Now Loading
Logo Image

Proget Console

Home  /  Proget Console  /  Administrator guide  /  Policies  /  iOS

iOS

Password
Password required
  • Policy defines requirements for device password. Once done, user must set the device password.
    • Password length
  • The policy defines the minimum length of the password used on the device.
    • Required number of special characters
  • Policy defines the number of special !@#$%^&*()_+<>:”?{}| characters in the device password.
    • Number of attempts to unlock
  • Policy defines the number of incorrect password attempts followed by a device wipe.
    • Number of passwords saved
  • Policy defines how many prior passwords the device should remember while changing the password.
    • Password expiration (in days)
  • Policy defines how long the password may be used and sets the time for the user to change the password on the device. For value 0, the password does not expire.
    • Device block grace period
  • Policy defines the maximum time for user to unblock the device again without entering the password.
    • Allow Touch ID or Face ID unlock
  • Policy specifies whether user can use Touch ID or Face ID to unlock the device.
    • Allow device password changes (supervisor mode)
  • Policy determines whether a user can add, change, or remove device passwords.
    • Allow modifying Touch ID or Face ID (supervisor mode)
  • Policy specifies whether user can modify Touch ID or Face ID.
    • Max inactive time (in minutes)
  • Policy defines user inactive time duration, then blanks the screen and blocks the device with the current password. On iOS 13 and later, the maximum inactivity time is 5 minutes.
    • Allow to auto unlock device
  • Policy determines whether the automatic device unlock function is available. Available on iOS 14.5 and later.
    • Apps
    Allow using iTunes store
  • Policy defines the use of iTunes store.
    • Allow use News app (supervisor mode)
  • Policy determines whether the user can use the News app.
    • Allow use podcasts (supervisor mode)
  • Policy determines whether the user can add new podcasts.
    • Allow App Clips (supervisor mode)
  • If unchecked, prevents a user from adding any App Clips, and removes any existing App Clips on the device. Available in iOS 14.0 and later.
    • Allow use of Game Center (supervisor mode)
  • Policy determines whether the Game Center is available on the device. If the policy is disabled, the Game Center icon is removed from the home screen and the user cannot use the Game Center.
    • Allow multiplayer gaming (supervisor mode)
  • Policy determines whether the user can use multiplayer in games. If the “Allow add friends to Game Center” policy is disabled, the user can only play multiplayer games with existing friends. If the policy is disabled, the user cannot use multiplayer in games and cannot add new friends to the Games Center.
    • Adding Friends from Game Center (supervisor mode)
  • If unselected, prohibits adding friends to Game Center.
    • Allow use of Safari (supervisor mode)
  • If unselected, disables the Safari web browser app, and its icon is removed from the Home screen. This setting also prevents users from opening web clips.
    • Allow autocomplete of fields
  • Policy defines if browser may use autocomplete.
    • Force fraud warning
  • Policy determines whether the Safari warns user if they visit a web site marked as threatened or compromised.
    • Allow use of JavaScript
  • Policy determines whether Safari may use JavaScript. Disabling this feature will block the use of the Proget app store.
    • Allow pop-ups
  • Policy defines if browser should block pop-ups.
    • Accept cookies
  • Policy defines if browser may use cookies.
    • Default domains
    Email domains
  • Policy defines email domains that will be considered as default email domains. Email addresses from other domains will be highlighted as external email in Mail app.
    • Web domains
  • Policy defines domains that will be considered as default. This means that if you download a document from the default domain using Safari, it will be considered a managed item. Depending on the open-in policy, the document can be opened by managed or unmanaged applications.
    • Disallow manually adding passwords to the keychain
  • The policy determines whether users can manually add passwords to the keychain. If unchecked, users can add site, user and password in password settings.
    • Password AutoFill domains
  • Policy defines whether users can save passwords in Safari from URLs matching the listed patterns.
    • Allow to install and update applications (supervisor mode)
  • If unselected, disables the App Store, and its icon is removed from the Home screen. Users are unable to install or update their apps.
    • Allow to install and update applications via the App Store (supervisor mode)
  • Policy determines whether an App Store application is available on the device. If the policy is disabled, you will still be able to use iTunes app and update installed applications.
    • Allow automatic app downloads (supervisor mode)
  • Policy determines whether the device can automatically download applications purchased on other device. Policy does not affect updates to existing apps.
    • Allow QuickPath keyboard (supervisor mode)
  • If unselected, disables QuickPath keyboard.
    • Allow Files to access network drivers (supervisor mode)
  • If unselected, prevents connecting to network drives in the Files app.
    • Allow Files to access USB drivers (supervisor mode)
  • If unselected, prevents connecting to any connected USB devices in the Files app.
    • Allow Find My Device (supervisor mode)
  • If unselected, disables Find My Device in the Find My app.
    • Allow Find My Friends (supervisor mode)
  • If unselected, disables Find My Friends in the Find My app.
    • Allow to write contacts to unmanaged accounts
  • If selected, managed apps can write contacts to unmanaged contacts accounts. If allow open documents from managed sources in unmanaged destinations is selected, this restriction has no effect.
    • Allow system apps removal (supervisor mode)
  • If unselected, disables the removal of system apps from the device.
    • Require trusted TLS certificates for AirPrint (supervisor mode)
  • If selected, requires trusted certificates for TLS printing communication.
    • Force automatic update of work apps
  • The policy enforces automatic updates of work apps on devices. The apps will be updated when a new version is detected in the App Store.
    • Education
    Allow remote screen observation (supervisor mode)
  • If unselected, disables remote screen observation by the Classroom app. If allow screenshot is unselected, the Classroom app doesn’t observe remote screens.
    • Require automatically join to classes (supervisor mode)
  • If selected, automatically gives permission to the teacher’s requests without prompting the student.
    • Require request permission to leave classes (supervisor mode)
  • If selected, a student enrolled in an unmanaged course through Classroom requests permission from the teacher when attempting to leave the course.
    • Allow app and device lock (supervisor mode)
  • If selected, allows the teacher to lock apps or the device without prompting the student.
    • Allow screen observation (supervisor mode)
  • If selected and Allow remote screen observation is also selected, a student enrolled in a managed course via the Classroom app automatically gives permission to that course teacher’s requests to observe the student’s screen without prompting the student.
    • Functionality
    Force device periodically connection to the server
  • Policy determines whether the device have to connect to the MDM server at a specific time interval. Enabling this policy forces the device to contact the server periodically. The date of the last connection will be saved on the server each time.
    • Allow camera
  • The policy allows to use of camera. If unchecked, the camera will not work in all apps, including the Proget app.
    • Allow using FaceTime (supervisor mode)
  • If unselected, hides the FaceTime app.
    • Allow to take screenshots and record screen
  • Policy determines whether the user can take screenshots and record the screen.
    • Allow use AirDrop (supervisor mode)
  • Policy determines whether the user can use the AirDrop sharing feature. If the policy is disabled, the user cannot use the AirDrop feature in any applications and the AirDrop option is removed from the Control Center.
    • Allow use iMessage (supervisor mode)
  • Policy determines whether the user can use iMessage.
    • Allow use Apple Music service (supervisor mode)
  • Policy determines whether the user has access to Apple Music service. If the policy is disabled, the Music application returns to the classic mode.
    • Allow use radio service (supervisor mode)
  • Policy determines whether the user can use iTunes radio.
    • Allow voice dialing while device is locked
  • Policy determines whether the user can make voice calls while the device is locked.
    • Allow using Siri assistant
  • Policy defines using the Personal Assistant and Knowledge Navigator.
    • Allow using Siri assistant with blocked screen
  • Policy defines using the Personal Assistant and Knowledge Navigator when the device is blocked.
    • Enable Siri profanity filter (supervisor mode)
  • Policy determines whether the profanity filter is enabled in Siri.
    • Show user-generated content in Siri (supervisor mode)
  • Policy defines whether a user-generated content is displayed when using Siri.
    • Prohibit connecting to Siri servers when dictating
  • Policy disables connections to Siri Assistant servers for dictation. Available on iOS 14.5 and above.
    • Prohibit connecting to Siri servers for translation
  • Policy disables connections to Siri Assistant servers for translation purposes. Available on iOS 15 and above.
    • Allow iBooks Store (supervisor mode)
  • Policy determines whether the iBook Store is available on the device. If the policy is disabled, the user does not have access to the iBooks Store.
    • Allow removing apps (supervisor mode)
  • Specify whether a user can remove apps from an iOS device. Applying this rule to an unsupervised device may have unexpected results.
    • Allow purchasing with apps
  • Policy defines purchasing with apps.
    • iTunes password required for purchases
  • Policy defines if iTunes password is required for purchasing with apps.
    • Make iCloud backup copy
  • Policy defines if use may make a backup copy in iCloud.
    • Synchronization of documents with iCloud (supervisor mode)
  • If unselected, disables document and key-value syncing to iCloud.
    • Allow keychain sync with iCloud
  • If unchecked, disable iCloud keychain syncing.
    • Allow managed apps to store data in iCloud
  • Policy determines whether managed applications can store internal application data in iCloud.
    • Allow backup of enterprise books
  • Policy determines whether the device backup may include an enterprise books.
    • Allow notes and highlights sync for enterprise books
  • Policy determines whether the device can synchronize notes and highlights for enterprise books.
    • Allow iCloud photo sharing
  • Policy determines whether the user can enable photo sharing with iCloud. If the policy is disabled, the user can not share the stream of photos to other people. If policy is disabled, images and videos may be lost.
    • Allow use iCloud Photo Library (supervisor mode)
  • Policy determines whether a user can upload photos to iCloud Photo Library.
    • Allow iCloud Private Relay (supervisor mode)
  • Policy determines whether the iCloud Private Relay internet privacy service is available. Available on iOS 15 and above.
    • Allow privacy protection in Mail
  • If checked, your IP address is hidden from senders and remote content is downloaded privately in the background on receipt of the message (rather than while viewing it). Available on iOS 15.2 and above.
    • Allow use of NFC (supervisor mode)
  • Policy determines whether you can use NFC. Available on iOS 14.2 and above.
    • Allow use My Photo Stream
  • Policy determines whether the user can enable My Photo Stream. If the policy is disabled, photos in My Photo Stream will be deleted from the device and the Camera Roll will no longer be added to My Photo Stream.
    • Allow data synchronization in roaming
  • Policy defines if the device may automatically synchronize data in roaming.
    • Force encrypted backup copies
  • Policy defines if encrypted backup copies must be forced.
    • Allow unpaired devices to start recovery mode (supervisor mode)
  • Policy allows recovery devices to run on an unpaired device. Requires a supervised device. Available on iOS 14.5 and above.
    • Force limited ad tracking
  • Policy determines whether applications on the device can use the Advertising Identifier to provide targeted ads to users.
    • Allow Apple personalized advertising
  • If unchecked, limits Apple personalized advertising. Available in iOS 14 and later.
    • Allow Erase All Content and Settings (supervisor mode)
  • Policy determines whether the user can use the Erase All Content and Settings option to wipe the device.
    • Accept untrusted TLS certificates
  • Policy defines if untrusted TLS certificates may be accepted.
    • Allow automatic updates to certificate trust settings
  • Policy determines whether the device allows automatic updates for trusted certificates over a wireless connection.
    • Allow installing additional configuration profiles (supervisor mode)
  • Policy determines whether the user can install additional configuration profiles on the device.
    • Allow modifying account settings (supervisor mode)
  • Policy determines whether the user can change the account settings which is added to the device. If the policy is disabled, the user cannot add new accounts and modify the settings of the accounts currently in use.
    • Allow Bluetooth changes (supervisor mode)
  • Policy determines whether the user can change the Bluetooth settings on the device.
    • Allow modifying cellular data app settings (supervisor mode)
  • Policy determines whether the user can change the mobile data usage settings for the applications installed on the device.
    • Allow device name changes (supervisor mode)
  • Policy determines whether the user can change the device name.
    • Allow modifying Find My Friends settings (supervisor mode)
  • Policy determines whether the user can change the “Find my friends” settings. The policy works if Find My Friend application is installed on the device.
    • Allow notification changes (supervisor mode)
  • Policy determines whether the user can change the notification settings on the device.
    • Allow configuring restrictions (supervisor mode)
  • Policy determines whether the user can configure their own restrictions on the device to prevent access to applications or device functionality.
    • Allow wallpaper changes (supervisor mode)
  • Policy determines whether the user can change the wallpaper of the device screen.
    • Allow join only Wi-Fi networks installed by profiles (supervisor mode)
  • Policy determines whether the device can join only to Wi-Fi networks installed by the management profile. Available on iOS 14.5 and above.
    • Allow pairing with a computer that is not an Apple Configurator (supervisor mode)
  • Policy determines whether the device can be paired with a computer that is not an Apple Configurator.
    • Enable Activation Lock for devices with Apple Business Manager (supervisor mode)
  • The policy enforces the use of Activation Lock for devices in supervisor mode with Apple Business Manager.
    • Allow Activation Lock (supervisor mode)
  • The policy allows Activation Lock for devices in supervisor mode.
    • Allow open documents from managed sources in unmanaged destinations
  • Policy determines whether the user can open documents and attachments from managed applications and accounts in personal applications. Safari and AirDrop will continue to display all applications as a possible source where the user can open documents regardless of the setting for this rule, or the rule “Allow documents from unmanaged sources in managed destinations”.
    • Allow documents from unmanaged sources in managed destinations
  • Policy determines whether the user can open documents and attachments from personal applications and accounts in managed applications. Safari and AirDrop will continue to display all applications as a possible source where the user can open documents regardless of the setting for this rule, or the rule “Allow open documents from managed sources in unmanaged destinations”.
    • Force AirDrop to be unmanaged
  • Policy determines whether AirDrop is to be seen as a source for opening in managed applications.
    • Allow use Handoff
  • Policy determines whether the user can use the feature to transfer user activities among multiple devices associated with the user.
    • Allow Internet results in Spotlight (supervisor mode)
  • Policy determines whether the user can use Spotlight search returns to Internet search when searching for content on a device.
    • Send diagnostic data to Apple
  • Policy defines if diagnostic data should be sent to Apple.
    • Allow modifying diagnostics settings (supervisor mode)
  • Policy determines whether the user can change the diagnostic settings.
    • Enable Apple Watch wrist detection
  • Policy determines whether the Apple Watch must use the wrist detection function.
    • Allow pairing with Apple Watch (supervisor mode)
  • Policy determines whether the user can pair the device with an Apple Watch.
    • Require device passcode on first AirPlay pairing
  • Policy determines whether a password is required during the first pairing with AirPlay devices. If policy is enabled, all devices receiving an AirPlay request, must use a pairing password.
    • Allow use predictive keyboard (supervisor mode)
  • Policy determines whether the user can use predictive keyboards.
    • Allow use keyboard shortcuts (supervisor mode)
  • Policy determines whether the user can use keyboard shortcuts on the device keyboard.
    • Allow use auto-correction (supervisor mode)
  • Policy determines whether the user can use keyboard auto-correction.
    • Allow use spell check (supervisor mode)
  • Policy determines whether the user can use spell checking when writing text.
    • Allow use Define (supervisor mode)
  • The policy determines whether the user can use the Define function to search for definitions with a double click.
    • Show Wallet notifications in Lock screen
  • Policy determines whether Wallet notifications are displayed on a locked device screen.
    • Show Control Center in lock screen
  • Policy determines whether the user can access Control Center on the lock screen.
    • Show Notification Center in lock screen
  • Policy determines whether the user access the Notifications view in Notification Center on the lock screen.
    • Show Today view in lock screen
  • Policy determines whether the user can access the Today view in Notification Center on the lock screen.
    • Allow AirPrint (supervisor mode)
  • If unselected, disables AirPrint.
    • Allow AirPrint credentials storage (supervisor mode)
  • If unselected, disables keychain storage of user name and password for AirPrint.
    • Allow AirPrint iBeacon discovery (supervisor mode)
  • If unselected, disables iBeacon discovery of AirPrint printers, which prevents spurious AirPrint Bluetooth beacons from phishing for network traffic.
    • Allow cellular plan modification (supervisor mode)
  • If unselected, users can’t change any settings related to their cellular plan.
    • Allow dictation (supervisor mode)
  • If unselected, disallows dictation input.
    • Allow eSIM modification (supervisor mode)
  • If unselected, disables modifications to the eSIM setting.
    • Allow password autofill (supervisor mode)
  • If unselected, disables the AutoFill Passwords feature in iOS (with Keychain and third-party password managers) and the user isn’t prompted to use a saved password in Safari or in apps.
    • Allow password request from nearby devices (supervisor mode)
  • If unselected, disables requesting passwords from nearby devices. Feature limited to requesting Wi-Fi access password.
    • Allow password sharing via AirDrop (supervisor mode)
  • If unselected, disables sharing passwords with the Airdrop Passwords feature.
    • Allow personal hotspot modification (supervisor mode)
  • If unselected, disables modifications of the personal hotspot setting.
    • Allow setup to new device (supervisor mode)
  • If unselected, disables the prompt to set up new devices that are nearby.
    • Allow unmanaged apps to read contacts from managed accounts
  • If unselected, unmanaged apps can read from managed contacts accounts. If Allow open documents from managed sources in unmanaged destinations is selected, this restriction has no effect. Also available for user enrollment.
    • Allow connect devices via USB (supervisor mode)
  • If unselected, allows the device to always connect to USB accessories while locked.
    • Allow create VPN (supervisor mode)
  • If unselected, disables the creation of VPN configurations.
    • Delayed OS updates (supervisor mode)
  • If selected, delays user visibility of OS updates.
    • Delay software updates (supervisor mode)
  • Sets how many days to delay a software update on the device. With this restriction in place, the user doesn’t see a software update until the specified number of days after the software update release date.
    • Require authentication before password autofill (supervisor mode)
  • If selected, the user must authenticate before passwords or credit card information can be autofilled in Safari and Apps. If this restriction isn’t enforced, the user can toggle this feature in Settings. Only supported on devices with Face ID or Touch ID.
    • Require automatic date and time (supervisor mode)
  • If selected, enables the Set Automatically feature in Date & Time and can’t be disabled by the user. The device’s time zone is updated only when the device can determine its location using a cellular connection or Wi-Fi with location services enabled.
    • Require turned on Wi-Fi (supervisor mode)
  • If selected, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use.
    • Require Managed Pasteboard
  • Helps control the pasting of content from an app that’s using Open In management by following the Managed Open In restrictions in force. Apple apps that work with the managed pasteboard include Calendar, Files, Mail, and Notes. Third-party apps are controlled based on whether or not they are managed. When a user attempts to paste content where it isn’t permitted, a Paste Not Allowed notice appears along with the organization’s name (which can be changed using the Settings command). Apps also can’t request items from the pasteboard when this restriction is used and the content crosses the managed boundary.
    • Allow Rapid Security Response installation (supervisor mode)
  • The policy determines whether a user can install Rapid Security Response. Available for iOS 16 and later.
    • Allow Rapid Security Response removal (supervisor mode)
  • The policy determines whether the user can remove Rapid Security Response. Available for iOS 16 and later.
    • Media
    Ratings region
  • Policy determines which region will be used for content ratings.
    • Allowed content ratings
    Movies
  • Policy determines the maximum allowed rating for movies that users can download from the iTunes Store. Use this rule to block access to new and existing movies that exceed a maximum rating. If set to “Do not allow movies,” all movies purchased from iTunes Store are hidden and users can not preview, purchase, or download movies.
    • TV Shows
  • Policy determines the maximum allowed rating for TV shows that users can download from the iTunes Store. Use this rule to block access to new and existing TV shows that exceed a maximum rating. If set to “Do not allow TV shows,” all TV shows purchased from the iTunes Store are hidden and users cannot preview, purchase, or download TV shows.
    • Apps
  • Policy determines the maximum allowed rating for apps that users can download from the App Store. Use this rule to block access to new and existing apps that exceed a maximum rating. This rule does not apply to built-in iOS apps. If set to “Do not allow apps,” all apps purchased from the App Store are hidden and users cannot install or update apps.
    • Allow playback of explicit music, podcasts, and iTunes U media
  • Policy determines that explicit music or video content purchased from the iTunes Store or listed in iTunes U is available on an iOS device. Explicit content is flagged by content providers, such as record labels, when sold through the iTunes Store or distributed through iTunes U. If this rule is not selected, explicit music or video content on the device is hidden and users cannot preview, purchase, or download explicit music or video content.
    • Allow explicit sexual content in iBooks Store
  • Policy determines that explicit sexual content purchased from the iBooks Store is available on an iOS device. Explicit content is flagged by content providers when sold through the iBooks Store. If this rule is not selected, explicit books on the device are hidden and users cannot preview, purchase, or download books with explicit sexual content.
    • Web content filter
    Content filtering
  • Policy defines whether you can use web content filter to limit the websites that a user can view in Safari or other browser apps on an iOS device.
    • Turn on automatic filtering (supervisor mode)
  • This option enables automatic filtering to identify and block inappropriate content. You can also include specific websites using the following settings “Permitted URLs” and “Blacklisted URLs”
    • Permitted URLs (supervisor mode)
  • Policy defines whether you can add one or more URLs to allow access to specific websites. Users can view websites in this list regardless of whether automatic filtering blocks access.
    • Blacklisted URLs (supervisor mode)
  • Policy defines whether you can add one or more URLs to deny access to specific websites. Users cannot view websites in this list regardless of whether automatic filtering allows access.
    • Specified Internet addresses (supervisor mode)
  • Policy defines whether user has access only to the websites that you specify. Additionally, a bookmark is created in Safari for each allowed website.