iOS Policies Using Apple Configurator
iOS-Policies
- Create policy configuration
- Create passcode policies
- Restricting app usage – Add apps to the deny or allow list
Create policy configuration
Depending on the setup method, you have different policies available.
- If you want to create a new policy for iOS/iPadOS, first proceed as described here.
- Select iOS/iPadOS as the policy you want to add.
- You can use the filter to display the existing policies, depending on the enrollment method. The Reset to defaults button resets all changes you have made to the default settings.
Note! Select the Device Enrollment filter if you are using devices that were embedded via Device Enrollment but are not supervised. For supervised devices that have been embedded via Device Enrollment, use the Supervised Devices filter. For devices embedded via ADE, also select the Supervised Devices filter. User Enrollment is selected when using private iOS devices.
- First enter a name for the policy in the field below as well as an description (upper arrow in illus.).
- Now, select the desired option(s), in the example, the checkbox Allow iTunes Store has been disabled (lower arrow in illus.).
Note! For information on the content of the specific policies, refer to the Apple manual. You can also find information about new policies from iOS 16 here.
- Select the appropriate policy and click on Assign.
- Now select the users, groups or devices to whom you would like to assign the policy.
Note! When assigning directives, be sure to follow the instructions in our Help article Special conditions when assigning multiple policies.
Note! You can also assign the policies under Administration→ Users or Groups.
- The outcome in the example: The apps iTunes Store will be deactivated on the device.
Note! On iOS Supervised Devices the users don’t need to confirm the installation of apps pushed.
Create passcode policies
Here you can define the criteria according to which a device passcode may be created by users (see illus.). As soon as you set a check mark in the Force passcode checkbox, the selection of a minimum passcode length, a maximum passcode age, a maximum number of failed attempts and a passcode history is mandatory.
Note! Please note that for devices registered via User Enrollment, a six-digit passcode must be used by the user when selecting Force passcode, regardless of the criteria you have specified.
Restricting app usage – Add apps to the deny or allow list
Note! You can also find detailed information on this in our help article How to place default iOS apps on the deny list or allow list .
- The Restrict App Usage option allows you to restrict access to apps from the App Store.
- Select whether you want to prohibit certain apps (Do not allow some apps) or whether you want to allow only certain apps (Only allow some apps).
- For this purpose, click on Search (lower arrow in illus.) to search for the desired app in the app store and then select Add. The corresponding Bundle ID will then be automatically inserted under Application Bundle IDs (upper arrow in illus.).
- Select the appropriate policy and click on Assign.
- Now select the users, groups or devices to whom you would like to assign the policy.
Note! When assigning directives, be sure to follow the instructions in our Help article Special conditions when assigning multiple policies.
Note! You can also assign the policies under Administration→ Users or Groups.
- The outcome in the example: The Game Center app has been disabled on the device. Although the Facebook app can be downloaded from the app store, it is nonetheless disabled on the device (and not visible to the user).
iOS Policies Using Apple Configurator
If you select this option, you can import iOS policies which you configure with Apple Configurator.
- Then upload the file (*.mobileconfig) by clicking on Select File.
- Select the appropriate policy and click on Assign.
- Now select the users, groups or devices to whom you would like to assign the policy.
Note! You can also assign the policies under Administration→ Users or Groups.
Note! If you create multiple configuration profiles and assign them to different users, groups or devices, all profiles will be used. The special features of assigning multiple policies do not apply in this case.