. The default is
Allow. |
iOS 13.0+ |
| Allow Use of Camera | Users can use the camera app on a supervised device. If this setting is disabled, the camera
app is hidden from the user, and the user cannot access the camera app from other apps. The default
is Allow. If the desired outcome is to restrict the camera app, but allow other
apps to access the camera hardware, use Supervised App Compliance to
blacklist the iOS Camera app instead.
|
iOS 13.0+ |
| Allow Use of iTunes for Media Download | Users can download apps, music, or videos from the iTunes store on a supervised device. The
default is Allow. |
iOS 13.0+ |
| Force Wifi On | Users cannot disable wifi on a supervised device from Settings or the Control Center even
during Airplane Mode. This setting does not prevent the user from selecting which wifi network to
use on the device. The default is Disabled. |
iOS 13.0+ |
| iCloud Documents and Data | Documents and data are not added to iCloud. | iOS 13.0+ |
| iTunes Store | The iTunes Store is disabled and its icon is removed from the Home Screen. Users can’t preview, purchase, or download content. | iOS 13.0+ |
| Allow Multiplayer Gaming | Users cannot play games online over wifi or cellular data on a supervised device. The default
is Allow. |
iOS 13.0+ |
| Playback of explicit music, video and podcast content | Explicit music or video content that is purchased from the iTunes Store or downloaded from the podcasts app is hidden. Explicit content is flagged by content providers, such as record labels, when sold through the iTunes Store. | iOS 13.0+ |
| Enable Auto Fill in Safari | Safari does not track what users enter in web forms. The default is
Allow. |
iOS 13.0+ |
| Allow Use of Safari | Users can use the Safari web browser on a supervised device. This setting also prevents users
from opening Web Clips. This can also be accomplished with the Supervised App
Compliance settings. The default is Allow.
|
iOS 13.0+ |
| Allow Installing of Applications | If this option is disabled, users cannot install apps from the App Store, iTunes, or
alternative marketplaces. This is a stricter setting than Allow Usage Of App
Store and may adversely impact IBM® MaaS360's ability to deliver apps to the device. The default is Allow. |
iOS 13.0+ |
| Allow Personal Hotspot Modification | Users can modify personal Hotspot settings on a supervised device. The default is
Allow. |
iOS 12.2+ |
| Allow ESIM Modification | Users cannot add or remove a cellular plan to the eSIM on the device. The default is
Allow. |
iOS 12.1+ |
| Allow Date And Time Modification | When enabled, the users can change the date and time on a supervised device. The default is
Allow.To restrict a user from editing the date and time on an iOS device, disable this setting and publish the policy to the device. |
iOS 12.0+ |
| Allow Password Proximity Requests | Users can request their device password by using proximity setup from nearby devices. The
default is Allow. |
iOS 12.0+ |
| Allow Password Auto Fill | Users cannot use AutoFill Passwords for saved passwords in Safari and Apps, and no prompt is
shown to pick a saved password from iCloud Keychain or third-party password managers. The default is
Allow. |
iOS 12.0+ |
| Proximity AutoFill | Users’ devices do not advertise themselves to nearby devices for passwords by use of Proximity AutoFill. For devices with iOS, iPadOS, and macOS, this feature restricts only wifi password requests. | iOS 12.0+ |
| Allow Password Sharing | Users cannot share their passwords over AirDrop. The default is
Allow. |
iOS 12.0+ |
| Allow USB Restricted Mode | If this setting is disabled, allows the device to always connect to USB accessories while locked. | |
| Allow Cellular Plan Modification | Users can share the cellular password with the AirDrop password feature and also modify the
cellular plan on a supervised device. The default is Allow. |
iOS 11.0+ |
| Allow Proximity Setup to New Devices | Users can transfer data, settings, and content from an old device to a new device by using
the same Apple ID. The old device with the published policy allows automatic setup of new devices
that are within the proximity of the old device. The default is Allow.You can also take the following action from the Device Inventory page, . |
iOS 11.0+ |
| Enable Authentication for Auto Fill | Users must authenticate with biometric authentication or with a passcode to automatically
fill password and credit card information in Safari and Apps. Supports on devices with FaceID only.
the default is Enabled. |
iOS 11.0+ |
| Allow users to remove System Apps | Allow or restrict users from removing native iOS apps from the device. The list of removable
apps may vary depending on the iOS version. When enabled, users cannot remove any native iOS apps.
The default is Allow. |
iOS 11.0+ |
| Allow VPN Creation | A user cannot create or add VPN configurations on a supervised device. | iOS 11.0+ |
| Allow AirPrint | Allow or restrict the use of AirPrint on supervised devices. If disabled, the user cannot use
AirPrint. The default is Allow. |
iOS 11.0+ |
| Allow AirPrint Credentials Storage | Note: Enable Allow AirPrint to view this setting.
Users cannot
save their AirPrint credentials to the iCloud keychain. The default is
Allow. |
iOS 11.0+ |
| Allow AirPrint iBeacon Discovery | Note: Enable Allow AirPrint to view this setting.
Users cannot
discover AirPrint printers by using nearby iBeacon-compatible hardware transmitters. The default is
Allow. |
iOS 11.0+ |
| Disallow AirPrint to destinations with untrusted certificates | Note: Enable Allow AirPrint to view this setting.
Users can’t
use AirPrint to print to printers with untrusted certificates. The default is
Disabled. The supervised device must use trusted TLS certificates to connect to
AirPrint printers. |
iOS 11.0+ |
| Enforce usage of only MDM configured Wi-Fi | If this setting is enabled, the device can connect only to wifi profiles that are deployed
and configured on a supervised device. This setting prevents connections to wifi networks that are
not configured by MDM. The default is Disabled.Note: This restriction is enforced
when at least one wifi network is configured on a supervised device. If the device is disconnected
from a configured network and no other is available, the device will no longer receive MDM commands
or information. This can adversely impact the state of the device, and potentially require a restore
to gain functionality back.
|
iOS 10.3+ |
| Join only wifi networks installed by a wifi payload |
When enabled, devices that have this restriction can join only the wifi networks that are added
to the wifi payload. The default is
off.Important: If the wifi network
is not available, the device cannot be managed.
|
iOS 10.3+ |
| Allow Dictation | Users cannot use dictation on a supervised device. The default is
Allow. |
iOS 10.3+ |
| Allow Bluetooth Modification | Users cannot change Bluetooth settings on a supervised device. The default is
Allow. |
iOS 10.0+ |
| Allow Diagnostic Log Submission Modification | Users can change settings for the diagnostic log submission and app analytics on a supervised
device. The default is Allow. |
iOS 9.3.2+ |
| Allow Notification Modification | Users cannot change the configuration of any Notifications settings on a supervised device.
The default is Allow. |
iOS 9.3+ |
| Allow iTunes Radio | Users can still access iTunes Radio if the Music app is disabled on the supervised device. If
restricted the Radio icon is removed from the iTunes app. The default is
Allow. |
iOS 9.3+ |
| Allow Apple Music | Users cannot access the Apple Music app on a supervised device. The default is
Allow. |
iOS 9.3+ |
| Allow Trust of Enterprise Apps | (Deprecated) The supervised device can receive trusted enterprise apps that are pushed
through MDM. Alternatively use Allow Trust of Enterprise apps under
. This restriction is applicable for non supervised devices
too. The default is Allow. |
iOS 9.0+ |
| Allow Usage of App Store | If this setting is disabled, users cannot download apps from the app store to a supervised
device. MDM can still push apps to the device or the user can access Apple Configurator or iTunes on
a computer to add apps to the device. However, access to the system-level app store is hidden from
the user. If disabled, Apps can still be loaded by the user through iTunes and Configurator, or
through IBM
MaaS360. The default is Allow. |
iOS 9.0+ |
| Allow Automatic App Downloads | The App Store does not automatically download apps. This setting allows the automatic
downloading of apps purchased on user's other devices associated with the Apple ID. The default is
Allow. |
iOS 9.0+ |
| Allow Keyboard Shortcuts | Users can use keyboard shortcuts on a supervised device. The default is
Allow. |
iOS 9.0+ |
| Allow Device Name Modification | Users cannot change the name of a supervised device as shown in
.
The default is Allow.Note: This setting also blocks the MDM profile from changing
the name of the supervised device. If this setting is disabled, an administrator cannot remotely set
or automatically name a supervised device.
|
iOS 9.0+ |
| Allow Passcode Modification | Users cannot change the passcode that is set on a supervised device. The user continues to
receive passcode setting prompts if the device passcode expires or MDM requirements for passcode get
stricter. The default is Allow. |
iOS 9.0+ |
| Allow Apple Watch | Allow pairing of Apple Watches. If disabled while a Watch is paired, it is unpaired and
erased. The default is Allow. |
iOS 9.0+ |
| Allow Wallpaper Modification | Users cannot change the wallpaper for the Lock Screen or Home
Screen on a supervised device. The user continues to receive passcode setting prompts if
the device passcode expires or MDM requirements for passcode get stricter. The default is
Allow.Note: This setting also blocks MDM actions. Do not disable this setting
until MaaS360 successfully pushes the settings to the
device.
|
iOS 9.0+ |
| Allow News App | Users cannot use the Apple News app on a supervised device. The default is
Allow. |
iOS 9.0+ |
| Allow modifying Touch ID Fingerprints | Users can modify the Touch ID fingerprint identity sensor setting on a supervised device.
Users cannot use Touch ID if this setting is not set up on the device. The default is
Allow. |
iOS 8.3+ |
| Allow Auto-Correction | Users cannot see any word correction suggestions for misspelled words on a supervised device.
The default is Allow. |
iOS 8.1.3+ |
| Allow Definition Lookup | Users cannot tap and hold a selection and look up a dictionary definition about the
selection. The default is Allow. |
iOS 8.1.3+ |
| Allow Predictive Keyboard | Users cannot see the predictive text (where the device provides suggestions as you type words
or phrases) on a supervised device. The default is Allow. |
iOS 8.1.3+ |
| Allow Spell Check | Users cannot see potentially misspelled words that are underlined in red. If this setting
is restricted, the user cannot use spell check on the device. However, the user can still use the
built-in app level spell check on the device. The default is |
iOS 8.1.3+ |
| Allow Podcasts App | Allow or restrict access to podcasts within the built-in Music app on the device. This
setting does not affect third-party apps that support podcast playback. The default is
Allow. |
iOS 8.1+ |
| Allow User Enabled Restrictions |
Users cannot set their own Screen Time settings on their device for iOS 12 or later. Users cannot set their own restrictions on their device for iOS 11.4.1 or earlier. If set to Restrict, the ”Enable ScreenTime” option in the ScreenTime UI in Settings is disabled,
and the ScreenTime is also disabled if already enabled. The default is |
iOS 8.0+ (Restrictions) iOS 12.0+ (Screen Time) |
| Allow Erase All Contents & Settings | Allow or restrict access to the Erase All Content & Settings
option on supervised devices. Users cannot erase their device and reset it to factory defaults from
a supervised device. This setting does not prevent users from erasing the device by using iTunes
restore, Recovery Mode, or DFU mode. The default is Allow. |
iOS 8.0+ |
| Allow Host Pairing | This setting allows administrator to control which supervised device can pair with the iOS
device. Restricting prevents iTunes, Apple Configurator, and XCode paring, as well as limiting
information that can be read from the device on a desktop or laptop, or other similar machines. The
default is Allow.If this setting is disabled, host pairing is not allowed except for the host supervision. |
iOS 7.0+ |
| Allow AirDrop | Allow or restrict users to use AirDrop on a supervised device to share content with other
Apple devices. If this setting is disabled, the AirDrop function is removed from the supervised
device. The default is |
iOS 7.0+ |
| Allow Find My Friends Modification | Users can access and modify Find My Friends on a supervised device to
use GPS to locate friends with Apple devices. The default is Allow. |
iOS 7.0+ |
| Allow Cellular Data Usage Modification | Allow or restrict users from choosing which apps can use cellular data on the device. The
default is Allow. |
iOS 7.0+ |
| Allow Removing Apps | Allow or restrict users to remove any app from supervised devices. This is an all-or-nothing
feature, and can not be limited to specific apps. The default is Allow. When this
option is off, users cannot remove apps installed using the App Store, iTunes or alternate
marketplaces. |
iOS 7.0+ |
| Allow Activation Lock | Allow or restrict Activation Lock on supervised devices. Activation Lock is a security
feature that links a device to an Apple ID when Find My Device is enabled.
This does not disable the feature on devices in which it is already enabled. The default is
Do Not Allow.
Note: To
remove Activation Lock from a device where it is already active, use the Clear Activation
Lock device
action.
|
iOS 7.0+ |
| Allow Account Modification | Allow or restrict account management on supervised devices, including iTunes, iCloud, email,
FaceTime, and iMessage. When disabled, users cannot create, modify, or remove accounts. If this
restriction is applied before accounts are configured, certain app functions such as downloading
apps or setting up email are affected. For example, users cannot create new accounts or change their
username, password, or other settings associated with their account on a supervised device. The
default is Allow. |
iOS 7.0+ |
| Enable User Generated Content in Siri | Enable or disable the ability to manually create content for Siri to reference. Siri cannot
access content from sources that allow user-generated content, such as Wikipedia. The default is
Enabled. |
iOS 7.0+ |
| Allow use of Game Center | Allow or restrict access to the Game Center. The default is Allow. |
iOS 6.0+ |
| Allow iBookstore | Allow or restrict access to the iBookstore. The default is
Allow. |
iOS 6.0+ |
| Allow Erotica | Allow or restrict access for users to download content that is rated as
Erotica from the iBookstore. The default is
Allow. |
iOS 6.0+ |
| Allow Configuration Profile Installation | Allow or restrict the ability to install configuration profiles from external sources, such
as Apple Configurator. Common profile types include wifi and VPN settings. Users cannot manually
install configuration profiles in Settings on a supervised device. If this setting is disabled,
users cannot add profiles or certificates to the device, but profiles and certificates can be pushed
to the device through MDM. The default is Allow. |
iOS 6.0+ |
| Allow iMessage | Allow or restrict access to the iMessage. For Wi-Fi–only devices, the
Messages app is hidden. For devices with wifi and mobile, the Messages app is still available but
only the SMS or MMS service can be used. If this setting is disabled, the device can still use the
cellular network to send text messages. The default is |
iOS 6.0+ |
| Enable Siri Profanity Filter | Enable or disable the Siri profanity filter. When enabled, the filter does not affect
existing Siri content. The default is Disabled. |
iOS 6.0+ |
Classroom Restrictions
The following table describes the Classroom Restrictions that the administrator can manage on a
supervised iOS device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Request Permission to Leave Classes | When enabled, the student enrolled in an unmanaged course through Classroom must request
permission from the teacher when attempting to leave the course. The default is
Disabled. |
iOS 11.3+ |
| Join Classes Automatically | When enabled, permission is automatically given to the teacher's requests without prompting
the student. The default is Disabled. |
iOS 11.0+ |
| Allow App and Device Lock without Prompt | The administrator can allow or restrict the teachers from enforcing app lock or device lock
with no prompt to the student. The default is Do not allow. |
iOS 11.0+ |
| Allow Screen Observation Without Prompt | The administrator can allow or restrict the teachers from viewing student device screens with
no prompt. The default is Do not allow. |
iOS 11.0+ |
Global Proxy
The following table describes the Global Proxy settings that the administrator can manage on a
supervised iOS device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Configure Global Proxy Settings | Enable to configure proxy settings for network traffic on a supervised device. The default is
off with no settings configured. Select the following.
|
iOS 7.0+ |
AirPlay
The following table describes the AirPlay settings that the administrator can manage on a
supervised iOS device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Configure AirPlay Settings | The administrator can configure which Airplay devices can connect to which supervised iPhone
or iPad and share content. Enable Configure AirPlay Settings to view
Allowed AirPlay Device. This setting restricts AirPlay to only connecting to
these devices, in the format xx:xx:xx:xx:xx:xx. This is applicable only when
AirPlay Settings are enabled in Advanced Settings. |
iOS 7.0+ |
Software Updates Force Delay Settings
The following table describes the Software Updates Force Delay Settings that the administrator
can manage on a supervised iOS device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Configure Delay for Software Updates | The administrator can delay the user visibility to software updates on devices based on the
number of days (1-90 days). Note that this is 1 to 90 days from the OS release date. It cannot be
extended beyond 90 days of release. Important: For iOS 18.0+ devices, use Software Update Settings (DDM) under
Supervised Settings.
Enable Configure Delay for Software Updates to view Number of Days to Delay (1-90 days). The user cannot see the software updates for the mentioned number of days. |
iOS 11.3+ |