User Enrollment MDM restrictions for Apple devices
You can set certain restrictions on iPhone and iPad devices owned by users enrolled in a mobile device management (MDM) solution.
Setting | Functionality restriction | Introduced |
|---|---|---|
Unmanaged apps to read managed contacts | Unmanaged apps can read contacts from managed accounts, even if unmanaged apps are prevented from reading to managed destinations. | 12.0 |
Treat AirDrop as unmanaged destination | Users see AirDrop as an option from a managed app. For this restriction to work when it’s enabled, you must also disable “Allow documents from managed sources in unmanaged destinations.”
| 9.0 |
Force Apple Watch wrist detection | Apple Watch locks automatically when it’s removed from the user’s wrist. It can be unlocked with its passcode or the paired iPhone. | 8.2 |
Managed app’s stored data in iCloud | Users can’t store data from managed apps in iCloud. | 8.0 |
Backup enterprise books | Users can’t back up books distributed by their organization to iCloud, the Finder (in macOS 10.15 or later), and iTunes (in macOS 10.14 or earlier). | 8.0 |
Notes and highlights sync for enterprise books | Users can’t sync notes or highlights to other devices using iCloud. | 8.0 |
Require passcode on first AirPlay pairing | A passcode is required when an iOS, iPadOS, or tvOS device is first paired for AirPlay. | 7.1 |
Documents from managed sources appear in unmanaged destinations | Documents created or downloaded from managed sources can’t be opened in unmanaged destinations.
| 7.0 |
Documents from unmanaged sources appear in managed destinations | Documents created or downloaded from unmanaged sources can’t be opened in managed destinations.
| 7.0 |
Notification Center in Lock Screen | Users can’t view the Notification history when the screen is locked; however, they can still view a Notification when it appears. | 7.0 |
Today view in Lock Screen | Users can’t swipe down to see Notification Center using Today View in the Lock Screen. | 7.0 |
Control Center in Lock Screen | Users can’t swipe up to view Control Center. | 7.0 |
Send diagnostic and usage data to Apple | Users can’t choose to send diagnostic information to Apple. | 6.0 |
Siri while device locked | Siri responds only when the device is unlocked. | 5.1 |
Siri | Siri can’t be used. | 5.0 |
Force encrypted backups | Users can’t choose whether device backups performed in the Finder (in macOS 10.15 or later), and iTunes (in macOS 10.14 or earlier) are stored in encrypted format on the user’s Mac. If any profile is encrypted and this option is turned off, encryption of backups is required and enforced by the Finder or iTunes. Profiles installed on the device by Profile Manager are never encrypted. | 4.0 |
Force fraud warning | Safari attempts to prevent the user from visiting websites identified as being fraudulent or compromised. | 4.0 |
Screenshots and screen recordings | Users can’t save a screenshot or recording of the screen. | 3.1 |