Manage organizational data on Apple devices
With Managed Open In available on iPhone, iPad, and Apple Vision Pro, you can define how data can be exchanged between Managed Apps, unmanaged apps, and accounts. This allows you to set restrictions which help prevent users from exporting a document from a Managed App to an unmanaged app.
Managed Apps
When apps are installed using a device management service on iPhone, iPad, and Apple Vision Pro devices, they’re installed as a Managed App. You can define how data stored in a Managed App is handled:
Prevent Managed Apps from storing data in iCloud: This restriction prevents Managed Apps from storing and syncing data using iCloud. Data created by users in unmanaged apps can still be stored in iCloud.
Exclude Managed App data from backup: You can define for each individual Managed App whether its data is included in a backup. The app itself is always excluded from a backup.
Separate Managed App data with account-driven enrollments: Managed App data is stored using separate encryption keys and use the Managed Apple Account associated with the device management service enrollment for iCloud data synchronization.
Managed extensions
Apps may provide extensions which allow them to provide functionality to other apps or the operating system, enabling new workflows between apps. Examples of extensions include:
Document provider extensions: These allow productivity apps to open documents from a variety of cloud services.
Share extensions: These give users a convenient way to share content with other entities.
Action extensions: These let users manipulate or view content within the context of another app.
If an extension is part of a Managed App, it follows the same Managed Open In settings.
Managed accounts
In addition to Managed Apps, you can also provide organizational email, calendar, and contact accounts to managed devices. Attachments stored with those accounts follow configured Managed Open In settings.
Managed domains
You can specify URLs and domains as managed domains. Downloads from Safari are considered managed documents if they originate from a managed domain. For example, if a user downloads a PDF from a managed domain, it requires that the PDF complies with the Managed Open In settings.
For more information, see Managed domain examples.
Managed books
Like with Managed Apps, you can prevent managed books from being backed up. Managed books also comply with applied Managed Open In settings which restricts them to be shared only with other Managed Apps, or store them using a Managed Apple Account.
Managed Open In
Managed Open In offers different settings to help manage the data flow on a device:
Feature and restriction name | Description |
|---|---|
Force AirDrop as unmanaged destination
| When this restriction is set, AirDrop is treated as an unmanaged destination. |
Managed pasteboard
| This restriction helps control the pasting of content between managed and unmanaged destinations. When the above restrictions are enforced, pasting of content follows configured Managed Open In settings for apps and accounts. Apps also can’t request items from the pasteboard when this restriction is used and the content crosses the managed boundary. For devices with iOS 16 and iPadOS 16.1, or later, this includes managed domains. |
Allow documents from unmanaged sources in managed destinations
| Setting this restriction to |
Allow documents from managed sources in unmanaged destinations
| Setting this restriction to
|
Feature and restriction name | Description |
|---|---|
Allow unmanaged apps to read contacts from managed accounts
| This restriction can be used to still allow an unmanaged app to read contacts of a managed account. |
Allow Managed Apps to create contacts for unmanaged accounts
| This restriction can be used to still allow Managed Apps to write contacts to unmanaged accounts. |
Managed Open In settings also apply to third-party keyboard extensions. These rules can prevent:
Unmanaged keyboards from appearing over Managed Apps.
Keyboards from Managed Apps appearing over unmanaged apps.