Restriction Payload Windows Mobile
Description
This payload can be used to restrict Windows Phone device capabilities.
Configuration
MANDATORY | DESCRIPTION | Default |
|---|---|---|
Wifi | ||
Allow WiFi | Allow or disallow WiFi connection. (Configurable by Exchange as well definition will be consistent with EAS definition.) | [Checked] |
Allow Internet Sharing | Allow or disallow internet sharing (Configurable by Exchange as well definition will be consistent with EAS definition.) | [Checked] |
Allow Auto Connect To WiFi Sense Hotspots | Allow or disallow the device to automatically connect to Wi-Fi hotspots and friend social network. | [Checked] |
Allow WiFi HotSpot Reporting | Allow or disallow WiFi Hotspot information reporting to Microsoft. Once disallowed, the user cannot turn it on. | [Checked] |
Allow Manual WiFi Configuration | Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. | [Checked] |
WLAN Scan Mode | This policy defines the frequency mode for active Wi-Fi scanning trigger when the screen is off and on. A high setting would result in faster/better WiFi discoverability. | (Normal interval) |
Connectivity | ||
Allow NFC | Allow or disallow NFC. | [Checked] |
Allow Bluetooth | Set Bluetooth mode. | [Checked] |
Allow VPN Roaming Over Cellular | This policy when enforced will prevent the device from connecting VPN when the device roams over cellular networks. | [Checked] |
Allow VPN Over Cellular | This policy specifies what type of underline connections a VPN is allowed to be used. | [Checked] |
Allow Manual VPN Configuration | This policy allows the enterprise to enforce VPN protection by disabling all VPN settings. It prevents the user from manually configuring VPN settings that do not comply with company security policy. | [Checked] |
Cellular App Download 20 MB Limit | This policy specifies the maximum app file size in MB allowed for downloading through a cellular connection. 20MB is the default limit if checked the operator imposed limit will be in effect. | [Not Checked] |
Allow USB Connection | Allow/Disallow desktop to access phone storage via USB.(Both MTP and IPoUSB) are disabled when policy enforced. | [Checked] |
Allow Cellular Data Roaming | Disable/enable SD card. | [Checked] |
System | ||
Allow Storage Card | Allow or disallow NFC. | [Checked] |
Allow Telemetry | Allow the device to send telemetry information (such as SQM, Watson). | (Allowed) |
Allow Location | Allow/Disallow location service. | (Allowed) |
Allow User To Reset Phone | Specify whether to allow the user to factory reset the phone from setting control panel and hardware key combination. | [Checked] |
Experience | ||
Allow Copy Paste | Specify whether copy and paste are allowed. | [Checked] |
Allow Task Switcher | This policy allows the company to disable the task switcher completely. It does not affect the back button action, just the visual switcher trigger by the holdback button action. | [Checked] |
Allow Screen Capture | Specify whether screen capture is allowed. | [Checked] |
Allow Voice Recording | Specify whether voice recording is allowed. | [Checked] |
Allow Save As Of Office Files | Specify whether the user is allowed to save files in the device as an office file. Note that this policy is for the Office Hub only. | [Checked] |
Allow Sharing Of Office Files | Specify whether the user is allowed to share the office file. Note that this policy is for the Office Hub only. | [Checked] |
Allow Cortana | Specify whether Cortana is allowed at the device. | [Checked] |
Allow Sync My Settings | Allow enterprise to disallow roaming settings among devices ( in/from WP device). If not enforced, whether roaming is allowed or not could depend on other factors. | [Checked] |
Allow Manual MDM Unenrollment | Specify whether to allow the user to delete the workplace account via the workplace control panel. | [Checked] |
Accounts | ||
Allow Microsoft Account Connection | Specify whether allow using MSA account for non-email related connection authentication and services. | [Checked] |
Allow Adding Non-Microsoft Accounts Manually | Specify whether the user is allowed to add non-MSA email accounts. | [Checked] |
Security | ||
Allow Manual Root Certificate Installation | Specify whether the user is allowed to manually install root and intermediate CAP certificates | [Checked] |
Require Device Encryption | Allow enterprise to turn on internal storage encryption. | [Checked] |
Allow Anti Theft Mode | Allows the enterprise to preventing users from enabling the Anti Theft mode. Note, if the user already enabled the Anti Theft mode for the device before the policy applied, they will have to manually disable the Anti Theft mode for this policy to take effect. | [Checked] |
ApplicationManagement | ||
Allow Store | Specify whether the app store is allowed at the device. | [Checked] |
Allow Developer Unlock | Specify whether developer unlock is allowed at the device. | [Checked] |
Browser | ||
Allow Browser | Specify whether IE is allowed in the device. | [Checked] |
Camera | ||
Allow Camera | Disable/Enable camera | [Checked] |
Search | ||
Allow Search To Use Location | Specify whether the search could leverage location information. | [Checked] |
Allow Storing Images From Vision Search | Specify whether allow BingVision to store the contents of the images captured when performing Bing Visio | [Checked] |
AboveLock | ||
Allow Action Center Notifications | Specify whether to allow action center notifications above the device lock screen. | [Checked] |
DeviceLock | ||
Allow Idle Return Without Password | Specify whether to allow action center notifications above the device lock screen. | [Checked] |
DataProtection | ||
Require Protection Under Lock Config | Allows data encryption of email data and associated attachments. A pin lock key is required to unlock and decode the content. | [Not Checked] |
Enterprise Protected Domain Names | Specifies the enterprise domain names. Multiple domain names may be defined using the "|" character as the separator. Example Contoso.com|Fabrikam.com Default value: <empty> |