This list gives you an overview of all policies available in the Cortado administration portal for fully managed devices and for devices with a work profile. You can find out how to create policies and what you need to bear in mind in our help articles.
| Policy | Explanation | Function |
| Apps | ||
| Allow playback of explicit music, podcast & iTunes U media | Playback of explicit music, podcasts, and iTunes U permitted | On/Off |
| Allow explicit sexual content in Apple Books | Display of offensive sexual content permitted in Apple Books | On/Off |
| Authentication | ||
| Allow modifying Touch ID fingerprints / Face ID faces | Changing existing biometric data permitted | On/Off |
| Allow password AutoFill | Allow password autofill | On/Off |
| Allow proximity based password sharing requests | Request for automatic sharing of Wi-Fi passwords with (nearby) Apple devices allowed | On/Off |
| Allow password sharing | Sharing saved passwords via AirDrop allowed | On/Off |
| Data and Container Protection | ||
| Allow installing configuration profiles | Installation of configuration profiles and certificates is permitted | On/Off |
| Allow AirDrop | Use of AirDrop permitted | On/Off |
| Allow iCloud Photos | Access to iCloud photos allowed. If disabled, all undownloaded photos will be removed from local storage. | On/Off |
| Allow iCloud Private Relay | Use of iCloud Private Relay* permitted (*Apple privacy feature for internet activity) | On/Off |
| Force dictation on the device | Device does not connect to Siri servers for dictation purposes (disabled by default) | On/Off |
| Allow personalized ads delivered by Apple | Personalized advertising from Apple permitted | On/Off |
| Allow Safari AutoFill | Safari's automatic fill function for passwords, contact details, credit cards, and use of the keychain is permitted. | On/Off |
| Device | ||
| Allow modifying device name | Changing device names permitted | On/Off |
| Allow modifying account settings | Modification of accounts (Apple IDs and internet-based accounts such as mail, contacts, and calendars) permitted | On/Off |
| Allow Erase All Content and Settings | Reset to factory settings permitted | On/Off |
| Allow modifying Bluetooth settings | Changing Bluetooth settings allowed | On/Off |
| Disallow USB accessories while device is locked | Connecting devices to USB accessories at any time, even when locked, is not permitted. | On/Off |
| Allow screenshots and screen recording | Saving a screenshot and recording a screen permitted | On/Off |
| Allow iPhone Mirroring | Mirroring an iPhone on a Mac is permitted | On/Off |
| Allow Handoff | Handoff enabled (Handoff is a feature that allows you to seamlessly continue an activity started on your iPhone, such as writing an email, on your Mac.) | On/Off |
| Allow "Find My Devices" | "Find My Devices” allowed | On/Off |
| Allow "Find My Friends" | "Find My Friends" allowed | On/Off |
| Allow live voicemail | Live transcription of voicemail messages on screen permitted | On/Off |
| Allow modifying Wallpaper | Changing wallpaper permitted | On/Off |
| Allow Touch ID / Face ID to unlock device | Unlocking the device with Touch ID/Face ID permitted | On/Off |
| Allow auto unlock with Apple Watch | Automatic unlocking with Apple Watch permitted | On/Off |
| OS Updates | ||
| Defer software updates for … days (1-90) | Postpone software update | On/Off |
| OS update delay (in days) | Software update postponed by a specified number of days | Enter value |
| Force automatic OS updates (start, end, delay days) | Force OS update for a specific time window | Enter value |
| Allow installation of rapid security responses | Allow installation of minor security updates (patches) | On/Off |
| Allow removal of rapid security responses | Removal of minor security measures (patches) permitted | On/Off |
| Passcode | ||
| Allow modifying passcode | Changing the passcode is permitted | On/Off |
| Force passcode | Passcode usage is enforced | On/Off |
| Require alphanumeric value | Strings consisting of letters and numbers | On/Off |
| Allow simple value | A simple passcode contains repeating or consecutive characters, such as 123 or CBA. | On/Off |
| Minimum number of complex characters: | A complex character is a character that is not a number or letter, e.g., &, %, $, and #. | Enter value |
| Minimum passcode length | Set minimum passcode length | Enter value |
| Automatic lock time (min.) | Time that the device can remain idle without the user unlocking it | Enter value |
| Maximum grace period for device lock | Time period in minutes during which the phone can be unlocked without entering a passcode | Enter value |
| Passcode validity (1-730 days, or none) | Time period during which the password can remain unchanged before it must be renewed | Enter value |
| Maximum number of failed logins | Number of failed passcode attempts that the system allows the user before erasing or locking the device | Enter value |
| Passcode history (1-50, or none) | Number of times a new password/passcode must be changed before an old one can be used again | Enter value |
| Siri | ||
| Allow Siri | Use of Siri permitted | On/Off |
| Enable Siri profanity filter | Enforces the use of the profanity filter for Siri (disabled by default) | On/Off |
| Synchronization | ||
| Allow sending diagnostic and usage data to Apple | Allows the device to automatically send diagnostic reports to Apple. | On/Off |
| Allow iCloud Bookmarks | Allow Safari bookmarks to sync with iCloud | On/Off |
| Allow iCloud Mail | Synchronize Mail app with iCloud allowed | On/Off |
| Allow iCloud Calendar | Synchronize calendar with iCloud allowed | On/Off |
| Allow iCloud Reminders | Synchronize reminders with iCloud allowed | On/Off |
| Allow iCloud Contacts | Synchronize contacts with iCloud allowed | On/Off |
| Allow iCloud Notes | Synchronize notes with iCloud allowed | On/Off |
| Allow iCloud documents & data | Allow documents and data to be stored in iCloud Drive This refers to general access to iCloud by apps, i.e., whether programs (such as Pages, Numbers, Preview, third-party apps, etc.) are allowed to store their data or documents in iCloud. | On/Off |
| Allow iCloud Keychain | Synchronize keychain in iCloud allowed | On/Off |
| Allow iCloud Desktop and Document | This policy only affects a specific part of iCloud Drive—namely, the automatic synchronization of the user folders “Desktop” and “Documents” with iCloud. | On/Off |
| System Apps | ||
| Allow use of camera | Use of camera permitted | On/Off |
| Allow use of Game Center | Use of Game Center permitted | On/Off |
| Allow adding Game Center friends | Adding friends in Game Center allowed | On/Off |
| Allow multiplayer gaming | Multiplayer games allowed | On/Off |
| Allow Apple Books | Use of Apple Books permitted | On/Off |
| Allow Apple Music | Use of Apple Music permitted | On/Off |
| Usability | ||
| Allow define | Search for definitions of words by tapping on them permitted | On/Off |
| Allow dictation | Use of dictation function permitted | On/Off |
| Allow Spotlight Internet Results | Content from the Internet permitted in Spotlight search | On/Off |
| Apple Intelligence | ||
| Allow Genmoji | Use of AI-generated emojis (so-called genmojis) permitted | On/Off |
| Allow Image Playground | Generating AI images is permitted for use in news articles, presentations, documents, etc. | On/Off |
| Allow Writing Tools | AI-supported functions such as rewriting, correction, and summarization permitted | On/Off |
| Allow Apple Intelligence report | Creation of automatic summaries or reports based on content (e.g., emails, documents). | On/Off |
| Allow external intelligence integrations | Enables the interface so that Apple Intelligence can use external AI models (e.g., ChatGPT, Google Gemini) via Apple's mediation layer | On/Off |
| Allow signing in to external intelligence integrations | Allows you to log in with your own accounts to external AI services (e.g., OpenAI Plus). This provides access to advanced features. | On/Off |
| Allowed external intelligence workspace IDs | Allows Apple Intelligence to only use the specified external integration workspace ID and requires login to make requests. The user must log in to integrations that support login. | Enter ID |