Restrictions configuration

Profile configuration in the Restrictions tab

Last adaption: 11.2022

notempty

This article refers to a Resellerpreview

Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:

MS ‎ (← links)
MS/deployment/profile-AppleTV (transclusion) ‎ (← links)
MS/deployment/profile-shared-iPad (transclusion) ‎ (← links)
MS/deployment/profile-Device (transclusion) ‎ (← links)
MS/deployment/profile-User (transclusion) ‎ (← links)

Restrictions

Configuration by clicking on Activate restrictions

Numerous restrictions can be configured to control the behavior of a device.

List of possible restrictions with default values and explanations

General restrictions

For devices with the profile Device or shared iPadFor devices with the profile Device or shared iPad

Restriction	Default	Explanation
Demo-Dev-Einschränkung	'	Sollte nur im devWiki angezeigt werden
Allow automatic unlocking	'	If set to false, the automatic unlocking is disabled
Allow cloud address book	'	If set to false, the cloud address book will be disabled
Allow cloud bookmarks	'	If set to false, cloud bookmarks will be disabled
Allow cloud calendar	'	If set to false, the cloud calendar will be disabled
Allow cloud desktop & documents	'	If set to false, cloud desktop and documents will be disabled
Allow cloud mail	'	If set to false, cloud mail will be disabled
Allow cloud notes	'	If set to false, cloud notes will be disabled
Allow cloud reminders	'	If set to false, cloud reminders will be disabled
Allow content caching	'	If set to false, content caching will be disabled
Allow iTunes file sharing	'	If set to false, iTunes file sharing will be disabled
Allow automatic screen saver	'	Allow automatic screen saver
Allow lock screen ControlCenter	'	If set to false, the ControlCenter is disabled for the lock screen
Allow lock screen notifications to display	'	If set to false, the notification preview of the lock screen will be disabled
Allow lock screen view today	'	If set to false, today's lock screen view will be disabled
Allow to write unmanaged contacts	'	If set to false, writing unmanaged contacts will be disabled
Allow unmanaged reading of managed contacts	'	These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app
Allow OTAPKI updates	'	If set to false, OTAPKI updates are disabled
Allow temporary session of the shared device	'	If set to false, the temporary session of the shared device is disabled
Force password for outgoing AirPlay requests	'	If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password
Force encrypted backups	'	Force encrypted backups
Limit ad tracking	'	If set to true, ad tracking will be restricted
Dictation only	'	If set to true, connections to Siri servers for dictation are disabled
Force WLAN Allowlist	'	Join Wi-Fi networks installed by profiles only
Allow QuickPath keyboard	Default:	If set to inactive, the QuickPath keyboard is disabled
Allow network access for files	Default:	If inactive, the connection to network drives is prevented in the file app
Allow USB drive for files	Default:	When inactive, it prevents the File app from connecting to connected USB devices
Allow Find My Device	Default:	When inactive, Find My Device is disabled in the Find my App
Allow Find My Friends	Default:	When inactive, Find My Friends is disabled in the Find My app
Force WiFi activation	Default:	If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use.
Allow trusting enterprise apps	Default:	Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
Allow screenshots and screen recording	Default:	Allows the user to take screenshots or screen recordings
Allow Apple Music	Default:	If set to false, Apple Music will be disabled in the Music app
Allow iTunes Radio	Default:	If set to false, iTunes Radio will be disabled in the Music app
Allow shared stream	Default:	If set to false, the shared stream is disabled
Allow Wallet while locked	Default:	If set to false, wallet notifications will not be shown on the lock screen
Allow use of News	Default:	Allows the user to access and use News
Allow modifying bluetooth settings	Default:	Allow modifying bluetooth settings
Allow modifying cellular data usage for app settings	Default:	If set to false, the mobile data uses for app settings cannot be changed
Allow modifying device name	Default:	Allows the user to change device names
Allow automatic sync while roaming	Default:	Allows automatic synchronization during roaming
Allow iCloud sync for managed apps	Default:	Allows iCloud synchronization for managed apps
Allow enterprise books backup	Default:	Allows enterprise books to be backed up
Allow enterprise books and highlights to sync	Default:	Allows enterprise books to synchronize notes and highlights
Allow email privacy	'	If activated, Apple's Mail Privacy Protection (AMPP) is activated
Allow In App purchases	Default:	Allows the user to make purchases within applications
Allow multiplayer gaming	Default:	Allows multiplayer gaming
Allow voice dialing while device is locked	Default:	Allows voice dialing while device is locked
Force Apple Watch wrist detection	Default:	Forces Apple watch wrist detection
Allow pairing with Apple Watch	Default:	Allows pairing with Apple Watch
Allow Internet results in Spotlight	Default:	If set to false, search results from the web will not be shown in Spotlight
Allow user to accept untrusted TLS certificates	Default:	Allows user to accept untrusted TLS certificates
Allow Photo Stream	Default:	Allows Photo Stream to be used on the device
Allow iCloud Photo Library	Default:	Allows iCloud photo library to be used on the device
Allow iCloud backup	Default:	Allows backup using iCloud
Allow personalized advertising	Default:	When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later.
Requires iTunes password for all purchases	Default:	Requires the user's iTunes password to be entered for every purchase
Apps ranking number	1000	Ranking number for apps
Movies ranking number	1000	Ranking number for movies
TV Shows ranking number	1000	Ranking number for TV Shows
Region code	Germany	Two-character code for the region used to specify ratings
Accept cookies in Safari	Never	Accept cookies: Does not accept cookies
	From current website only (iOS 8) or visited sites (pre-iOS 8)	Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages
	From websites I visited	Accepts cookies from all visited websites
	Always	Accepts all cookies
Allow JavaScript	Default:	AllowS JavaScript in Safari
Allow Pop-ups	Default:	AllowS Pop-ups in Safari
Enable fraud warning	Default:	Enables fraud warning in Safari
Force translation on the device only	'	When this option is enabled, the device does not connect to Siri servers for translation purposes
Allow unmanaged documents in managed apps	Default:	Allows managed apps to access unmanaged documents
Allow managed documents in unmanaged apps	Default:	Allows unmanaged apps to access managed documents
Managed clipboard required	'	When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints.
Treat AirDrop as unmanaged destination	Default:	When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
Allows Handoff	Default:	If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
Allow Touch ID/Face ID for unlocking	Default:	Allows touch ID/Face ID to unlock device
Fingerprint timeout	'	The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week
Allow modifying notification settings	Default:	Allows modifying notification settings
Allow incoming AirPlay requests	Default:	Allows incoming AirPlay requests
Allow pairing with Remote app	Default:	Allows pairing with Remote app
Allow dictation	Default:	Allows dictation
Allow camera use	Default:	Allows the user to use the camera
Allow Siri	Default:	Allows Siri
Allow Siri while locked	Default:	Allows Siri while device is locked
Allow Siri user generated content	Default:	When inactive, it prevents Siri from querying requests with user-generated content
Allow modifying Touch ID/Face ID	Default:	The user is allowed to change the Touch ID/Face ID
Allow diagnostic submission	Default:	Send diagnostic and usage stats to Apple
Allow modifying diagnostics settings	Default:	The user is allowed to change the diagnostic settings

For Apple TVsFor Apple TVs

Restriction	Default	Explanation
Demo-Dev-Einschränkung	'	Sollte nur im devWiki angezeigt werden
Allow automatic unlocking	'	If set to false, the automatic unlocking is disabled
Allow cloud address book	'	If set to false, the cloud address book will be disabled
Allow cloud bookmarks	'	If set to false, cloud bookmarks will be disabled
Allow cloud calendar	'	If set to false, the cloud calendar will be disabled
Allow cloud desktop & documents	'	If set to false, cloud desktop and documents will be disabled
Allow cloud mail	'	If set to false, cloud mail will be disabled
Allow cloud notes	'	If set to false, cloud notes will be disabled
Allow cloud reminders	'	If set to false, cloud reminders will be disabled
Allow content caching	'	If set to false, content caching will be disabled
Allow iTunes file sharing	'	If set to false, iTunes file sharing will be disabled
Allow automatic screen saver	'	Allow automatic screen saver
Allow lock screen ControlCenter	'	If set to false, the ControlCenter is disabled for the lock screen
Allow lock screen notifications to display	'	If set to false, the notification preview of the lock screen will be disabled
Allow lock screen view today	'	If set to false, today's lock screen view will be disabled
Allow to write unmanaged contacts	'	If set to false, writing unmanaged contacts will be disabled
Allow unmanaged reading of managed contacts	'	These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app
Allow OTAPKI updates	'	If set to false, OTAPKI updates are disabled
Allow temporary session of the shared device	'	If set to false, the temporary session of the shared device is disabled
Force password for outgoing AirPlay requests	'	If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password
Force encrypted backups	'	Force encrypted backups
Limit ad tracking	'	If set to true, ad tracking will be restricted
Dictation only	'	If set to true, connections to Siri servers for dictation are disabled
Force WLAN Allowlist	'	Join Wi-Fi networks installed by profiles only
Allow QuickPath keyboard	Default:	If set to inactive, the QuickPath keyboard is disabled
Allow network access for files	Default:	If inactive, the connection to network drives is prevented in the file app
Allow USB drive for files	Default:	When inactive, it prevents the File app from connecting to connected USB devices
Allow Find My Device	Default:	When inactive, Find My Device is disabled in the Find my App
Allow Find My Friends	Default:	When inactive, Find My Friends is disabled in the Find My app
Force WiFi activation	Default:	If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use.
Allow trusting enterprise apps	Default:	Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
Allow screenshots and screen recording	Default:	Allows the user to take screenshots or screen recordings
Allow Apple Music	Default:	If set to false, Apple Music will be disabled in the Music app
Allow iTunes Radio	Default:	If set to false, iTunes Radio will be disabled in the Music app
Allow shared stream	Default:	If set to false, the shared stream is disabled
Allow Wallet while locked	Default:	If set to false, wallet notifications will not be shown on the lock screen
Allow use of News	Default:	Allows the user to access and use News
Allow modifying bluetooth settings	Default:	Allow modifying bluetooth settings
Allow modifying cellular data usage for app settings	Default:	If set to false, the mobile data uses for app settings cannot be changed
Allow modifying device name	Default:	Allows the user to change device names
Allow automatic sync while roaming	Default:	Allows automatic synchronization during roaming
Allow iCloud sync for managed apps	Default:	Allows iCloud synchronization for managed apps
Allow enterprise books backup	Default:	Allows enterprise books to be backed up
Allow enterprise books and highlights to sync	Default:	Allows enterprise books to synchronize notes and highlights
Allow email privacy	'	If activated, Apple's Mail Privacy Protection (AMPP) is activated
Allow In App purchases	Default:	Allows the user to make purchases within applications
Allow multiplayer gaming	Default:	Allows multiplayer gaming
Allow voice dialing while device is locked	Default:	Allows voice dialing while device is locked
Force Apple Watch wrist detection	Default:	Forces Apple watch wrist detection
Allow pairing with Apple Watch	Default:	Allows pairing with Apple Watch
Allow Internet results in Spotlight	Default:	If set to false, search results from the web will not be shown in Spotlight
Allow user to accept untrusted TLS certificates	Default:	Allows user to accept untrusted TLS certificates
Allow Photo Stream	Default:	Allows Photo Stream to be used on the device
Allow iCloud Photo Library	Default:	Allows iCloud photo library to be used on the device
Allow iCloud backup	Default:	Allows backup using iCloud
Allow personalized advertising	Default:	When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later.
Requires iTunes password for all purchases	Default:	Requires the user's iTunes password to be entered for every purchase
Apps ranking number	1000	Ranking number for apps
Movies ranking number	1000	Ranking number for movies
TV Shows ranking number	1000	Ranking number for TV Shows
Region code	Germany	Two-character code for the region used to specify ratings
Accept cookies in Safari	Never	Accept cookies: Does not accept cookies
	From current website only (iOS 8) or visited sites (pre-iOS 8)	Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages
	From websites I visited	Accepts cookies from all visited websites
	Always	Accepts all cookies
Allow JavaScript	Default:	AllowS JavaScript in Safari
Allow Pop-ups	Default:	AllowS Pop-ups in Safari
Enable fraud warning	Default:	Enables fraud warning in Safari
Force translation on the device only	'	When this option is enabled, the device does not connect to Siri servers for translation purposes
Allow unmanaged documents in managed apps	Default:	Allows managed apps to access unmanaged documents
Allow managed documents in unmanaged apps	Default:	Allows unmanaged apps to access managed documents
Managed clipboard required	'	When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints.
Treat AirDrop as unmanaged destination	Default:	When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
Allows Handoff	Default:	If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
Allow Touch ID/Face ID for unlocking	Default:	Allows touch ID/Face ID to unlock device
Fingerprint timeout	'	The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week
Allow modifying notification settings	Default:	Allows modifying notification settings
Allow incoming AirPlay requests	Default:	Allows incoming AirPlay requests
Allow pairing with Remote app	Default:	Allows pairing with Remote app
Allow dictation	Default:	Allows dictation
Allow camera use	Default:	Allows the user to use the camera
Allow Siri	Default:	Allows Siri
Allow Siri while locked	Default:	Allows Siri while device is locked
Allow Siri user generated content	Default:	When inactive, it prevents Siri from querying requests with user-generated content
Allow modifying Touch ID/Face ID	Default:	The user is allowed to change the Touch ID/Face ID
Allow diagnostic submission	Default:	Send diagnostic and usage stats to Apple
Allow modifying diagnostics settings	Default:	The user is allowed to change the diagnostic settings

For User EnrollmentFor User Enrollment

Restriction	Default	Explanation
Demo-Dev-Einschränkung	'	Sollte nur im devWiki angezeigt werden
Allow automatic unlocking	'	If set to false, the automatic unlocking is disabled
Allow cloud address book	'	If set to false, the cloud address book will be disabled
Allow cloud bookmarks	'	If set to false, cloud bookmarks will be disabled
Allow cloud calendar	'	If set to false, the cloud calendar will be disabled
Allow cloud desktop & documents	'	If set to false, cloud desktop and documents will be disabled
Allow cloud mail	'	If set to false, cloud mail will be disabled
Allow cloud notes	'	If set to false, cloud notes will be disabled
Allow cloud reminders	'	If set to false, cloud reminders will be disabled
Allow content caching	'	If set to false, content caching will be disabled
Allow iTunes file sharing	'	If set to false, iTunes file sharing will be disabled
Allow automatic screen saver	'	Allow automatic screen saver
Allow lock screen ControlCenter	'	If set to false, the ControlCenter is disabled for the lock screen
Allow lock screen notifications to display	'	If set to false, the notification preview of the lock screen will be disabled
Allow lock screen view today	'	If set to false, today's lock screen view will be disabled
Allow to write unmanaged contacts	'	If set to false, writing unmanaged contacts will be disabled
Allow unmanaged reading of managed contacts	'	These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app
Allow OTAPKI updates	'	If set to false, OTAPKI updates are disabled
Allow temporary session of the shared device	'	If set to false, the temporary session of the shared device is disabled
Force password for outgoing AirPlay requests	'	If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password
Force encrypted backups	'	Force encrypted backups
Limit ad tracking	'	If set to true, ad tracking will be restricted
Dictation only	'	If set to true, connections to Siri servers for dictation are disabled
Force WLAN Allowlist	'	Join Wi-Fi networks installed by profiles only
Allow QuickPath keyboard	Default:	If set to inactive, the QuickPath keyboard is disabled
Allow network access for files	Default:	If inactive, the connection to network drives is prevented in the file app
Allow USB drive for files	Default:	When inactive, it prevents the File app from connecting to connected USB devices
Allow Find My Device	Default:	When inactive, Find My Device is disabled in the Find my App
Allow Find My Friends	Default:	When inactive, Find My Friends is disabled in the Find My app
Force WiFi activation	Default:	If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use.
Allow trusting enterprise apps	Default:	Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
Allow screenshots and screen recording	Default:	Allows the user to take screenshots or screen recordings
Allow Apple Music	Default:	If set to false, Apple Music will be disabled in the Music app
Allow iTunes Radio	Default:	If set to false, iTunes Radio will be disabled in the Music app
Allow shared stream	Default:	If set to false, the shared stream is disabled
Allow Wallet while locked	Default:	If set to false, wallet notifications will not be shown on the lock screen
Allow use of News	Default:	Allows the user to access and use News
Allow modifying bluetooth settings	Default:	Allow modifying bluetooth settings
Allow modifying cellular data usage for app settings	Default:	If set to false, the mobile data uses for app settings cannot be changed
Allow modifying device name	Default:	Allows the user to change device names
Allow automatic sync while roaming	Default:	Allows automatic synchronization during roaming
Allow iCloud sync for managed apps	Default:	Allows iCloud synchronization for managed apps
Allow enterprise books backup	Default:	Allows enterprise books to be backed up
Allow enterprise books and highlights to sync	Default:	Allows enterprise books to synchronize notes and highlights
Allow email privacy	'	If activated, Apple's Mail Privacy Protection (AMPP) is activated
Allow In App purchases	Default:	Allows the user to make purchases within applications
Allow multiplayer gaming	Default:	Allows multiplayer gaming
Allow voice dialing while device is locked	Default:	Allows voice dialing while device is locked
Force Apple Watch wrist detection	Default:	Forces Apple watch wrist detection
Allow pairing with Apple Watch	Default:	Allows pairing with Apple Watch
Allow Internet results in Spotlight	Default:	If set to false, search results from the web will not be shown in Spotlight
Allow user to accept untrusted TLS certificates	Default:	Allows user to accept untrusted TLS certificates
Allow Photo Stream	Default:	Allows Photo Stream to be used on the device
Allow iCloud Photo Library	Default:	Allows iCloud photo library to be used on the device
Allow iCloud backup	Default:	Allows backup using iCloud
Allow personalized advertising	Default:	When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later.
Requires iTunes password for all purchases	Default:	Requires the user's iTunes password to be entered for every purchase
Apps ranking number	1000	Ranking number for apps
Movies ranking number	1000	Ranking number for movies
TV Shows ranking number	1000	Ranking number for TV Shows
Region code	Germany	Two-character code for the region used to specify ratings
Accept cookies in Safari	Never	Accept cookies: Does not accept cookies
	From current website only (iOS 8) or visited sites (pre-iOS 8)	Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages
	From websites I visited	Accepts cookies from all visited websites
	Always	Accepts all cookies
Allow JavaScript	Default:	AllowS JavaScript in Safari
Allow Pop-ups	Default:	AllowS Pop-ups in Safari
Enable fraud warning	Default:	Enables fraud warning in Safari
Force translation on the device only	'	When this option is enabled, the device does not connect to Siri servers for translation purposes
Allow unmanaged documents in managed apps	Default:	Allows managed apps to access unmanaged documents
Allow managed documents in unmanaged apps	Default:	Allows unmanaged apps to access managed documents
Managed clipboard required	'	When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints.
Treat AirDrop as unmanaged destination	Default:	When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
Allows Handoff	Default:	If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
Allow Touch ID/Face ID for unlocking	Default:	Allows touch ID/Face ID to unlock device
Fingerprint timeout	'	The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week
Allow modifying notification settings	Default:	Allows modifying notification settings
Allow incoming AirPlay requests	Default:	Allows incoming AirPlay requests
Allow pairing with Remote app	Default:	Allows pairing with Remote app
Allow dictation	Default:	Allows dictation
Allow camera use	Default:	Allows the user to use the camera
Allow Siri	Default:	Allows Siri
Allow Siri while locked	Default:	Allows Siri while device is locked
Allow Siri user generated content	Default:	When inactive, it prevents Siri from querying requests with user-generated content
Allow modifying Touch ID/Face ID	Default:	The user is allowed to change the Touch ID/Face ID
Allow diagnostic submission	Default:	Send diagnostic and usage stats to Apple
Allow modifying diagnostics settings	Default:	The user is allowed to change the diagnostic settings

Classroom-App

The Classroom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.

Restriction	Default	Explanation
Allow remote screen monitoring	Default:	If not allowed, remote screen monitoring is disabled by the Classroom app. When screenshots are disabled, the Classroom app does not observe remote screens.
Force courses to be joined automatically	Default:	If enforced, the instructor's requests are automatically accepted without prompting the student.
Force permission to leave classes	Default:	If enforced, a student enrolled in an unmanaged course through Classroom must ask the instructor for permission to leave the course.
Force app and device lock	Default:	If enforced, the teacher can lock apps or the device without prompting the student.
Force screen monitoring	Default:	When enforced and remote screen monitoring is allowed, a student enrolled in a managed course through the classroom app automatically grants permission to watch the screen without being prompted.

Restrictions for supervised devices

A range of restrictions is only available for devices in the Supervised embedding mode.

For devices with the profile Device or shared iPadFor devices with the profile Device or shared iPad

Restrictions	Default	Explanation
Restrict app use	Default: Allow all apps Do not allow certain apps Allow only certain apps	Configures whether no restriction, a blacklist or a whitelist is used for apps. supervised devices only
Blocked apps Allowlisted Apps	×Click box for app selection	Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps Searches the entire App Store for possible apps. supervised devices only
Blocked apps Allowlisted Apps	Add system apps	If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only
Allow AirDrop	'	If set to false, AirDrop will be disabled supervised devices only
Allow AirPrint	'	If set to false, AirPrint will be disabled supervised devices only
Allow saving AirPrint credentials	'	If set to false, the storage of AirPrint credentials is disabled supervised devices only
Allow AirPrint iBeacon detection	'	If set to false, AirPrint iBeacon detection will be disabled supervised devices only
Allow change of mobile tariff	'	If set to false, the change of the mobile tariff will be disabled supervised devices only non
Allow cloud keychain synchronization	'	If set to false, cloud keychain synchronization is disabled supervised devices only
Allow private cloud relay	'	If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only
Allow eSIM changes	'	If set to false, the eSIM change will be disabled
Allow access to files on USB drive	'	If set to false, access to the files USB drive is disabled supervised devices only
Allow change to find my friends	'	If set to false, the modification will be disabled for find my friends supervised devices only
Allow host pairing	'	If set to false, host pairing is disabled supervised devices only
Allow NFC	'	If set to false, NFC will be disabled supervised devices only
Allow auto-complete password	'	If set to false, the auto-completion of the password will be disabled supervised devices only
Allow device to enter sleep mode	Default:	If set to false, the hibernation of the device is disabled supervised devices only
Allow requests for password proximity	'	If set to false, password proximity requests are disabled supervised devices only
Allow password sharing	'	If set to false, password sharing will be disabled supervised devices only
Allow change of personal hotspot	'	If set to false, the change of the personal hotspot will be disabled supervised devices only
Allow Podcasts	'	If set to false, podcasts will be disabled supervised devices only
Allow proximity settings for new device	'	If set to false, the proximity set-up for the new device will be disabled supervised devices only
Allow removal of system apps	'	If set to false, the removal of system apps is disabled supervised devices only
Allow non-paired external boot for recovery	'	If set to false, unpaired external booting for recovery is disabled supervised devices only
Allow restricted USB mode	'	If set to false, the restricted USB mode will be disabled supervised devices only
Allow VPN creation	'	If set to false, VPN creation will be disabled supervised devices only
Allowed apps in single app mode	Choose application	Allowed apps in single app mode supervised devices only
Force AirPrint Trusted TLS Requirement	'	If set to true, AirPrint enforces the trusted TLS request supervised devices only
Enforce authentication before autofill	'	If set to true, authentication is enforced before autofilling supervised devices only
Force automatic date and time	'	If set to true, the date and time are automatically enforced supervised devices only
Force WLAN to approved networks only	'	If set to true, WLAN is forced only on allowed networks supervised devices only
Allow account modification	Default:	If inactive, account modification will be disabled. This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps. iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. supervised devices only
Allow app removal	Default:	Allows the user to remove apps supervised devices only
Allow explicit content	Default:	Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only
Allow use of iMessage	Default:	Allow use of iMessage supervised devices only
Allow iBookstore	Default:	Supervised only. If disabled, iBookstore will be disabled supervised devices only
Allow erotica in the iBookstore	Default:	Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only
Allow use of iTunes	Default:	Allow the user to access and use iTunes supervised devices only
Allow use of Safari	Default:	Allows the user to use Safari supervised devices only
Allow Game Center	Default:	Allow Game Center
Allow adding Game Center friends	Default:	Allow the user to add friends to the Game Center supervised devices only
Allow modifying wallpaper	Default:	Allow changing the background image supervised devices only</smMS/deployment/profile.langall>
Permit configuration of the screen time	Default:	Allow configuration restrictions supervised devices only
Allow iCloud document sync	Default:	Allow document synchronization with iCloud supervised devices only
Allow auto-fill in Safari	Default:	Allows autocomplete in Safari browser supervised devices only
Allow predictive keyboard.	Default:	Allow predictive keyboard. supervised devices only
Allow keyboard shortcuts.	Default:	Allow keyboard shortcuts. supervised devices only
Allow autocorrect.	Default:	Allow autocorrect. supervised devices only
Allow correction help.	Default:	Allow correction help. supervised devices only
Allow definition.	Default:	Allow definition. supervised devices only
Allow video conferencing	Default:	Allow video conferencing supervised devices only
Enable Siri profanity filter	Default:	Enables Siri profanity filter. supervised devices only
Allow app installation from Apple Configurator and iTunes	Default:	Allow only a connected Mac host to install applications supervised devices only
Allow automatic app downloads	Default:	Allows automatic app downloads supervised devices only
Allow app installation from the app store	Default:	Allow the user to install applications supervised devices only
Allow modifying passcode	Default:	Allow changing the passcode supervised devices only
Allow UI configuration profile installation	Default:	If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only
Allow erase all content and settings	Default:	If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only
Allow app clips	Default:	When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only
Force delayed app updates	Default:	If set to true, delayed app updates are forced supervised devices only
Force delayed software updates	Default:	When active, user visibility of software updates is delayed. supervised devices only
Software Update Delay in days	Default: 30	With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only

For Apple TVsFor Apple TVs

Restrictions	Default	Explanation
Restrict app use	Default: Allow all apps Do not allow certain apps Allow only certain apps	Configures whether no restriction, a blacklist or a whitelist is used for apps. supervised devices only
Blocked apps Allowlisted Apps	×Click box for app selection	Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps Searches the entire App Store for possible apps. supervised devices only
Blocked apps Allowlisted Apps	Add system apps	If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only
Allow AirDrop	'	If set to false, AirDrop will be disabled supervised devices only
Allow AirPrint	'	If set to false, AirPrint will be disabled supervised devices only
Allow saving AirPrint credentials	'	If set to false, the storage of AirPrint credentials is disabled supervised devices only
Allow AirPrint iBeacon detection	'	If set to false, AirPrint iBeacon detection will be disabled supervised devices only
Allow change of mobile tariff	'	If set to false, the change of the mobile tariff will be disabled supervised devices only non
Allow cloud keychain synchronization	'	If set to false, cloud keychain synchronization is disabled supervised devices only
Allow private cloud relay	'	If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only
Allow eSIM changes	'	If set to false, the eSIM change will be disabled
Allow access to files on USB drive	'	If set to false, access to the files USB drive is disabled supervised devices only
Allow change to find my friends	'	If set to false, the modification will be disabled for find my friends supervised devices only
Allow host pairing	'	If set to false, host pairing is disabled supervised devices only
Allow NFC	'	If set to false, NFC will be disabled supervised devices only
Allow auto-complete password	'	If set to false, the auto-completion of the password will be disabled supervised devices only
Allow device to enter sleep mode	Default:	If set to false, the hibernation of the device is disabled supervised devices only
Allow requests for password proximity	'	If set to false, password proximity requests are disabled supervised devices only
Allow password sharing	'	If set to false, password sharing will be disabled supervised devices only
Allow change of personal hotspot	'	If set to false, the change of the personal hotspot will be disabled supervised devices only
Allow Podcasts	'	If set to false, podcasts will be disabled supervised devices only
Allow proximity settings for new device	'	If set to false, the proximity set-up for the new device will be disabled supervised devices only
Allow removal of system apps	'	If set to false, the removal of system apps is disabled supervised devices only
Allow non-paired external boot for recovery	'	If set to false, unpaired external booting for recovery is disabled supervised devices only
Allow restricted USB mode	'	If set to false, the restricted USB mode will be disabled supervised devices only
Allow VPN creation	'	If set to false, VPN creation will be disabled supervised devices only
Allowed apps in single app mode	Choose application	Allowed apps in single app mode supervised devices only
Force AirPrint Trusted TLS Requirement	'	If set to true, AirPrint enforces the trusted TLS request supervised devices only
Enforce authentication before autofill	'	If set to true, authentication is enforced before autofilling supervised devices only
Force automatic date and time	'	If set to true, the date and time are automatically enforced supervised devices only
Force WLAN to approved networks only	'	If set to true, WLAN is forced only on allowed networks supervised devices only
Allow account modification	Default:	If inactive, account modification will be disabled. This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps. iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. supervised devices only
Allow app removal	Default:	Allows the user to remove apps supervised devices only
Allow explicit content	Default:	Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only
Allow use of iMessage	Default:	Allow use of iMessage supervised devices only
Allow iBookstore	Default:	Supervised only. If disabled, iBookstore will be disabled supervised devices only
Allow erotica in the iBookstore	Default:	Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only
Allow use of iTunes	Default:	Allow the user to access and use iTunes supervised devices only
Allow use of Safari	Default:	Allows the user to use Safari supervised devices only
Allow Game Center	Default:	Allow Game Center
Allow adding Game Center friends	Default:	Allow the user to add friends to the Game Center supervised devices only
Allow modifying wallpaper	Default:	Allow changing the background image supervised devices only</smMS/deployment/profile.langall>
Permit configuration of the screen time	Default:	Allow configuration restrictions supervised devices only
Allow iCloud document sync	Default:	Allow document synchronization with iCloud supervised devices only
Allow auto-fill in Safari	Default:	Allows autocomplete in Safari browser supervised devices only
Allow predictive keyboard.	Default:	Allow predictive keyboard. supervised devices only
Allow keyboard shortcuts.	Default:	Allow keyboard shortcuts. supervised devices only
Allow autocorrect.	Default:	Allow autocorrect. supervised devices only
Allow correction help.	Default:	Allow correction help. supervised devices only
Allow definition.	Default:	Allow definition. supervised devices only
Allow video conferencing	Default:	Allow video conferencing supervised devices only
Enable Siri profanity filter	Default:	Enables Siri profanity filter. supervised devices only
Allow app installation from Apple Configurator and iTunes	Default:	Allow only a connected Mac host to install applications supervised devices only
Allow automatic app downloads	Default:	Allows automatic app downloads supervised devices only
Allow app installation from the app store	Default:	Allow the user to install applications supervised devices only
Allow modifying passcode	Default:	Allow changing the passcode supervised devices only
Allow UI configuration profile installation	Default:	If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only
Allow erase all content and settings	Default:	If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only
Allow app clips	Default:	When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only
Force delayed app updates	Default:	If set to true, delayed app updates are forced supervised devices only
Force delayed software updates	Default:	When active, user visibility of software updates is delayed. supervised devices only
Software Update Delay in days	Default: 30	With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only