Restrictions configuration (iOS device profile)

With the Restrictions configuration you define restrictions for devices.

Device

Setting/Field Description
Allow app installation If the check box is cleared, the App Store is unavailable and its icon is removed from the Home screen. Users cannot install or update apps from the App Store, iTunes or Apple Configurator.
Allow app installation from device UI If the check box is cleared, the App Store is unavailable and its icon is removed from the Home screen. Users can still install or update apps from iTunes or Apple Configurator.
Allow use of camera If the check box is cleared, the camera is unavailable and the Camera icon is removed from the Home screen. Users cannot take pictures, record videos, or use FaceTime.
Allow FaceTime Users can place or receive FaceTime video calls.
Allow screen capture Users can take a screenshot of the display.
Allow automatic sync while roaming If the check box is cleared, devices that are roaming will only sync when the user accesses an account.
Allow Siri If the check box is cleared, users cannot use Siri, voice commands, or dictation.
Allow Siri while device is locked If the check box is cleared, users must unlock their devices by entering their password before they use Siri.
Allow Siri querying content from the web If the check box is cleared, Siri does not query content from the web.
Force Siri explicit language filter If the check box is cleared, the Siri filter for explicit language is not enforced on the device.
Allow voice dialing while device is locked If the check box is cleared, users cannot dial by using voice commands when the device is locked by a password.
Note: If the user has not configured a device password, voice dialing is always allowed.
Allow Passbook while device is locked Passbook notifications are displayed when the device is locked.
Allow in-app purchase Users can make in-app purchases.
Force user to enter store password for all purchases Users must enter their Apple ID password to make any purchase.

If the check box is cleared, there is a brief grace period during which users can make subsequent purchases without having to enter their password again.

Allow multiplayer gaming Users can play multi-player games in Game Center.
Allow Game Center If the check box is cleared, Game Center is unavailable.
Allow adding Game Center friends Users can add friends in Game Center.
Allow find my friends modification If the check box is cleared, modifications to the Find my Friends app are unavailable.
Allow host pairing If the check box is cleared, host pairing is turned off with the exception of the supervision host. If no supervision host certificate is configured, all pairing is turned off.
Allow pairing with Apple Watch If the check box is cleared, users cannot pair the device with an Apple Watch. Any currently paired Apple Watch is unpaired.
Allow AirDrop Content sharing with AirDrop is turned on.
Allow Control Center on lock screen If the check box is cleared, the Control Center is unavailable when the device screen is locked.
Allow Notification Center on lock screen If the check box is cleared, the Notification Center is unavailable when the device screen is locked.
Allow Today view on lock screen If the check box is cleared, the Today view is unavailable when the device screen is locked.
Allow News The News app is available.
Allow over-the-air PKI updates Over-the-air PKI updates are possible.
Allow iBooks Store Users can purchase books in iBooks.
Allow explicit sexual content in iBooks Store If the check box is cleared, explicit sexual content through iBooks Store is blocked.
Allow user to install configuration profiles Users can install configuration profiles.
Allow iMessage Users can use iMessage to send or receive text messages.
Allow app removal Users can remove apps from the device.
Allow erase all contents and settings If the check box is cleared, the Erase all Content And Settings option in the Reset UI is unavailable.
Allow internet search result for Spotlight If the check box is cleared, Spotlight does not return internet search results.
Allow enabling of restrictions option If the check box is cleared, the Enable Restrictions option in the Reset UI is unavailable.
Allow Handoff Users can use the Apple Continuity feature Handoff. With Handoff, users can start to work on a document, email or message on one device and continue from another device.
Allow device name modification Users can change the device name.
Allow wallpaper modification Users can change the wallpaper.
Allow keyboard shortcuts Users can use keyboard shortcuts.
Allow automatic app download If the check box is cleared, the automatic downloading of apps purchased on other devices is turned off. This does not affect updates to existing apps.
Allow Apple Music Users can access the Apple Music library.
Allow Apple Music Radio Users can access Apple Music Radio.
Allow modification of Bluetooth settings Users can modify the Bluetooth settings.

Company data

Setting/Field Description
Allow documents to be shared only within managed apps/accounts With this setting you define a restriction on opening documents with apps or accounts (for example a company email account) managed by Sophos Mobile Control.

If users have an email account managed by Sophos Mobile Control and apps managed by Sophos Mobile Control on their devices, attachments from the managed email account can only be opened with managed apps. In this way you can prevent corporate documents from being opened in unmanaged apps.

Allow documents to be shared only within unmanaged apps/accounts With this setting you define a restriction on opening documents with apps/accounts (for example a private email account) not managed by Sophos Mobile Control.

If users have an email account and apps not managed by Sophos Mobile Control on their devices, attachments from the unmanaged email account can only be opened with unmanaged apps. In this way you can prevent personal documents from being opened in managed apps.

Force AirDrop documents to be used as unmanaged documents AirDrop is considered an unmanaged drop target.
Allow managed apps to sync with iCloud Managed apps can use iCloud synchronization.
Allow backup for enterprise books Enterprise books are backed up.
Allow enterprise books notes and highlights sync Enterprise books notes and highlights are synchronized.

Applications

Setting/Field Description
Allow use of the iTunes Store If the check box is cleared, the iTunes Store is unavailable and its icon is removed from the Home screen. Users cannot preview, purchase or download content.
Allow use of Safari If the check box is cleared, the Safari web browser is unavailable and its icon is removed from the Home screen. This also prevents users from opening web clips.
Enable auto-fill If the check box is cleared, Safari does not auto-fill web forms with previously entered information.
Block pop-ups The Safari pop-up blocker is turned on.
Allow JavaScript in browser Web pages can execute JavaScript code on the device.
Accept cookies In this field, you specify if cookies will be accepted:
  • Always
  • Never
  • From visited sites
Allow modification of cellular data usage per app Users can change the cellular data usage per app.
Allowed apps / Forbidden apps You can specify either Allowed apps or Forbidden apps. Select the desired option from the first list and then select the app group containing the apps that should be allowed or forbidden from the second list. For information on creating app groups, see App groups.

iCloud

Setting/Field Description
Allow backup Users can back up their devices to iCloud.
Allow document sync Users can store documents in iCloud.
Allow Photo Stream If the check box is cleared, users cannot turn on Photo Stream.
Note: If you install a configuration profile that restricts the use of Photo Stream, Photo Stream photos are removed from the device. Photos are not sent from the Camera Roll to Photo Stream. If there are no further copies of these photos, they are lost.
Allow iCloud Photo Library Users can use the iCloud Photo Library.
Allow shared photo streams Users can invite others to view their photo streams and can view photo streams shared by others.
Allow keychain sync The Keychain feature of iCloud for synchronizing passwords across different iOS and OS X devices is available.

Security and privacy

Setting/Field Description
Allow diagnostic data to be sent to Apple If the check box is cleared, iOS diagnostic information is not sent to Apple.
Allow user to accept untrusted TLS certificates If the check box is cleared, users are not asked if they want to trust certificates that cannot be verified. This setting applies to Safari and to Mail Contacts and Calendar accounts.
Trust enterprise apps Enterprise apps are trusted.
Allow password modification Users can add, change or remove the device password.
Allow account modification If the check box is cleared, users cannot modify accounts. The Accounts menu is unavailable.
Allow Touch ID to unlock device If the check box is cleared, the device cannot be unlocked by Touch ID.
Force limit ad-tracking Anonymous user data apps used for targeting ads are no longer provided.
Force encrypted backups Users must encrypt backups in iTunes.

Content ratings

Setting/Field Description
Allow explicit music and podcasts If the check box is cleared, explicit music or video content is hidden in the iTunes Store. Explicit content is flagged by content providers, for example record labels, when listed on the iTunes Store.