Skip to content
Last update: 2022-04-14

Restrictions configuration (iOS user policy)

The Restrictions configuration lets you configure restrictions for Apple User Enrollment devices.

Device

Setting Description
Allow Siri If the check box is cleared, users cannot use Siri, voice commands, or dictation.
Allow Siri while device is locked If the check box is cleared, users must unlock their devices by entering their password before they use Siri.
Allow Control Center on lock screen If the check box is cleared, the Control Center is unavailable when the device screen is locked.
Allow Notification Center on lock screen If the check box is cleared, the Notification Center is unavailable when the device screen is locked.
Allow Today view on lock screen If the check box is cleared, the Today view is unavailable when the device screen is locked.
Allow screen capture Users can take a screenshot of the display.
Force Wrist Detection A paired Apple Watch must use Wrist Detection.
Force pairing password for outgoing AirPlay requests Other devices receiving an AirPlay request from this device must use a pairing password.

Company data

Setting Description
Allow documents to be shared only within managed apps/accounts This restricts the opening of documents with apps or accounts managed by Sophos Mobile, for example a corporate email account.

If users have an email account managed by Sophos Mobile and apps managed by Sophos Mobile on their devices, attachments from the managed email account can only be opened with managed apps.

In this way you can prevent corporate documents from being opened in unmanaged apps.

If you turn this setting off, the next two settings are disabled. Contacts from managed accounts can be shared with unmanaged apps.

Allow unmanaged apps to read contacts from managed accounts Unmanaged apps can read contacts from managed accounts.
Allow documents to be shared only within unmanaged apps/accounts This restricts the opening of documents with apps/accounts not managed by Sophos Mobile, for example a private email account.

If users have an email account and apps not managed by Sophos Mobile on their devices, attachments from the unmanaged email account can only be opened with unmanaged apps.

In this way you can prevent personal documents from being opened in managed apps.

Allow backup for enterprise books Enterprise books are backed up.
Allow enterprise books notes and highlights sync Enterprise books notes and highlights are synchronized.
Allow managed apps to sync with iCloud Managed apps can use iCloud synchronization.
Force AirDrop documents to be used as unmanaged documents AirDrop is considered an unmanaged drop target.

Applications

Setting Description
Force encrypted backups Users must encrypt backups in iTunes.
Force fraud warning The Safari security setting to warn the user when they visit a suspected phishing website is always turned on.

Security and privacy

Setting Description
Allow diagnostic data to be sent to Apple If the check box is cleared, diagnostic information is not sent to Apple.
Back to top