App installation MDM restrictions for Apple devices
You can restrict how apps are installed on supported iPhone, iPad, Mac, and Apple TV devices enrolled in a mobile device management (MDM) solution or with Apple Configurator 2 (iPhone, iPad, and Apple TV only). See the Apple Configurator 2 User Guide.
macOS can’t use the content caching service in the Sharing Preferences pane.
Defer software updates
There are two options when deferring software updates:
Restrict App Store to MDM installed apps and software updates only
The App Store can only be used to update apps installed by MDM and Apple software updates.
App Store app adoption
iLife and iWork apps that shipped with macOS can’t be adopted by the App Store.
Manage app folder access
You can list folders from which apps can be launched and folders from which apps can’t be launched.
Require admin password to install or update apps
An administrator password is required in order to update any apps.
Remove system apps
Users can’t remove iOS or iPadOS-native apps.
Restrict app usage
Allows any apps other than Settings or Phone (iPhone) to be placed in an approved list.
Automatic app downloads
The App Store won’t automatically download apps.
Users can’t remove installed apps.
Users can’t make in-app purchases.
Install apps using App Store
App Store is disabled and its icon is removed from the Home screen. Users can’t install or update apps from the App Store using iTunes (in macOS 10.14 or earlier) or the Finder (in macOS 10.15 or later).
In iOS 10 or later, MDM can override this restriction.
In-house enterprise apps can still be installed and updated.
Note: If native iOS and iPadOS system apps are removed, they can be reinstalled.
No (iOS 12.4 or earlier)
Yes (iOS 13 and iPadOS)