Restrictions | Entgra Iot Server

Restrictions

Add policy in Policy description page gives a brief description how a policy is added to an iOS device.

These configurations can be used to restrict apps, device features and media content available on an iOS device. Once this configuration profile is installed on a device, corresponding users will not be able to modify these settings on their devices.

Data keys of Policy Description
Restrictions on mac OS and iOS device
Allow Siri When false, disables Siri. Defaults to true.
Allow use of camera Having this checked would enable Usage of phone camera in the device
Allow iCloud documents and data
[This key is deprecated on unsupervised devices.]
Having this checked would enable syncing iCloud documents and data in the device. This is deprecated on unsupervised devices
Available in iOS 5.0 and later and in macOS 10.11and later.
Allow iCloud keychain When false, disables iCloud keychain synchronization. Default is true.
Available in iOS 7.0 and later and macOS 10 .12 and later.
Allow fingerprint for unlock If false, prevents Touch ID from unlocking a device.
Available in iOS 7 and later and in macOS 10.12.4 and later.
Allow in-app purchase Having this checked would allow in-app purchase in the device.
Allow screenshots If set to false, users canʼt save a screenshot of the display and are prevented from capturing a screen recording; it also prevents the Classroom app from observing remote screens.
Enable AutoFill When false, Safari auto-fill is disabled. Defaults to true.
Allow voice dialing while device is locked When false, disables voice dialing if the device is locked with a passcode. Default is true.
Force encrypting all backups Having this checked would force encrypting all backups.
Allow managed apps to store data in iCloud If set to false, prevents managed applications from using iCloud sync.
Allow Activity Continuation If set to false, Activity Continuation will be disabled. Defaults to true.
Allow backup of enterprise books If set to false, Enterprise books will not be backed up. Defaults to true
Allow enterprise books data sync If set to false, Enterprise books notes and highlights will not be synced. Defaults to true.
Allow cloud photo library If set to false, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device will be removed from local storage.
Allow remote screen observation If set to false, remote screen observation by the Classroom app is disabled. Defaults to true. This key should be nested beneath allowScreenShot as a sub-restriction. If allowScreenShot is set to false, it also
Available in iOS 9.3 and macOS 10.14.4 and later.
Allow adding Game Center friends
[This key is deprecated on unsupervised devices.]
When false, prohibits adding friends to Game Center. This key is deprecated on unsupervised devices.
Allow Siri to query user-generated content from web Supervised only. When false, prevents Siri from querying user-generated content from the web.
Available in iOS 7 and later.
Allow video conferencing
[This key is deprecated on unsupervised devices.]
When false, disables video conferencing. This key is deprecated on unsupervised devices
Allow Safari
[This key is deprecated on unsupervised devices.]
When false, the Safari web browser application is disabled and its icon removed from the Home screen. This also prevents users from opening web clips. This key is deprecated on unsupervised devices.
Allow multiplayer gaming
[This key is deprecated on unsupervised devices.]
When false, prohibits multiplayer gaming. This key is deprecated on unsupervised devices.
Allow use of iTunes Store When false, the iTunes Music Store is disabled and its icon is removed from the Home screen. Users cannot preview, purchase, or download content. This key is deprecated on unsupervised devices.
Following are DEP(Supervised) only
Force Delayed Software Updates If set to true, delays user visibility of Software Updates. Defaults to false. On macOS, seed build updates will be allowed, without delay.
Available in iOS 11.3 and macOS 10.13
Allow Erase All Content And Settings If set to false, disables the “Erase All Content And Settings” option in the Reset UI.
Allow Spotlight Internet results If set to false, Spotlight will not return Internet search results.
Available in iOS and in macOS 10.11 and later.
Enforced Software Update Delay This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. The max is 90 days and the default value is 30.
Available in iOS 11.3 and macOS 10.13.4
Force Classroom Automatically Join Classes If set to true, automatically give permission to the teacherʼs requests without prompting the student. Defaults to false
Available only in iOS 11.0 and macOS 10 .14.4 and later
Force Classroom Request Permission To Leave Classes If set to true, a student enrolled in an unmanaged course via Classroom will request permission from the teacher when attempting to leave the course. Defaults to false.
Available only in iOS 11.3 and macOS 10.14.4 and later.
Force Classroom Unprompted App And Device Lock If set to true, allow the teacher to lock apps or the device without prompting the student. Defaults to false
Available only in iOS 11.0 and macOS 10.14.4 and later.
Force Classroom Unprompted Screen Observation If set to true, and ScreenObservationPermissionModificationAllowed is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that courseʼs teacherʼs requests to observe the studentʼs screen without prompting the student. Defaults to false.
Available only in iOS 11.0 and macOS 10.14.4 and later.
Allow Password Auto Fill If set to false, users will not be able to use the AutoFill Passwords feature on iOS and will not be prompted to use a saved password in Safari or in apps. If set to false, Automatic Strong Passwords will also be disabled and strong passwords will not be suggested to users. Defaults to true.
Available only in iOS 12.0 and macOS 10 .14 and later.
Allow Password Proximity Requests If set to false, a userʼs device will not request passwords from nearby devices. Defaults to true.
Available only in iOS 12.0 and macOS 10.14
Allow Password Sharing If set to false, users can not share their passwords with the Airdrop Passwords feature. Defaults to true.
Available only in iOS 12.0 and macOS 10.14 and later.
Allow definition lookup If set to false, disables definition lookup. Defaults to true.
Available in iOS 8.1.3 and later and in macOS 10.11.2 and later
Allow music service If set to false, Music service is disabled and Music app reverts to classic mode. Defaults to true.
Available in iOS 9.3 and later and macOS 10.12 and later
Restrictions on iOS device
Allow Siri while device is locked When false, the user is unable to use Siri when the device is locked. Defaults to true. This restriction is ignored if the device does not have a passcode set.
Allow removing apps
[This key is deprecated on unsupervised devices .]
When false, disables removal of apps from iOS device. This key is deprecated on unsupervised devices.
Allow iCloud backup When false, disables backing up the device to iCloud.
Allow diagnostic submission When false, this prevents the device from automatically submitting diagnostic reports to Apple. Defaults to true.
Available only in iOS 6.0 and later.
Allow explicit content
[This key is deprecated on unsupervised devices .]
When false, explicit music or video content purchased from the iTunes Store is hidden. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store. This key is deprecated on unsupervised devices.
Available in iOS and in tvOS 11.3 and later
Allow global background fetch when roaming When false, disables global background fetch activity when an iOS phone is roaming.
Show Notifications Center in lock screen If set to false, the Notifications history view on the lock screen is disabled and users canʼt view past notifications. Though, when the device is locked, the user will still be able to view notifications when they arrive.
Available only in iOS 7.0 and later.
Show Today view in lock screen If set to false, the Today view in Notification Center on the lock screen is disabled.
Available only in iOS 7.0 and later.
Allow documents from managed sources in unmanaged destinations If false, documents in managed apps and accounts only open in other managed apps and accounts. Default is true.
Available only in iOS 7.0 and later
Allow documents from unmanaged sources in managed destinations If set to false, documents in unmanaged apps and accounts will only open in other unmanaged apps and accounts. Default is true.
Available only in iOS 7.0 and later.
Show Passbook notifications in lock screen If set to false, Passbook notifications will not be shown on the lock screen.This will default to true.
Available in iOS 6.0 and later.
Allow Photo Stream When false, disables Photo Stream.
Available in iOS 5.0 and later.
Force Fraud warning When true, Safari fraud warning is enabled. Defaults to false
Available in iOS 4.0 and later.
Enable Javascript When false, Safari will not execute JavaScript. Defaults to true.
Available in iOS 4.0 and later.
Enable Pop-ups When false, Safari will not allow pop-up tabs. Defaults to true.
Available in iOS 4.0 and later.
Accept cookies Determines conditions under which the device will accept cookies. The user facing settings changed in iOS 11, though the possible values remain the same:
• 0: Prevent Cross-Site Tracking and Block All Cookies are enabled and the user canʼt disable either setting.
• 1 or 1.5: Prevent Cross-Site Tracking is enabled and the user canʼt disable it. Block All Cookies is not enabled, though the user can enable it.
• 2: Prevent Cross-Site Tracking is enabled and Block All Cookies is not enabled. The user can toggle either setting. (Default)
These are the allowed values and settings in iOS 10 and earlier:
• 0: Never
• 1: Allow from current website only
• 1.5: Allow from websites visited (Available in iOS 8.0 and later); enter ’ 1.5
• 2: Always (Default)
In iOS 10 and earlier, users can always pick an option that is more restrictive than the payload policy, but not a less restrictive policy. For example, with a payload value of 1.5, a user could switch to Never, but not Always Allow.
Allow Shared Photo Stream If set to false, Shared Photo Stream will be disabled.This will default to true.
Available in iOS 6.0 and later.
Allow untrusted TLS prompt When false, automatically rejects untrusted HTTPS certificates without prompting the user.
Available in iOS 5.0 and later.
Require iTunes store password for all purchases When true, forces user to enter their iTunes password for each transaction
Available in iOS 5.0 and later.
Limit ad tracking If true, limits ad tracking. Default is false
Available only in iOS 7.0 and later
Force a pairing password for Airplay outgoing requests If set to true, forces all devices receiving AirPlay requests from this device to use a pairing password. Default is false.
Available only in iOS 7.1 and later.
Force air drop unmanaged If set to true, causes AirDrop to be considered an unmanaged drop target. Defaults to false.
Available in iOS 9.0 and later.
Force watch wrist detection If set to true, a paired Apple Watch will be forced to use Wrist Detection. Defaults to false.
Available in iOS 8.2 and later.
Allow over-the-air PKI updates If false, over-the-air PKI updates are disabled. Setting this restriction to false does not disable CRL and OCSP checks. Default is true.
Available only in iOS 7.0 and later.
Ratings region This 2-letter key is used by profile tools to display the proper ratings for given region. It is not recognized or reported by the client.
Possible values:
• au: Australia
• ca: Canada
• fr: France
• de: Germany
• ie: Ireland
• jp: Japan
• nz: New Zealand
• gb: United Kingdom
• us: United States
Available in iOS and tvOS 11.3 and later
Allow content ratings
Having this checked would allow to set the maximum allowed ratings
Allowed content ratings for movies This value defines the maximum level of movie content that is allowed on the device. Possible values (with the US description of the rating level): • 1000: All • 500: NC-17 • 400: R • 300: PG-13 • 200: PG • 100: G • 0: None
Available only in iOS and tvOS 11.3 and later
Allowed content ratings for TV shows This value defines the maximum level of TV content that is allowed on the device. Possible values (with the US description of the rating level): • 1000: All • 600: TV-MA • 500: TV-14 • 400: TV-PG • 300: TV-G • 200: TV-Y7 • 100: TV-Y • 0: None
Available only in iOS and tvOS 11.3 and later.
Allowed content ratings for apps This value defines the maximum level of app content that is allowed on the device. Possible values (with the US description of the rating level): • 1000: All • 600: 17+ • 300: 12+ • 200: 9+ • 100: 4+ • 0: None
Available only in iOS 5 and tvOS 11.3 and later.
Allow enterprise app trust If set to false removes the Trust Enterprise Developer button in Settings->General->Profiles & Device Management, preventing apps from being provisioned by universal provisioning profiles. This restriction applies to free developer accounts but it does not apply to enterprise app developers who are trusted because their apps were pushed via MDM, nor does it revoke previously granted trust. Defaults to true.
Available in iOS 9.0 and later.
Show Control Center in lock screen If false, prevents Control Center from appearing on the Lock screen.
Available in iOS 7 and later.
Read unmanaged apps from managed contact accounts. If set to true, unmanaged apps can read from managed contacts accounts. Defaults to false. if allowOpenFromManagedToUnmanaged is true, this restriction has no effect. A payload that sets this to true must be installed via MDM.
Available only in iOS 12.0 and later
Allow Siri while device is locked When false, the user is unable to use Siri when the device is locked. Defaults to true. This restriction is ignored if the device does not have a passcode set.
Allow removing apps
[This key is deprecated on unsupervised devices .]
When false, disables removal of apps from iOS device. This key is deprecated on unsupervised devices.
Allow iCloud backup When false, disables backing up the device to iCloud.
Allow diagnostic submission When false, this prevents the device from automatically submitting diagnostic reports to Apple. Defaults to true.
Available only in iOS 6.0 and later.
Allow explicit content
[This key is deprecated on unsupervised devices .]
When false, explicit music or video content purchased from the iTunes Store is hidden. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store. This key is deprecated on unsupervised devices.
Available in iOS and in tvOS 11.3 and later
Allow global background fetch when roaming When false, disables global background fetch activity when an iOS phone is roaming.
Following are DEP(Supervised) only
Allow user prompted profile installation If set to false, the user is prohibitedfrom installing configuration profiles and certificates interactively. This will default to true.
Available in iOS 6.0 and later
Allow Chat When false, disables the use of iMessage with supervised devices. If the device supports text messaging, the user can still send and receive text messages
Available in iOS 6.0 and later.
Allow Cellular Plan Modification If set to false, users canʼt change any settings related to their cellular plan. Defaults to true
Available in iOS 11.0 and later.
Allow USB Restricted Mode If set to false, device will always be able to connect to USB accessories while locked. Defaults to true.
Available only in iOS 11.4.1 and later
Allow ESIM Modification If set to false, the user may not remove or add a cellular plan to the eSIM on the device. Defaults to true
Available only in iOS 12.1 and later.
Modify Personal Hotspot Modification If set to false, the user may not modify the personal hotspot setting. Defaults to true.
Available only in iOS 12.2 and later.
Automatically set Date and Time If set to true, the Date & Time “Set Automatically” feature is turned on and canʼt be turned off by the user. Defaults to false.
Note: The deviceʼs time zone will only be updated when the device can determine its location (cellular connection or wifi with location services enabled).
Available only in iOS 12.0
Allow modifying account settings If set to false, account modification is disabled.
Available only in iOS 7.0 and later.
Allow modifying cellular data app settings f set to false, changes to cellular data usage for apps are disabled.
: Available only in iOS 7.0 and later.
Allow Siri to query user-generated content from web When false, prevents Siri from querying user-generated content from the web.
Available in iOS 7 and later.
Enable iBookStore If set to false, Apple Books will be disabled. This will default to true.
Available in iOS 6.0 and later.
Enable iBookStore Erotica If set to false, the user will not be able to download media from Apple Books that has been tagged as erotica. This will default to true.
Available in iOS and in tvOS 11.3 and later.
Allow Find My Friends modification If set to false, changes to Find My Friends are disabled.
Available only in iOS 7.0 and later.
Allow use of Game Center When false, Game Center is disabled and its icon is removed from the Home screen. Default is true.
Available only in iOS 6.0 and later.
Allow Host Pairing If set to false, host pairing is disabled with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled. Host pairing lets the administrator control which devices an iOS 7 device can pair with.
Available only in iOS 7.0 and later.
Allow Enable Restrictions option If set to false, disables the ”Enable Restrictions” option in the Restrictions UI in Settings. Default is true. On iOS 12 or later, if set to false disables the ”Enable ScreenTime” option in the ScreenTime UI in Settings and disables ScreenTime if already enabled.
Available in iOS 8.0 and later.
Allow News If set to false, disables News. Defaults to true
Available in iOS 9 .0 and later.
Allow use of Podcasts If set to false, disables podcasts. Defaults to true.
Available in iOS 8.0 and later.
Allow keyboard auto-correction If set to false, disables keyboard auto-correction. Defaults to true .
Available in iOS 8.1.3 and later
Allow keyboard spell-check If set to false, disables keyboard spell-check. Defaults to true.
Available in iOS 8.1.3 and later.
Allow UI app installation When false, the App Store is disabled and its icon is removed from the Home screen. However, users may continue to use Host apps (iTunes, Configurator) to install or update their apps. Defaults to true. In iOS 10 and later, MDM commands can override this restriction.
Available in iOS 9 .0 and later
Allow keyboard shortcuts If set to false, keyboard shortcuts cannot be used. Defaults to true.
Available in iOS 9.0 and later.
Allow passcode modification If set to false, prevents the device passcode from being added, changed, or removed. Defaults to true. This restriction is ignored by shared iPads .
Available in iOS 9.0 and later.
Allow device name modification If set to false, prevents device name from being changed. Defaults to true.
Available in iOS 9.0
Allow wallpaper modification If set to false, prevents wallpaper from being changed. Defaults to true .
Available in iOS 9.0 and later.
Allow automatic app downloads If set to false, prevents automatic downloading of apps purchased on other devices. Does not affect updates to existing apps. Defaults to true.
Available in iOS 9.0 and later.
Allow radio service If set to false, Apple Music Radio is disabled. Defaults to true.
Available in iOS 9.3 and later.
Blacklisted app bundle Ids(comma separated) If present, prevents bundle IDs listed in the array from being shown or launchable. Include the value com.apple.webapp to blacklist all webclips.
Available in iOS 9.3 and later.
Whitelisted app bundle Ids(comma separated) If present, allows only bundle IDs listed in the array from being shown or launchable. Include the value com.apple.webapp to whitelist all webclips.
Available in iOS 9.3 and later
Allow diagnostic bluetooth modification If set to false, prevents modification of Bluetooth settings. Defaults to true.
Available in iOS 10.0 and later.
Allow dictation If set to false, disallows dictation input. Defaults to true.
Available only in iOS 10.3 and later
Force WiFi white listing (Warning, wrong configuration could break communication) If set to true, the device can join Wi-Fi networks only if they were set up through a configuration profile. Defaults to false.
Available only in iOS 10.3 and later.
Allow air print If set to false, disallow AirPrint. Defaults to true.
Available in iOS 11.0 and later.
Allow air print credentials storage If set to false, disallows keychain storage of username and password for Airprint. Defaults to true.
Available in iOS 11.0 and later.
Force air print trusted TLS requirement If set to true, requires trusted certificates for TLS printing communication. Defaults to false.
Available in iOS 11.0 and later.
Allow air print iBeacon discovery If set to false, disables iBeacon discovery of AirPrint printers. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Defaults to true.
Available in iOS 11.0 and later.
Allow system app removal If set to false, disables the removal of system apps from the device. Defaults to true.
Available only in iOS 11.0 and later.
Allow VPN creation If set to false, disallow the creation of VPN configurations. Defaults to true.
Available only in iOS 11.0 and later.
Allow proximity setup to new device If set to false, disables the prompt to setup new devices that are nearby . Defaults to true.
Available only in iOS 11.0 and later.
Allow installing apps When false, the App Store is disabled and its icon is removed from the Home screen. Users are unable to install or update their applications. This key is deprecated on unsupervised devices. MDM commands can override this restriction.
Available only in iOS 10 and later
Allow AirDrop If set to false, AirDrop is disabled.
Available only in iOS 7.0 and later.
Permitted Applications in Autonomous Single App Mode If present, allows apps identified by the bundle IDs listed in the array to autonomously enter Single App Mode.
Available only in iOS 7.0 and later.
Application Bundle ID:
Allow diagnostic submission modification When false, this prevents the device from automatically submitting diagnostic reports to Apple. Defaults to true.
Available only in iOS 6.0 and later.
Allow diagnostic submission modification If set to false, the diagnostic submission and app analytics settings in the Diagnostics & Usage pane in Settings cannot be modified. Defaults to true .
Available in iOS 9.3.2 and later
Allow notifications modification If set to false, notification settings cannot be modified. Defaults to true.
Available in iOS 9.3 and later.
Allow predictive keyboard If set to false, disables predictive keyboards. Defaults to true.
Available in iOS 8.1.3 and later.
Force Authentication Before Auto Fill If set to true, the user will have to authenticate before passwords or credit card information can be autofilled in Safari and Apps. If this restriction is not enforced, the user can toggle this feature in settings. Only supported on devices with FaceID or TouchID. Defaults to true.
Available only in iOS 11.0 and later
Restrictions on mac OS device
Allow macOS iCloud Bookmark sync When false, disallows macOS iCloud Bookmark sync.
Available in macOS 10 .12 and later.
Allow macOS Mail iCloud services When false, disallows macOS Mail iCloud services.
Available in macOS 10 .12 and later
Allow macOS Mail iCloud Calender services When false, disallows macOS iCloud Calendar services.
Available in macOS 10.12 and later.
Allow macOS Mail iCloud Reminder services When false, disallows iCloud Reminder services.
Available in macOS 10 .12 and later.
Allow macOS Mail iCloud Address Book services
Available in macOS 10.12 and later.
Allow macOS Mail iCloud Notes services When false, disallows macOS iCloud Notes services.
Available in macOS 10.12 and later.
Allow content caching When false, this disallows content caching. Defaults to true.
Available only in macOS 10.13 and later.
Allow iTunes application file sharing When false, iTunes application file sharing services are disabled.
Available in macOS 10.13 and later.
Publish a policy in Policy description page gives a brief description how a policy is published.