| Policy | Function | Supervised Device | User Enrollment | Device Enrollment (deprecated) |
|---|---|---|---|---|
| AirPrint | ||||
| Allow AirPrint | On/Off | x | ||
| Allow storage of AirPrint credentials in Keychain | On/Off | x | ||
| Disallow AirPrint to destinations with untrusted certificates | On/Off | x | ||
| Allow discovery of AirPrint printers using iBeacons | On/Off | x | ||
| Apps | ||||
| Allow use of iTunes Store | On/Off | x | ||
| Allow installing apps | On/Off | x | ||
| Allow installing apps using App Store | On/Off | x | ||
| Allow automatic app downloads | On/Off | x | ||
| Allow removing apps | On/Off | x | ||
| Allow in-app purchase | On/Off | x | x | |
| Allow trusting new enterprise app authors | On/Off | x | x | |
| Allow playback of explicit music, podcast & iTunes U media | On/Off | x | ||
| Allow explicit sexual content in Apple Books | On/Off | x | x | |
| Allow app clips | On/Off | x | ||
| Autonomous Single App Mode (Bundle ID) | Select ID | x | ||
| Restrict App Usage (Allow all apps, Do not allow some apps, Only allow some apps) | Selection | x | ||
| Authentication | ||||
| Allow modifying Touch ID fingerprints / Face ID faces | On/Off | x | ||
| Allow password AutoFill | On/Off | x | ||
| Allow proximity based password sharing requests | On/Off | x | ||
| Allow password sharing | On/Off | x | ||
| Require Touch ID / Face ID authentication before AutoFill | On/Off | x | ||
| Allow users to accept untrusted TLS certificates | On/Off | x | x | |
| Require iTunes Store password for all purchases | On/Off | x | x | |
| Require passcode on first AirPlay pairing | On/Off | x | x | x |
| Data and Container Protection | ||||
| Allow installing configuration profiles | On/Off | x | ||
| Allow AirDrop | On/Off | x | ||
| Treat AirDrop as unmanaged destination | On/Off | x | x | x |
| Allow iCloud Photos | On/Off | x | x | |
| Allow iCloud Private Relay | On/Off | x | ||
| Allow managed apps to write to unmanaged contacts | On/Off | x | x | |
| Allow unmanaged apps to read from managed contacts | On/Off | x | x | x |
| Allow documents from managed sources in unmanaged destinations | On/Off | x | x | x |
| Allow documents from unmanaged sources in managed destinations | On/Off | x | x | x |
| Force managed Copy and Paste | On/Off | x | x | x |
| Allow managed apps to store data in iCloud | On/Off | x | x | x |
| Allow network drive access in Files app | On/Off | x | ||
| Allow USB drive access in Files app | On/Off | x | ||
| Force translation on device | On/Off | x | x | x |
| Force dictation on the device | On/Off | x | x | x |
| Allow personalized ads delivered by Apple | On/Off | x | x | x |
| Allow Mail Privacy Protection | On/Off | x | x | x |
| Device | ||||
| Allow modifying device name | On/Off | x | ||
| Force automatic date and time | On/Off | x | ||
| Allow modifying account settings | On/Off | x | ||
| Allow Erase All Content and Settings | On/Off | x | ||
| Force Wi-Fi power on | On/Off | x | ||
| Join only Wi-Fi networks installed by a Wi-Fi payload | On/Off | x | ||
| Allow modifying cellular data app settings | On/Off | x | ||
| Allow modifying cellular plan settings | On/Off | x | ||
| Allow modifying eSIM settings | On/Off | x | ||
| Allow adding VPN configurations | On/Off | x | ||
| Allow modifying Bluetooth settings | On/Off | x | ||
| Disallow USB accessories while device is locked | On/Off | x | ||
| Allow screenshots and screen recording | On/Off | x | x | x |
| Allow Classroom to perform AirPlay and View Screen without prompting | On/Off | x | ||
| Force encrypted backups | On/Off | x | x | x |
| Allow voice dialing while device is locked | On/Off | x | x | |
| Force limited ad tracking | On/Off | x | x | |
| Allow Handoff | On/Off | x | x | |
| Force Apple Watch wrist detection | On/Off | x | x | x |
| Allow modifying Find My Friends settings | On/Off | x | ||
| Allow "Find My Devices" | On/Off | x | ||
| Allow "Find My Friends" | On/Off | x | ||
| Allow pairing with non-Configurator hosts | On/Off | x | ||
| Allow pairing with Apple Watch | On/Off | x | ||
| Allow setting up new nearby devices | On/Off | x | ||
| Allow NFC | On/Off | x | ||
| Allow modifying Personal Hotspot settings | On/Off | x | ||
| Allow putting into recovery mode from an unpaired device | On/Off | x | ||
| Shared iPad | ||||
| Quota size for each user | Input in MB | x | ||
| Expected number of users | Enter number | x | ||
| User session timeout | Input in sec. | x | ||
| Grace period for online authentication | Input in days | x | ||
| Allow temporary sessions | On/Off | x | ||
| Temporary sessions only | On/Off | x | ||
| Temporary session timeout (seconds) | Input in sec. | x | ||
| Show default domains in login screen | enter domains | x | ||
| Wallpaper | ||||
| Allow modifying Wallpaper | On/Off | x | ||
| Use custom wallpaper | Upload image | x | ||
| Use wallpaper for Home screen | On/Off | x | ||
| Use wallpaper for Lock screen | On/Off | x | ||
| Kiosk Mode | ||||
| Kiosk Mode | On/Off | x | ||
| Bundle ID | Select ID | x | ||
| Lock Screen | ||||
| Show Control Center in Lock screen | On/Off | x | x | x |
| Show Notification Center in Lock screen | On/Off | x | x | x |
| Show Today view in Lock screen | On/Off | x | x | x |
| Allow Touch ID / Face ID to unlock device | On/Off | x | x | |
| Allow Wallet notifications in Lock screen | On/Off | x | x | |
| OS Updates | ||||
| Allow over-the-air PKI updates | On/Off | x | x | |
| Defer software updates for … days (1-90) | Enter value | x | ||
| Force automatic OS updates (start, end, delay days) | Enter value | x | ||
| Allow installation of rapid security responses | On/Off | x | ||
| Allow removal of rapid security responses | On/Off | x | ||
| Passcode | ||||
| Allow modifying passcode | On/Off | x | ||
| Force passcode | On/Off | x | x | x |
| Require alphanumeric value | On/Off | x | ||
| Allow simple value | Enter value | x | ||
| Minimum number of complex characters | Enter value | x | ||
| Minimum passcode length | Enter value | x | ||
| Automatic lock time (min.) | Enter value | x | ||
| Maximum grace period for device lock | Enter value | x | ||
| Passcode validity (1-730 days, or none) | Enter value | x | ||
| Maximum number of failed logins | Enter value | x | ||
| Passcode history (1-50, or none) | Enter value | x | ||
| Safari | ||||
| Allow use of Safari | On/Off | x | ||
| Enable AutoFill | On/Off | x | ||
| Force fraud warning | On/Off | x | x | x |
| Enable JavaScript | On/Off | x | x | |
| Allow pop-ups | On/Off | x | x | |
| Accept cookies (always, from current website only, never) | Selection | x | x | |
| Siri | ||||
| Allow Siri | On/Off | x | x | x |
| Enable Siri profanity filter | On/Off | x | ||
| Show user-generated content in Siri | On/Off | x | ||
| Allow Siri while device is locked | On/Off | x | x | x |
| Synchronization | ||||
| Allow automatic sync while roaming | On/Off | x | x | |
| Allow sending diagnostic and usage data to Apple | On/Off | x | x | x |
| Allow modifying diagnostics settings | On/Off | x | ||
| Allow iCloud backup | On/Off | x | ||
| Allow iCloud documents & data | On/Off | x | ||
| Allow iCloud Keychain | On/Off | x | x | |
| Allow backup of enterprise books | On/Off | x | x | x |
| Allow notes and highlights sync for enterprise books | On/Off | x | x | |
| Allow My Photo Stream (disallowing can cause data loss) | On/Off | x | x | |
| Allow Shared Albums | On/Off | x | x | |
| System Apps | ||||
| Allow use of camera | On/Off | x | ||
| Allow FaceTime | On/Off | x | ||
| Allow use of Game Center | On/Off | x | ||
| Allow adding Game Center friends | On/Off | x | ||
| Allow multiplayer gaming | On/Off | x | ||
| Allow Apple Books | On/Off | x | ||
| Allow iMessage | On/Off | x | ||
| Allow Apple Music | On/Off | x | ||
| Allow Radio | On/Off | x | ||
| Allow use of News | On/Off | x | ||
| Allow use of Podcasts | On/Off | x | ||
| Allow removing system apps | On/Off | x | ||
| Usability | ||||
| Allow auto correction | On/Off | x | ||
| Allow define | On/Off | x | ||
| Allow spell check | On/Off | x | ||
| Allow modifying notification settings | On/Off | x | ||
| Allow keyboard shortcuts | On/Off | x | ||
| Allow continuous path keyboard | On/Off | x | ||
| Allow predictive keyboard | On/Off | x | ||
| Allow dictation | On/Off | x | ||
| Allow Screen Time | On/Off | x | ||
| Allow Spotlight Internet Results | On/Off | x | x |