Skip to content

Restrictions configuration (Windows policy)


This configuration doesn’t apply to Windows Pro or Windows Home.

With the Restrictions configuration, you define restrictions for Windows computers.


Setting Description
Forbid SD card Users can’t access the storage card.
Forbid manual addition of non-Microsoft email accounts Users can’t add mail accounts, including Exchange, Microsoft 365, and accounts.
Forbid developer mode This setting turns off Windows developer mode.
Forbid camera This setting turns off the Windows Privacy setting Let apps use my camera.
Disable Edge autofill

This setting turns off the Save form entries setting in the Edge web browser.

Clear the check box to turn on Save form entries.

In both cases, users can’t change the setting.

Disable Edge F12 Developer Tools This setting disables the F12 Developer Tools in the Edge web browser.
Disable Edge pop-up blocker

This setting turns off the Block pop-ups setting in the Edge web browser.

Clear the check box to turn on Block pop-ups.

In both cases, users can’t change the setting.

Disable AutoPlay settings

These settings disable Windows Control Panel sections.

Note that the Disable AutoPlay settings setting doesn’t affect connected devices like mobile phones.

Disable Date & Time settings
Disable Language settings
Disable Power & Sleep settings
Disable Region settings
Disable Sign-in settings
Disable VPN settings
Disable Workplace settings
Disable Account settings
Telemetry level

This setting sets the amount of diagnostic and usage data that Windows sends to Microsoft.

  • Full: All data required to identify and analyze issues.
  • Enhanced: Data about how Windows and apps are used and how they perform.
  • Basic: A limited set of data that is critical for understanding the device and its configuration.
  • Security: Information that is required to keep the device protected with the latest security updates.

Levels are cumulative from bottom to top. For example, Enhanced includes all data from Basic and Security.

For detailed information on telemetry levels, see Configure Windows diagnostic data in your organization.


Setting Description
Forbid Cortana This setting turns off Cortana.
Forbid “Sync my settings” Users can’t synchronize device settings with other Windows computers.
Disable Windows tips This setting turns off the Windows notification setting Show me tips about Windows.


Setting Description
Forbid internet sharing This setting turns off Internet Connection Sharing (ICS).
Forbid Wi-Fi Sense (hotspot auto-connect) Devices can’t automatically connect to Wi-Fi hotspots.
Forbid manual configuration

Users can’t add Wi-Fi connections.

When the policy is applied, existing user-configured and Wi-Fi Sense Wi-Fi profiles are deleted.


Setting Description
Forbid Bluetooth This setting turns off Bluetooth.

Security and privacy

Setting Description
Forbid use of location when searching The search can’t use location information.


Setting Description
Forbid manual MDM unenrollment Users can’t delete the workplace account.