Restrictions configuration (Windows policy)

With the Restrictions configuration you define restrictions for devices.

Device

Setting/Field

Description

Forbid SD card

Users cannot access the storage card. This does not prevent apps from accessing the storage card.

Forbid manual addition of non-Microsoft email accounts

Forbids adding all types of email accounts, as well as Exchange, Office 365 and Outlook.com accounts.

Forbid developer mode

The Windows developer mode is turned off.

Forbid camera

The Privacy setting Let apps use my camera is turned off.

Disable Edge autofill

The Save form entries setting in the Edge web browser is turned off and cannot be turned on by the user.

If the check box is cleared, the setting is turned on and cannot be turned off by the user.

Disable Edge F12 Developer Tools

The F12 Developer Tools of the Edge web browser are unavailable.

Disable Edge pop-up blocker

The Block pop-ups setting in the Edge web browser is turned off and cannot be turned on by the user.

If the check box is cleared, the setting is turned on and cannot be turned off by the user.

Disable AutoPlay settings

The relevant sections of the Windows Control Panel are unavailable. The user cannot change any of these settings after the policy has been assigned to the device.
Note Disable AutoPlay settings does not affect connected devices, like for example mobile phones.

Disable Date & Time settings

Disable Language settings

Disable Power & Sleep settings

Disable Region settings

Disable Sign-in settings

Disable VPN settings

Disable Workplace settings

Disable Account settings

Telemetry level

The amount of Windows diagnostic and usage data that devices are allowed to send.
  • Full: All data required to identify and analyze issues.
  • Enhanced: Data about how Windows and apps are used and how they perform.
  • Basic: A limited set of data that’s critical for understanding the device and its configuration.
  • Security: Information that is required to keep the device protected with the latest security updates.
Note Levels are cumulative from bottom to top, e.g. Enhanced includes all data from Basic and Security.
Tip For detailed information on the telemetry levels, see the Microsoft article Configure Windows telemetry in your organization (external link).

Various

Setting/Field

Description

Forbid Cortana

Cortana is turned off.

Forbid "Sync my settings"

Device settings cannot be synchronized to and from other Windows devices.

Disable Windows tips

The Windows notification setting Show me tips about Windows is cleared and unavailable.

Wi-Fi

Setting/Field

Description

Forbid internet sharing

Internet Connection Sharing (ICS) is turned off.

Forbid Wi-Fi Sense (hotspot auto-connect)

The device does not automatically connect to Wi-Fi hotspots.

Connectivity

Setting/Field

Description

Forbid Bluetooth

Bluetooth is turned off.

Security and privacy

Setting/Field

Description

Forbid use of location when searching

The search cannot utilize location information.

Unenrollment

Setting/Field

Description

Forbid manual MDM unenrollment

Users cannot delete the workplace account.