User Enrolment MDM restrictions for Apple devices
You can set certain restrictions on iPhone and iPad devices owned by users enrolled in a mobile device management (MDM) solution.
Unmanaged apps to read managed contacts
Unmanaged apps can read contacts from managed accounts, even if unmanaged apps are prevented from reading to managed destinations.
Treat AirDrop as unmanaged destination
Users see AirDrop as an option from a managed app.
For this restriction to work when it’s enabled, you must also disable “Allow documents from managed sources in unmanaged destinations”.
Force Apple Watch wrist detection
Apple Watch locks automatically when it’s removed from the user’s wrist. It can be unlocked with its passcode or the paired iPhone.
Managed app’s stored data in iCloud
Users can’t store data from managed apps in iCloud.
Backup of enterprise books
Users can’t back up books distributed by their organisation to iCloud, iTunes (in macOS 10.14 or earlier) or the Finder (in macOS 10.15 or later).
Notes and highlights sync for enterprise books
Users can’t sync notes or highlights to other devices using iCloud.
Require passcode on first AirPlay pairing
A passcode is required when an iOS, iPadOS or tvOS device is first paired for AirPlay.
Documents from managed sources appear in unmanaged destinations
Documents created or downloaded from managed sources can’t be opened in unmanaged destinations.
Documents from unmanaged sources appear in managed destinations
Documents created or downloaded from unmanaged sources can’t be opened in managed destinations.
Notification Centre in Lock screen
Users can’t view the Notification history when the screen is locked; however, they can still view a Notification when it appears.
Today view in Lock screen
Users can’t swipe down to see Notification Centre using Today View in the Lock screen.
Control Centre in Lock screen
Users can’t swipe up to view Control Centre.
Send diagnostic and usage data to Apple
Users can’t choose to send diagnostic information to Apple.
Siri while device is locked
Siri responds only when the device is unlocked.
Siri can’t be used.
Force encrypted backups
Users can’t choose whether device backups performed in iTunes (in macOS 10.14 or earlier) or the Finder (in macOS 10.15 or later) are stored in encrypted format on the user’s Mac.
If any profile is encrypted and this option is turned off, encryption of backups is required and enforced by iTunes or the Finder.
Profiles installed on the device by Profile Manager are never encrypted.
Force fraud warning
Safari attempts to prevent the user from visiting websites identified as being fraudulent or compromised.
Screenshots and screen recordings
Users can’t save a screenshot or recording of the screen.