Profile configuration in the Restrictions tab
Last adaptation to the version: 2.6 (06.2025)
New:
- New Option: Allow Apple Intelligence
- More detailed description of host pairing
notemptyThis article refers to a Beta version
Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:
- MS (← linkujące)
- MS/Changelog Portal (← linkujące)
- MS/deployment/profile-AppleTV (dołączony szablon) (← linkujące)
- MS/deployment/profile-shared-iPad (dołączony szablon) (← linkujące)
- MS/deployment/profile-Device (dołączony szablon) (← linkujące)
- MS/deployment/profile-User (dołączony szablon) (← linkujące)
Restrictions
Restrictions
Configuration by clicking on Activate restrictions
Numerous restrictions can be configured to control the behavior of a device.
List of possible restrictions with default values and explanations:
General restrictions
For devices with the profile Device or shared iPad
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restriction | Default | Explanation |
|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
| Allow automatic unlocking | When deactivated , the automatic unlocking is disabled | |
| Allow cloud address book | When deactivated , the cloud address book will be disabled | |
| Allow cloud bookmarks | When deactivated , cloud bookmarks will be disabled | |
| Allow cloud calendar | When deactivated , the cloud calendar will be disabled | |
| Allow cloud desktop & documents | When deactivated , cloud desktop and documents will be disabled | |
| Allow cloud mail | When deactivated , cloud mail will be disabled | |
| Allow cloud notes | When deactivated , cloud notes will be disabled | |
| Allow cloud reminders | When deactivated , cloud reminders will be disabled | |
| Allow content caching | When deactivated , content caching will be disabled | |
| Allow iTunes file sharing | When deactivated , iTunes file sharing will be disabled | |
| Allow automatic screen saver | When deactivated , automatic screen savers are not permitted | |
| Allow lock screen ControlCenter | When deactivated , the ControlCenter is disabled for the lock screen | |
| Allow lock screen notifications to display | When deactivated , the notification preview of the lock screen will be disabled | |
| Allow lock screen view today | When deactivated , today's lock screen view will be disabled | |
| Allow to write unmanaged contacts | When deactivated , writing unmanaged contacts will be disabled | |
| Allow unmanaged reading of managed contacts | When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app | |
| Allow OTAPKI updates | When deactivated , OTAPKI updates are disabled | |
| Allow temporary session of the shared device | When deactivated , the temporary session of the shared device is disabled | |
| Force password for outgoing AirPlay requests | When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
| Force encrypted backups | When activated , encrypted backups are enforced | |
| Limit ad tracking | When activated , ad tracking will be restricted | |
| Dictation only | When activated , connections to Siri servers for dictation are disabled | |
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
| Allow QuickPath keyboard | When deactivated , the QuickPath keyboard is disabled | |
| Allow network access for files | When deactivated , the connection to network drives is prevented in the file app | |
| Allow USB drive for files | When deactivated , it prevents the File app from connecting to connected USB devices | |
| Allow Find My Device | When deactivated , Find My Device is disabled in the Find my App | |
| Allow Find My Friends | When deactivated , Find My Friends is disabled in the Find My app | |
| Force WiFi activation | When activated it prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode.
It does not prevent selecting which Wi-Fi network to use. | |
| Allow trusting enterprise apps | When deactivated , Enterprise apps are not trusted | |
| Allow screenshots and screen recording | When deactivated , screenshots and screen recordings cannot be created | |
| Allow Apple Music | When deactivated , Apple Music will be disabled in the Music app | |
| Allow iTunes Radio | Allow iTunes Radio | |
| Allow shared stream | When deactivated , the shared stream is disabled | |
| Allow Wallet while locked | When deactivated , wallet notifications will not be shown on the lock screen | |
| Allow use of News | When deactivated no news can be used | |
| Allow modifying bluetooth settings | When deactivated , changes to the Bluetooth settings are not permitted | |
| Allow modifying cellular data usage for app settings | When deactivated , the mobile data uses for app settings cannot be changed | |
| Allow modifying device name | When deactivated , the device name cannot be changed | |
| Allow automatic sync while roaming | When deactivated , automatic synchronisation is deactivated during roaming | |
| Allow iCloud sync for managed apps | When deactivated , iCloud synchronisation is deactivated for managed apps | |
| Allow enterprise books backup | When deactivated , Enterprise books are not saved | |
| Allow enterprise books and highlights to sync | When deactivated , Enterprise books and highlights are not synchronised | |
| Allow email privacy | When activated , Apple's Mail Privacy Protection (AMPP) is activated | |
| Allow In App purchases | When deactivated no in-app purchases can be made | |
| Allow multiplayer gaming | When deactivated , multiplayer gaming is not allowed | |
| Allow voice dialing while device is locked | When deactivated , no voice dialling is allowed, even if the device is locked | |
| Force Apple Watch wrist detection | When activated , Apple Watch wrist detection is enforced | |
| Allow pairing with Apple Watch | When deactivated , pairing with Apple Watch is not permitted | |
| Allow Internet results in Spotlight | When deactivated , search results from the web will not be shown in Spotlight | |
| Allow user to accept untrusted TLS certificates | When deactivated , the user is not allowed to accept untrusted certificates in TLS | |
| Allow Photo Stream | When deactivated , the use of Photo-Stream is not permitted on the device | |
| Allow iCloud Photo Library | When deactivated , the use of the iCloud Photo Library on the device is not permitted | |
| Allow iCloud backup | When deactivated , the backup with the iCloud is not permitted | |
| Allow personalized advertising | When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later | |
| Requires iTunes password for all purchases | When activated , the user's iTunes password is required for all purchases | |
| Apps ranking number | 1000 | The value entered describes the maximum permitted level of apps relevant to youth protection on the device. |
| Movies ranking number | 1000 | The value entered describes the maximum permitted level of films relevant to youth protection on the device. |
| TV Shows ranking number | 1000 | The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. |
| Region code | Germany | Two-character code for the region used to specify ratings |
| Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
| From websites I visited | Accepts cookies from all visited websites | |
| Always | Accepts all cookies | |
| Allow JavaScript | When deactivated , JavaScript is not allowed in Safari | |
| Allow Pop-ups | When deactivated , pop-ups are not allowed in Safari | |
| Enable fraud warning | When activated , the fraud warning in Safari is activated | |
| Force translation on the device only | When activated , the device does not connect to Siri servers for translation purposes | |
| Allow unmanaged documents in managed apps | When activated , it allows managed apps to access unmanaged documents | |
| Allow managed documents in unmanaged apps | When activated , allows unmanaged apps to access managed documents | |
| Managed clipboard required | When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
| Treat AirDrop as unmanaged destination | When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop | |
| Allows Handoff | When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
| Allow Touch ID/Face ID for unlocking | When deactivated , Touch ID/Face ID is not allowed to unlock the device | |
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
| Allow modifying notification settings | When deactivated , changing the notification settings is not allowed | |
| Allow incoming AirPlay requests | When deactivated , incoming AirPlay requests are not allowed | |
| Allow pairing with Remote app | When deactivated , pairing with remote app is not permitted | |
| Allow dictation | When deactivated , dictations are not allowed | |
| Allow camera use | When deactivated , the user is not allowed to use the camera | |
| Allow Siri | When deactivated , Siri is not allowed | |
| Allow Siri while locked | When deactivated , Siri is not allowed while the device is locked | |
| Allow Siri user generated content | When deactivated , it prevents Siri from querying requests with user-generated content | |
| Allow modifying Touch ID/Face ID | When deactivated , the user is not permitted to change the Touch ID/Face ID | |
| Allow diagnostic submission | When deactivated , diagnostic and usage data is not sent to Apple | |
| Allow modifying diagnostics settings | When deactivated , the user is not permitted to change the diagnostic settings | |
| notemptyNew as of: 2.6 Allow Apple Intelligenc | When deactivated , the system deactivates the Apple Intelligence reports. Available in iOS 18.4 and higher. |
For Apple TVs
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restriction | Default | Explanation |
|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
| Allow automatic unlocking | When deactivated , the automatic unlocking is disabled | |
| Allow cloud address book | When deactivated , the cloud address book will be disabled | |
| Allow cloud bookmarks | When deactivated , cloud bookmarks will be disabled | |
| Allow cloud calendar | When deactivated , the cloud calendar will be disabled | |
| Allow cloud desktop & documents | When deactivated , cloud desktop and documents will be disabled | |
| Allow cloud mail | When deactivated , cloud mail will be disabled | |
| Allow cloud notes | When deactivated , cloud notes will be disabled | |
| Allow cloud reminders | When deactivated , cloud reminders will be disabled | |
| Allow content caching | When deactivated , content caching will be disabled | |
| Allow iTunes file sharing | When deactivated , iTunes file sharing will be disabled | |
| Allow automatic screen saver | When deactivated , automatic screen savers are not permitted | |
| Allow lock screen ControlCenter | When deactivated , the ControlCenter is disabled for the lock screen | |
| Allow lock screen notifications to display | When deactivated , the notification preview of the lock screen will be disabled | |
| Allow lock screen view today | When deactivated , today's lock screen view will be disabled | |
| Allow to write unmanaged contacts | When deactivated , writing unmanaged contacts will be disabled | |
| Allow unmanaged reading of managed contacts | When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app | |
| Allow OTAPKI updates | When deactivated , OTAPKI updates are disabled | |
| Allow temporary session of the shared device | When deactivated , the temporary session of the shared device is disabled | |
| Force password for outgoing AirPlay requests | When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
| Force encrypted backups | When activated , encrypted backups are enforced | |
| Limit ad tracking | When activated , ad tracking will be restricted | |
| Dictation only | When activated , connections to Siri servers for dictation are disabled | |
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
| Allow QuickPath keyboard | When deactivated , the QuickPath keyboard is disabled | |
| Allow network access for files | When deactivated , the connection to network drives is prevented in the file app | |
| Allow USB drive for files | When deactivated , it prevents the File app from connecting to connected USB devices | |
| Allow Find My Device | When deactivated , Find My Device is disabled in the Find my App | |
| Allow Find My Friends | When deactivated , Find My Friends is disabled in the Find My app | |
| Force WiFi activation | When activated it prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode.
It does not prevent selecting which Wi-Fi network to use. | |
| Allow trusting enterprise apps | When deactivated , Enterprise apps are not trusted | |
| Allow screenshots and screen recording | When deactivated , screenshots and screen recordings cannot be created | |
| Allow Apple Music | When deactivated , Apple Music will be disabled in the Music app | |
| Allow iTunes Radio | Allow iTunes Radio | |
| Allow shared stream | When deactivated , the shared stream is disabled | |
| Allow Wallet while locked | When deactivated , wallet notifications will not be shown on the lock screen | |
| Allow use of News | When deactivated no news can be used | |
| Allow modifying bluetooth settings | When deactivated , changes to the Bluetooth settings are not permitted | |
| Allow modifying cellular data usage for app settings | When deactivated , the mobile data uses for app settings cannot be changed | |
| Allow modifying device name | When deactivated , the device name cannot be changed | |
| Allow automatic sync while roaming | When deactivated , automatic synchronisation is deactivated during roaming | |
| Allow iCloud sync for managed apps | When deactivated , iCloud synchronisation is deactivated for managed apps | |
| Allow enterprise books backup | When deactivated , Enterprise books are not saved | |
| Allow enterprise books and highlights to sync | When deactivated , Enterprise books and highlights are not synchronised | |
| Allow email privacy | When activated , Apple's Mail Privacy Protection (AMPP) is activated | |
| Allow In App purchases | When deactivated no in-app purchases can be made | |
| Allow multiplayer gaming | When deactivated , multiplayer gaming is not allowed | |
| Allow voice dialing while device is locked | When deactivated , no voice dialling is allowed, even if the device is locked | |
| Force Apple Watch wrist detection | When activated , Apple Watch wrist detection is enforced | |
| Allow pairing with Apple Watch | When deactivated , pairing with Apple Watch is not permitted | |
| Allow Internet results in Spotlight | When deactivated , search results from the web will not be shown in Spotlight | |
| Allow user to accept untrusted TLS certificates | When deactivated , the user is not allowed to accept untrusted certificates in TLS | |
| Allow Photo Stream | When deactivated , the use of Photo-Stream is not permitted on the device | |
| Allow iCloud Photo Library | When deactivated , the use of the iCloud Photo Library on the device is not permitted | |
| Allow iCloud backup | When deactivated , the backup with the iCloud is not permitted | |
| Allow personalized advertising | When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later | |
| Requires iTunes password for all purchases | When activated , the user's iTunes password is required for all purchases | |
| Apps ranking number | 1000 | The value entered describes the maximum permitted level of apps relevant to youth protection on the device. |
| Movies ranking number | 1000 | The value entered describes the maximum permitted level of films relevant to youth protection on the device. |
| TV Shows ranking number | 1000 | The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. |
| Region code | Germany | Two-character code for the region used to specify ratings |
| Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
| From websites I visited | Accepts cookies from all visited websites | |
| Always | Accepts all cookies | |
| Allow JavaScript | When deactivated , JavaScript is not allowed in Safari | |
| Allow Pop-ups | When deactivated , pop-ups are not allowed in Safari | |
| Enable fraud warning | When activated , the fraud warning in Safari is activated | |
| Force translation on the device only | When activated , the device does not connect to Siri servers for translation purposes | |
| Allow unmanaged documents in managed apps | When activated , it allows managed apps to access unmanaged documents | |
| Allow managed documents in unmanaged apps | When activated , allows unmanaged apps to access managed documents | |
| Managed clipboard required | When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
| Treat AirDrop as unmanaged destination | When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop | |
| Allows Handoff | When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
| Allow Touch ID/Face ID for unlocking | When deactivated , Touch ID/Face ID is not allowed to unlock the device | |
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
| Allow modifying notification settings | When deactivated , changing the notification settings is not allowed | |
| Allow incoming AirPlay requests | When deactivated , incoming AirPlay requests are not allowed | |
| Allow pairing with Remote app | When deactivated , pairing with remote app is not permitted | |
| Allow dictation | When deactivated , dictations are not allowed | |
| Allow camera use | When deactivated , the user is not allowed to use the camera | |
| Allow Siri | When deactivated , Siri is not allowed | |
| Allow Siri while locked | When deactivated , Siri is not allowed while the device is locked | |
| Allow Siri user generated content | When deactivated , it prevents Siri from querying requests with user-generated content | |
| Allow modifying Touch ID/Face ID | When deactivated , the user is not permitted to change the Touch ID/Face ID | |
| Allow diagnostic submission | When deactivated , diagnostic and usage data is not sent to Apple | |
| Allow modifying diagnostics settings | When deactivated , the user is not permitted to change the diagnostic settings | |
| notemptyNew as of: 2.6 Allow Apple Intelligenc | When deactivated , the system deactivates the Apple Intelligence reports. Available in iOS 18.4 and higher. |
For User Enrollment
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restriction | Default | Explanation |
|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
| Allow automatic unlocking | When deactivated , the automatic unlocking is disabled | |
| Allow cloud address book | When deactivated , the cloud address book will be disabled | |
| Allow cloud bookmarks | When deactivated , cloud bookmarks will be disabled | |
| Allow cloud calendar | When deactivated , the cloud calendar will be disabled | |
| Allow cloud desktop & documents | When deactivated , cloud desktop and documents will be disabled | |
| Allow cloud mail | When deactivated , cloud mail will be disabled | |
| Allow cloud notes | When deactivated , cloud notes will be disabled | |
| Allow cloud reminders | When deactivated , cloud reminders will be disabled | |
| Allow content caching | When deactivated , content caching will be disabled | |
| Allow iTunes file sharing | When deactivated , iTunes file sharing will be disabled | |
| Allow automatic screen saver | When deactivated , automatic screen savers are not permitted | |
| Allow lock screen ControlCenter | When deactivated , the ControlCenter is disabled for the lock screen | |
| Allow lock screen notifications to display | When deactivated , the notification preview of the lock screen will be disabled | |
| Allow lock screen view today | When deactivated , today's lock screen view will be disabled | |
| Allow to write unmanaged contacts | When deactivated , writing unmanaged contacts will be disabled | |
| Allow unmanaged reading of managed contacts | When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app | |
| Allow OTAPKI updates | When deactivated , OTAPKI updates are disabled | |
| Allow temporary session of the shared device | When deactivated , the temporary session of the shared device is disabled | |
| Force password for outgoing AirPlay requests | When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
| Force encrypted backups | When activated , encrypted backups are enforced | |
| Limit ad tracking | When activated , ad tracking will be restricted | |
| Dictation only | When activated , connections to Siri servers for dictation are disabled | |
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
| Allow QuickPath keyboard | When deactivated , the QuickPath keyboard is disabled | |
| Allow network access for files | When deactivated , the connection to network drives is prevented in the file app | |
| Allow USB drive for files | When deactivated , it prevents the File app from connecting to connected USB devices | |
| Allow Find My Device | When deactivated , Find My Device is disabled in the Find my App | |
| Allow Find My Friends | When deactivated , Find My Friends is disabled in the Find My app | |
| Force WiFi activation | When activated it prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode.
It does not prevent selecting which Wi-Fi network to use. | |
| Allow trusting enterprise apps | When deactivated , Enterprise apps are not trusted | |
| Allow screenshots and screen recording | When deactivated , screenshots and screen recordings cannot be created | |
| Allow Apple Music | When deactivated , Apple Music will be disabled in the Music app | |
| Allow iTunes Radio | Allow iTunes Radio | |
| Allow shared stream | When deactivated , the shared stream is disabled | |
| Allow Wallet while locked | When deactivated , wallet notifications will not be shown on the lock screen | |
| Allow use of News | When deactivated no news can be used | |
| Allow modifying bluetooth settings | When deactivated , changes to the Bluetooth settings are not permitted | |
| Allow modifying cellular data usage for app settings | When deactivated , the mobile data uses for app settings cannot be changed | |
| Allow modifying device name | When deactivated , the device name cannot be changed | |
| Allow automatic sync while roaming | When deactivated , automatic synchronisation is deactivated during roaming | |
| Allow iCloud sync for managed apps | When deactivated , iCloud synchronisation is deactivated for managed apps | |
| Allow enterprise books backup | When deactivated , Enterprise books are not saved | |
| Allow enterprise books and highlights to sync | When deactivated , Enterprise books and highlights are not synchronised | |
| Allow email privacy | When activated , Apple's Mail Privacy Protection (AMPP) is activated | |
| Allow In App purchases | When deactivated no in-app purchases can be made | |
| Allow multiplayer gaming | When deactivated , multiplayer gaming is not allowed | |
| Allow voice dialing while device is locked | When deactivated , no voice dialling is allowed, even if the device is locked | |
| Force Apple Watch wrist detection | When activated , Apple Watch wrist detection is enforced | |
| Allow pairing with Apple Watch | When deactivated , pairing with Apple Watch is not permitted | |
| Allow Internet results in Spotlight | When deactivated , search results from the web will not be shown in Spotlight | |
| Allow user to accept untrusted TLS certificates | When deactivated , the user is not allowed to accept untrusted certificates in TLS | |
| Allow Photo Stream | When deactivated , the use of Photo-Stream is not permitted on the device | |
| Allow iCloud Photo Library | When deactivated , the use of the iCloud Photo Library on the device is not permitted | |
| Allow iCloud backup | When deactivated , the backup with the iCloud is not permitted | |
| Allow personalized advertising | When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later | |
| Requires iTunes password for all purchases | When activated , the user's iTunes password is required for all purchases | |
| Apps ranking number | 1000 | The value entered describes the maximum permitted level of apps relevant to youth protection on the device. |
| Movies ranking number | 1000 | The value entered describes the maximum permitted level of films relevant to youth protection on the device. |
| TV Shows ranking number | 1000 | The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. |
| Region code | Germany | Two-character code for the region used to specify ratings |
| Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
| From websites I visited | Accepts cookies from all visited websites | |
| Always | Accepts all cookies | |
| Allow JavaScript | When deactivated , JavaScript is not allowed in Safari | |
| Allow Pop-ups | When deactivated , pop-ups are not allowed in Safari | |
| Enable fraud warning | When activated , the fraud warning in Safari is activated | |
| Force translation on the device only | When activated , the device does not connect to Siri servers for translation purposes | |
| Allow unmanaged documents in managed apps | When activated , it allows managed apps to access unmanaged documents | |
| Allow managed documents in unmanaged apps | When activated , allows unmanaged apps to access managed documents | |
| Managed clipboard required | When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
| Treat AirDrop as unmanaged destination | When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop | |
| Allows Handoff | When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
| Allow Touch ID/Face ID for unlocking | When deactivated , Touch ID/Face ID is not allowed to unlock the device | |
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
| Allow modifying notification settings | When deactivated , changing the notification settings is not allowed | |
| Allow incoming AirPlay requests | When deactivated , incoming AirPlay requests are not allowed | |
| Allow pairing with Remote app | When deactivated , pairing with remote app is not permitted | |
| Allow dictation | When deactivated , dictations are not allowed | |
| Allow camera use | When deactivated , the user is not allowed to use the camera | |
| Allow Siri | When deactivated , Siri is not allowed | |
| Allow Siri while locked | When deactivated , Siri is not allowed while the device is locked | |
| Allow Siri user generated content | When deactivated , it prevents Siri from querying requests with user-generated content | |
| Allow modifying Touch ID/Face ID | When deactivated , the user is not permitted to change the Touch ID/Face ID | |
| Allow diagnostic submission | When deactivated , diagnostic and usage data is not sent to Apple | |
| Allow modifying diagnostics settings | When deactivated , the user is not permitted to change the diagnostic settings | |
| notemptyNew as of: 2.6 Allow Apple Intelligenc | When deactivated , the system deactivates the Apple Intelligence reports. Available in iOS 18.4 and higher. |
Classroom-App
The Classroom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restrictions | Default | Explanation |
|---|---|---|
| Allow remote screen monitoring | If not allowed, remote screen monitoring is disabled by the Classroom app. When screenshots are disabled, the Classroom app does not observe remote screens. | |
| Force courses to be joined automatically | If enforced, the instructor's requests are automatically accepted without prompting the student. | |
| Force permission to leave classes | If enforced, a student enrolled in an unmanaged course through Classroom must ask the instructor for permission to leave the course. | |
| Force app and device lock | If enforced, the teacher can lock apps or the device without prompting the student. | |
| Force screen monitoring | When enforced and remote screen monitoring is allowed, a student enrolled in a managed course through the classroom app automatically grants permission to watch the screen without being prompted. |
Restrictions for supervised devices
A range of restrictions is only available for devices in the Supervised embedding mode.
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restrictions | Default | Explanation |
|---|---|---|
| Restrict app use | Allow all apps Do not allow certain apps Allow only certain apps |
Configures whether no restriction, a blocklist or a allowlist is used for apps. supervised devices only |
|
Click box for app selection | Depending on the selection in the line above: Blocklisted Apps / Allowlisted Apps Searches the entire App Store for possible apps. supervised devices only |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only | |
| Allow AirDrop | If set to false, AirDrop will be disabled supervised devices only | |
| Allow AirPrint | If set to false, AirPrint will be disabled supervised devices only | |
| Allow saving AirPrint credentials | If set to false, the storage of AirPrint credentials is disabled supervised devices only | |
| Allow AirPrint iBeacon detection | If set to false, AirPrint iBeacon detection will be disabled supervised devices only | |
| Allow change of mobile tariff | If set to false, the change of the mobile tariff will be disabled supervised devices only
non | |
| Allow cloud keychain synchronization | If set to false, cloud keychain synchronization is disabled supervised devices only | |
| Allow private cloud relay | If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only | |
| Allow eSIM changes | If set to false, the eSIM change will be disabled | |
| Allow access to files on USB drive | If set to false, access to the files USB drive is disabled supervised devices only | |
| Allow change to find my friends | If set to false, the modification will be disabled for find my friends supervised devices only | |
| Allow host pairing | ||
| Allow NFC | If set to false, NFC will be disabled supervised devices only | |
| Allow auto-complete password | If set to false, the auto-completion of the password will be disabled supervised devices only | |
| Allow device to enter sleep mode | If set to false, the hibernation of the device is disabled supervised devices only | |
| Allow requests for password proximity | If set to false, password proximity requests are disabled supervised devices only | |
| Allow password sharing | If set to false, password sharing will be disabled supervised devices only | |
| Allow change of personal hotspot | If set to false, the change of the personal hotspot will be disabled supervised devices only | |
| Allow Podcasts | If set to false, podcasts will be disabled supervised devices only | |
| Allow proximity settings for new device | If set to false, the proximity set-up for the new device will be disabled supervised devices only | |
| Allow removal of system apps | If set to false, the removal of system apps is disabled supervised devices only | |
| Allow non-paired external boot for recovery | If set to false, unpaired external booting for recovery is disabled supervised devices only | |
| Allow restricted USB mode | If set to false, the restricted USB mode will be disabled supervised devices only | |
| Allow VPN creation | If set to false, VPN creation will be disabled supervised devices only | |
| Allowed apps in single app mode | Choose application | Allowed apps in single app mode supervised devices only |
| Force AirPrint Trusted TLS Requirement | If set to true, AirPrint enforces the trusted TLS request supervised devices only | |
| Enforce authentication before autofill | If set to true, authentication is enforced before autofilling supervised devices only | |
| Force automatic date and time | If set to true, the date and time are automatically enforced supervised devices only | |
| Force WLAN to approved networks only | If set to true, WLAN is forced only on allowed networks supervised devices only | |
| Allow account modification | If inactive, account modification will be disabled. notemptyThis option prevents, for example, the creation of another Apple account, which could then be used to install additional apps.
| |
| Allow app removal | Allows the user to remove apps supervised devices only | |
| Allow explicit content | Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only | |
| Allow use of iMessage | Allow use of iMessage supervised devices only | |
| Allow iBookstore | Supervised only. If disabled, iBookstore will be disabled supervised devices only | |
| Allow erotica in the iBookstore | Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only | |
| Allow use of iTunes | Allow the user to access and use iTunes supervised devices only | |
| Allow use of Safari | Allows the user to use Safari supervised devices only | |
| Allow Game Center | Allow Game Center | |
| Allow adding Game Center friends | Allow the user to add friends to the Game Center supervised devices only | |
| Allow modifying wallpaper | Allow changing the background image supervised devices only</smMS/deployment/profile.langall> | |
| Permit configuration of the screen time | Allow configuration restrictions supervised devices only | |
| Allow iCloud document sync | Allow document synchronization with iCloud supervised devices only | |
| Allow auto-fill in Safari | Automatisches Ausfüllen in Safari zulassen supervised devices only | |
| Allow predictive keyboard. | Allow predictive keyboard. supervised devices only | |
| Allow keyboard shortcuts. | Allow keyboard shortcuts. supervised devices only | |
| Allow autocorrect. | Allow autocorrect. supervised devices only | |
| Allow correction help. | Allow correction help. supervised devices only | |
| Allow definition. | Allow definition. supervised devices only | |
| Allow video conferencing | Allow video conferencing supervised devices only | |
| Enable Siri profanity filter | Enables Siri profanity filter. supervised devices only | |
| Allow app installation from Apple Configurator and iTunes | Allow only a connected Mac host to install applications supervised devices only | |
| Allow automatic app downloads | Allows automatic app downloads supervised devices only | |
| Allow app installation from the app store | Allow the user to install applications supervised devices only | |
| Allow modifying passcode | Allow changing the passcode supervised devices only | |
| Allow UI configuration profile installation | If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only | |
| Allow erase all content and settings | If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only | |
| Allow app clips | When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only | |
| Force delayed app updates | If set to true, delayed app updates are forced supervised devices only | |
| Force delayed software updates | When active, user visibility of software updates is delayed. supervised devices only | |
| Software Update Delay in days | 30 | With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only |
For Apple TVs
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restrictions | Default | Explanation |
|---|---|---|
| Restrict app use | Allow all apps Do not allow certain apps Allow only certain apps |
Configures whether no restriction, a blocklist or a allowlist is used for apps. supervised devices only |
|
Click box for app selection | Depending on the selection in the line above: Blocklisted Apps / Allowlisted Apps Searches the entire App Store for possible apps. supervised devices only |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only | |
| Allow AirDrop | If set to false, AirDrop will be disabled supervised devices only | |
| Allow AirPrint | If set to false, AirPrint will be disabled supervised devices only | |
| Allow saving AirPrint credentials | If set to false, the storage of AirPrint credentials is disabled supervised devices only | |
| Allow AirPrint iBeacon detection | If set to false, AirPrint iBeacon detection will be disabled supervised devices only | |
| Allow change of mobile tariff | If set to false, the change of the mobile tariff will be disabled supervised devices only
non | |
| Allow cloud keychain synchronization | If set to false, cloud keychain synchronization is disabled supervised devices only | |
| Allow private cloud relay | If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only | |
| Allow eSIM changes | If set to false, the eSIM change will be disabled | |
| Allow access to files on USB drive | If set to false, access to the files USB drive is disabled supervised devices only | |
| Allow change to find my friends | If set to false, the modification will be disabled for find my friends supervised devices only | |
| Allow host pairing | ||
| Allow NFC | If set to false, NFC will be disabled supervised devices only | |
| Allow auto-complete password | If set to false, the auto-completion of the password will be disabled supervised devices only | |
| Allow device to enter sleep mode | If set to false, the hibernation of the device is disabled supervised devices only | |
| Allow requests for password proximity | If set to false, password proximity requests are disabled supervised devices only | |
| Allow password sharing | If set to false, password sharing will be disabled supervised devices only | |
| Allow change of personal hotspot | If set to false, the change of the personal hotspot will be disabled supervised devices only | |
| Allow Podcasts | If set to false, podcasts will be disabled supervised devices only | |
| Allow proximity settings for new device | If set to false, the proximity set-up for the new device will be disabled supervised devices only | |
| Allow removal of system apps | If set to false, the removal of system apps is disabled supervised devices only | |
| Allow non-paired external boot for recovery | If set to false, unpaired external booting for recovery is disabled supervised devices only | |
| Allow restricted USB mode | If set to false, the restricted USB mode will be disabled supervised devices only | |
| Allow VPN creation | If set to false, VPN creation will be disabled supervised devices only | |
| Allowed apps in single app mode | Choose application | Allowed apps in single app mode supervised devices only |
| Force AirPrint Trusted TLS Requirement | If set to true, AirPrint enforces the trusted TLS request supervised devices only | |
| Enforce authentication before autofill | If set to true, authentication is enforced before autofilling supervised devices only | |
| Force automatic date and time | If set to true, the date and time are automatically enforced supervised devices only | |
| Force WLAN to approved networks only | If set to true, WLAN is forced only on allowed networks supervised devices only | |
| Allow account modification | If inactive, account modification will be disabled. notemptyThis option prevents, for example, the creation of another Apple account, which could then be used to install additional apps.
| |
| Allow app removal | Allows the user to remove apps supervised devices only | |
| Allow explicit content | Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only | |
| Allow use of iMessage | Allow use of iMessage supervised devices only | |
| Allow iBookstore | Supervised only. If disabled, iBookstore will be disabled supervised devices only | |
| Allow erotica in the iBookstore | Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only | |
| Allow use of iTunes | Allow the user to access and use iTunes supervised devices only | |
| Allow use of Safari | Allows the user to use Safari supervised devices only | |
| Allow Game Center | Allow Game Center | |
| Allow adding Game Center friends | Allow the user to add friends to the Game Center supervised devices only | |
| Allow modifying wallpaper | Allow changing the background image supervised devices only</smMS/deployment/profile.langall> | |
| Permit configuration of the screen time | Allow configuration restrictions supervised devices only | |
| Allow iCloud document sync | Allow document synchronization with iCloud supervised devices only | |
| Allow auto-fill in Safari | Automatisches Ausfüllen in Safari zulassen supervised devices only | |
| Allow predictive keyboard. | Allow predictive keyboard. supervised devices only | |
| Allow keyboard shortcuts. | Allow keyboard shortcuts. supervised devices only | |
| Allow autocorrect. | Allow autocorrect. supervised devices only | |
| Allow correction help. | Allow correction help. supervised devices only | |
| Allow definition. | Allow definition. supervised devices only | |
| Allow video conferencing | Allow video conferencing supervised devices only | |
| Enable Siri profanity filter | Enables Siri profanity filter. supervised devices only | |
| Allow app installation from Apple Configurator and iTunes | Allow only a connected Mac host to install applications supervised devices only | |
| Allow automatic app downloads | Allows automatic app downloads supervised devices only | |
| Allow app installation from the app store | Allow the user to install applications supervised devices only | |
| Allow modifying passcode | Allow changing the passcode supervised devices only | |
| Allow UI configuration profile installation | If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only | |
| Allow erase all content and settings | If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only | |
| Allow app clips | When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only | |
| Force delayed app updates | If set to true, delayed app updates are forced supervised devices only | |
| Force delayed software updates | When active, user visibility of software updates is delayed. supervised devices only | |
| Software Update Delay in days | 30 | With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only |