Policy | Function | Supervised Device | User Enrollment | Device Enrollment (deprecated) |
---|---|---|---|---|
AirPrint | ||||
Allow AirPrint | On/Off | x | ||
Allow storage of AirPrint credentials in Keychain | On/Off | x | ||
Disallow AirPrint to destinations with untrusted certificates | On/Off | x | ||
Allow discovery of AirPrint printers using iBeacons | On/Off | x | ||
Apps | ||||
Allow use of iTunes Store | On/Off | x | ||
Allow installing apps | On/Off | x | ||
Allow installing apps using App Store | On/Off | x | ||
Allow automatic app downloads | On/Off | x | ||
Allow removing apps | On/Off | x | ||
Allow in-app purchase | On/Off | x | x | |
Allow trusting new enterprise app authors | On/Off | x | x | |
Allow playback of explicit music, podcast & iTunes U media | On/Off | x | ||
Allow explicit sexual content in Apple Books | On/Off | x | x | |
Allow app clips | On/Off | x | ||
Autonomous Single App Mode (Bundle ID) | Select ID | x | ||
Restrict App Usage (Allow all apps, Do not allow some apps, Only allow some apps) | Selection | x | ||
Authentication | ||||
Allow modifying Touch ID fingerprints / Face ID faces | On/Off | x | ||
Allow password AutoFill | On/Off | x | ||
Allow proximity based password sharing requests | On/Off | x | ||
Allow password sharing | On/Off | x | ||
Require Touch ID / Face ID authentication before AutoFill | On/Off | x | ||
Allow users to accept untrusted TLS certificates | On/Off | x | x | |
Require iTunes Store password for all purchases | On/Off | x | x | |
Require passcode on first AirPlay pairing | On/Off | x | x | x |
Data and Container Protection | ||||
Allow installing configuration profiles | On/Off | x | ||
Allow AirDrop | On/Off | x | ||
Treat AirDrop as unmanaged destination | On/Off | x | x | x |
Allow iCloud Photos | On/Off | x | x | |
Allow iCloud Private Relay | On/Off | x | ||
Allow managed apps to write to unmanaged contacts | On/Off | x | x | |
Allow unmanaged apps to read from managed contacts | On/Off | x | x | x |
Allow documents from managed sources in unmanaged destinations | On/Off | x | x | x |
Allow documents from unmanaged sources in managed destinations | On/Off | x | x | x |
Force managed Copy and Paste | On/Off | x | x | x |
Allow managed apps to store data in iCloud | On/Off | x | x | x |
Allow network drive access in Files app | On/Off | x | ||
Allow USB drive access in Files app | On/Off | x | ||
Force translation on device | On/Off | x | x | x |
Force dictation on the device | On/Off | x | x | x |
Allow personalized ads delivered by Apple | On/Off | x | x | x |
Allow Mail Privacy Protection | On/Off | x | x | x |
Device | ||||
Allow modifying device name | On/Off | x | ||
Force automatic date and time | On/Off | x | ||
Allow modifying account settings | On/Off | x | ||
Allow Erase All Content and Settings | On/Off | x | ||
Force Wi-Fi power on | On/Off | x | ||
Join only Wi-Fi networks installed by a Wi-Fi payload | On/Off | x | ||
Allow modifying cellular data app settings | On/Off | x | ||
Allow modifying cellular plan settings | On/Off | x | ||
Allow modifying eSIM settings | On/Off | x | ||
Allow adding VPN configurations | On/Off | x | ||
Allow modifying Bluetooth settings | On/Off | x | ||
Disallow USB accessories while device is locked | On/Off | x | ||
Allow screenshots and screen recording | On/Off | x | x | x |
Allow Classroom to perform AirPlay and View Screen without prompting | On/Off | x | ||
Force encrypted backups | On/Off | x | x | x |
Allow voice dialing while device is locked | On/Off | x | x | |
Force limited ad tracking | On/Off | x | x | |
Allow Handoff | On/Off | x | x | |
Force Apple Watch wrist detection | On/Off | x | x | x |
Allow modifying Find My Friends settings | On/Off | x | ||
Allow "Find My Devices" | On/Off | x | ||
Allow "Find My Friends" | On/Off | x | ||
Allow pairing with non-Configurator hosts | On/Off | x | ||
Allow pairing with Apple Watch | On/Off | x | ||
Allow setting up new nearby devices | On/Off | x | ||
Allow NFC | On/Off | x | ||
Allow modifying Personal Hotspot settings | On/Off | x | ||
Allow putting into recovery mode from an unpaired device | On/Off | x | ||
Shared iPad | ||||
Quota size for each user | Input in MB | x | ||
Expected number of users | Enter number | x | ||
User session timeout | Input in sec. | x | ||
Grace period for online authentication | Input in days | x | ||
Allow temporary sessions | On/Off | x | ||
Temporary sessions only | On/Off | x | ||
Temporary session timeout (seconds) | Input in sec. | x | ||
Show default domains in login screen | enter domains | x | ||
Wallpaper | ||||
Allow modifying Wallpaper | On/Off | x | ||
Use custom wallpaper | Upload image | x | ||
Use wallpaper for Home screen | On/Off | x | ||
Use wallpaper for Lock screen | On/Off | x | ||
Kiosk Mode | ||||
Kiosk Mode | On/Off | x | ||
Bundle ID | Select ID | x | ||
Lock Screen | ||||
Show Control Center in Lock screen | On/Off | x | x | x |
Show Notification Center in Lock screen | On/Off | x | x | x |
Show Today view in Lock screen | On/Off | x | x | x |
Allow Touch ID / Face ID to unlock device | On/Off | x | x | |
Allow Wallet notifications in Lock screen | On/Off | x | x | |
OS Updates | ||||
Allow over-the-air PKI updates | On/Off | x | x | |
Defer software updates for … days (1-90) | Enter value | x | ||
Force automatic OS updates (start, end, delay days) | Enter value | x | ||
Allow installation of rapid security responses | On/Off | x | ||
Allow removal of rapid security responses | On/Off | x | ||
Passcode | ||||
Allow modifying passcode | On/Off | x | ||
Force passcode | On/Off | x | x | x |
Require alphanumeric value | On/Off | x | ||
Allow simple value | Enter value | x | ||
Minimum number of complex characters | Enter value | x | ||
Minimum passcode length | Enter value | x | ||
Automatic lock time (min.) | Enter value | x | ||
Maximum grace period for device lock | Enter value | x | ||
Passcode validity (1-730 days, or none) | Enter value | x | ||
Maximum number of failed logins | Enter value | x | ||
Passcode history (1-50, or none) | Enter value | x | ||
Safari | ||||
Allow use of Safari | On/Off | x | ||
Enable AutoFill | On/Off | x | ||
Force fraud warning | On/Off | x | x | x |
Enable JavaScript | On/Off | x | x | |
Allow pop-ups | On/Off | x | x | |
Accept cookies (always, from current website only, never) | Selection | x | x | |
Siri | ||||
Allow Siri | On/Off | x | x | x |
Enable Siri profanity filter | On/Off | x | ||
Show user-generated content in Siri | On/Off | x | ||
Allow Siri while device is locked | On/Off | x | x | x |
Synchronization | ||||
Allow automatic sync while roaming | On/Off | x | x | |
Allow sending diagnostic and usage data to Apple | On/Off | x | x | x |
Allow modifying diagnostics settings | On/Off | x | ||
Allow iCloud backup | On/Off | x | ||
Allow iCloud documents & data | On/Off | x | ||
Allow iCloud Keychain | On/Off | x | x | |
Allow backup of enterprise books | On/Off | x | x | x |
Allow notes and highlights sync for enterprise books | On/Off | x | x | |
Allow My Photo Stream (disallowing can cause data loss) | On/Off | x | x | |
Allow Shared Albums | On/Off | x | x | |
System Apps | ||||
Allow use of camera | On/Off | x | ||
Allow FaceTime | On/Off | x | ||
Allow use of Game Center | On/Off | x | ||
Allow adding Game Center friends | On/Off | x | ||
Allow multiplayer gaming | On/Off | x | ||
Allow Apple Books | On/Off | x | ||
Allow iMessage | On/Off | x | ||
Allow Apple Music | On/Off | x | ||
Allow Radio | On/Off | x | ||
Allow use of News | On/Off | x | ||
Allow use of Podcasts | On/Off | x | ||
Allow removing system apps | On/Off | x | ||
Usability | ||||
Allow auto correction | On/Off | x | ||
Allow define | On/Off | x | ||
Allow spell check | On/Off | x | ||
Allow modifying notification settings | On/Off | x | ||
Allow keyboard shortcuts | On/Off | x | ||
Allow continuous path keyboard | On/Off | x | ||
Allow predictive keyboard | On/Off | x | ||
Allow dictation | On/Off | x | ||
Allow Screen Time | On/Off | x | ||
Allow Spotlight Internet Results | On/Off | x | x |