Restrictions configuration (iOS user policy)

The Restrictions configuration lets you configure restrictions for Apple User Enrollment devices.

Device

Setting

Description

Allow Siri

If the check box is cleared, users cannot use Siri, voice commands, or dictation.

Allow Siri while device is locked

If the check box is cleared, users must unlock their devices by entering their password before they use Siri.

Allow Control Center on lock screen

If the check box is cleared, the Control Center is unavailable when the device screen is locked.

Allow Notification Center on lock screen

If the check box is cleared, the Notification Center is unavailable when the device screen is locked.

Allow Today view on lock screen

If the check box is cleared, the Today view is unavailable when the device screen is locked.

Allow screen capture

Users can take a screenshot of the display.

Force Wrist Detection

A paired Apple Watch must use Wrist Detection.

Force pairing password for outgoing AirPlay requests

Other devices receiving an AirPlay request from this device must use a pairing password.

Company data

Setting

Description

Allow documents to be shared only within managed apps/accounts

This restricts the opening of documents with apps or accounts managed by Sophos Mobile, for example a corporate email account.

If users have an email account managed by Sophos Mobile and apps managed by Sophos Mobile on their devices, attachments from the managed email account can only be opened with managed apps.

In this way you can prevent corporate documents from being opened in unmanaged apps.

If you turn this setting off, the next two settings are disabled. Contacts from managed accounts can be shared with unmanaged apps.

Allow unmanaged apps to read contacts from managed accounts

Unmanaged apps can read contacts from managed accounts.

Allow documents to be shared only within unmanaged apps/accounts

This restricts the opening of documents with apps/accounts not managed by Sophos Mobile, for example a private email account.

If users have an email account and apps not managed by Sophos Mobile on their devices, attachments from the unmanaged email account can only be opened with unmanaged apps.

In this way you can prevent personal documents from being opened in managed apps.

Allow backup for enterprise books

Enterprise books are backed up.

Allow enterprise books notes and highlights sync

Enterprise books notes and highlights are synchronized.

Allow managed apps to sync with iCloud

Managed apps can use iCloud synchronization.

Force AirDrop documents to be used as unmanaged documents

AirDrop is considered an unmanaged drop target.

Applications

Setting

Description

Force encrypted backups

Users must encrypt backups in iTunes.

Force fraud warning

The Safari security setting to warn the user when they visit a suspected phishing website is always turned on.

Security and privacy

Setting

Description

Allow diagnostic data to be sent to Apple

If the check box is cleared, diagnostic information is not sent to Apple.