Restriction Payload iOS
- Martin Gudme Søndergaard
Owned by Martin Gudme Søndergaard
Nov 14, 2023
10 min read
Loading data...
Description
This payload can be used to restrict iOS device capabilities.
Some restrictions requires that the device is Supervised and is marked with an asterisk.
| Configuration | Description | Example | DEVICE MUST BE SUPERVISED |
|---|---|---|---|
| Functionality | |||
| Allow use of camera | When false, the camera is completely disabled and its icon is removed from the Home screen. Users are unable to take photographs. | [Checked] | |
| Allow FaceTime | [Checked] | ||
| Allow photo Stream | When false, disables Photo Stream... | [Checked] | |
| Allow Shared Photo Stream | When false, disables Shared Photo Stream. | [Checked] | |
| Allow screen capture | When false, users are unable to save a screenshot of the display. | [Checked] | |
| Allow installing apps | When false, the App Store is disabled and its icon is removed from the Home screen. Users are unable to install or update their applications. | [Checked] | |
| Allow in-app purchase | [Checked] | ||
| Require iTunes password for all purchases | When true, forces user to enter their iTunes password for each transaction. | [Not Checked] | |
| Allow multiplayer gaming | [Checked] | ||
| Allow adding Game Center friends | [Checked] | ||
| Allow iCloud backup | When false, disables backing up the device to iCloud... | [Checked] | |
| Allow iCloud document syncing | When false, disables document and key-value syncing to iCloud. | [Checked] | |
| Allow automatic sync while roaming | [Checked] | ||
| Allow voice dialing | [Checked] | ||
| Force encrypted backups | [Not Checked] | ||
| Allow Siri | When set to false, Siri is disabled. | [Checked] | |
| Allow Siri while device is locked | When false, the user is unable to use Siri when the device is locked. Defaults to true. This restriction is ignored if the device does not have a passcode set. | [Checked] | |
| Allow Passbook while device is locked | If set to false, Passbook notifications will not be shown on the lock screen. This will default to true. | [Checked] | |
| Allow accepting untrusted TLS certificates | When false, automatically rejects untrusted HTTPS certificates without prompting the user. | [Checked] | |
| Allow Diagnostic Submission | When false, this prevents the device from automatically submitting diagnostic reports to Apple. | [Checked] | |
| Allow App Removal | [Checked] |  | |
| Allow Chat | [Checked] | | |
| Force Assistant Profanity Filter | [Not Checked] | | |
| Application | |||
| Allow YouTube | When false, the YouTube application is disabled and its icon is removed from the Home screen. This key is ignored in iOS 6 and later because the YouTube app is not provided... | [Checked] | |
| Allow iTunes | When false, the iTunes Music Store is disabled and its icon is removed from the Home screen. Users cannot preview, purchase, or download content. | [Checked] | |
| Allow Safari | When false, the Safari web browser application is disabled and its icon removed from the Home screen. This also prevents users from opening web clips. | [Checked] | |
| Allow Safari: Enable autofill | [Checked] | ||
| Allow Safari: Force fraud warning | [Not Checked] | ||
| Allow Safari: Enable JavaScript | [Checked] | | |
| Allow Safari: Block Pop-ups | [Not Checked] | | |
| Allow Safari: Accept Cookies | [NEVER] | | |
| Media | |||
| Allow explicit content | When false, explicit music or video content purchased from the iTunes Store is hidden. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store. | [Checked] | |
| Region | Sets the region for the ratings. | [United States] | |
| Allowed Content | |||
| Allowed Content: Movies | Don´t Allow=0 | [Allow All Movies] | |
| Allowed Content: TV Shows | Don´t Allow=0 | [Allow All TV Shows] | |
| Allowed Content: Apps | Don´t Allow=0 | [Allow All Apps] | |
| iOS 7+ features | |||
| Allow Account Modification | If set to false, account modification is disabled. | [Checked] | |
| Allow AirDrop | If set to false, AirDrop is disabled. | [Checked] | |
| Allow Modification of Cellular App Data Usage | If set to false, changes to cellular data usage for apps are disabled. | [Checked] | |
| Allow User-Generated Content to be queried from Siri | When false, prevents Siri from querying user-generated content from the web. | [Checked] | |
| Allow Syncing of Keychain to iCloud | If false, disables keychain syncing to iCloud. The default is true. | [Checked] | |
| Allow Find My Friends | If set to false, changes to Find My Friends are disabled. | [Checked] | |
| Allow Finger Print For Unlocking Device | If false, prevents Touch ID from unlocking a device. | [Checked] | |
| Allow Host Pairing | If set to false, host pairing is disabled with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled. | [Checked] | |
| Allow Control Center on Lock Screen | If false, prevents Control Center from appearing on the Lock screen. | [Checked] | |
| Allow Notification Center on Lock Screen | If set to false, the Notifications view in Notification Center on the lock screen is disabled. | [Checked] | |
| Allow Today View in Notification Center on the Lock Screen | If set to false, the Today view in Notification Center on the lock screen is disabled. | [Checked] | |
| Allow Using Managed Apps documents in Unmanaged Apps | If false, documents in managed apps and accounts only open in other managed apps and accounts. The default is true. | [Checked] | |
| Allow Using Unmanaged Apps documents in Managed Apps | If set to false, documents in unmanaged apps and accounts will only open in other unmanaged apps and accounts. The default is true. | [Checked] | |
| Allow Over-The-Air PKI Updates | If false, over-the-air PKI updates are disabled. The default is true. | [Checked] | |
| Disable Ad's tracking | If true, limits ad tracking. The default is false. | [Not Checked] | |
| Allow UI Configuration Profile Installation | [Not Checked] | ||
| Allow Bookstore | [Checked] | | |
| Allow Bookstore Erotica | [Checked] | | |
| Allow Managed Apps Cloud Sync | If set to false, prevents managed applications from using iCloud sync. | [Checked] | |
| Allow Erase Content And Settings | Supervised only. If set to false, disables the (Erase All Content And Settings) option in the Reset UI. | [Checked] | |
| Allow Spotlight Internet Results | Supervised only. If set to false, the Spotlight will not return Internet search results | [Checked] | |
| Allow Enabling Restrictions | Supervised only. If set to false, disables the (Enable Restrictions) option in the Restrictions UI in Settings. | [Checked] | |
| Allow Activity Continuation | If set to false, Activity Continuation will be disabled. Defaults to true. | [Checked] | |
| Allow Enterprise Book Backup | If set to false, Enterprise books will not be backed up. Defaults to true. | [Checked] | |
| Allow Enterprise Book Metadata Sync | If set to false, Enterprise book notes and highlights will not be synced. Defaults to true. | [Checked] | |
| Allow AirPlay Outgoing Requests Pairing Password | If set to true, forces all devices receiving AirPlay requests from this device to use a pairing password. The default is false. Available only in iOS 7.1 and later. | [Not Checked] | |
| Autonomous Single App Mode Permitted App IDs | | ||
| iOS 8+ features | |||
| Allow Podcasts | Supervised only. If set to false, disables podcasts. Defaults to true. Availability: Available in iOS 8.0 and later. | [Checked] | |
| Allow Definition Lookup | Supervised only. If set to false, disables definition lookup. Defaults to true. Availability: Available in iOS 8.1.3 and later | [Checked] | |
| Allow Predictive Keyboard | Supervised only. If set to false, disables predictive keyboards. Defaults to true. Availability: Available in iOS 8.1.3 and later. | [Checked] | |
| Allow Auto-Correction | Supervised only. If set to false, disables keyboard auto-correction. Defaults to true. Availability: Available in iOS 8.1.3 and later. | [Checked] | |
| Allow Spell-Check | Supervised only. If set to false, disables keyboard spell-check. Defaults to true. Availability: Available in iOS 8.1.3 and later. | [Checked] | |
| Force Watch Wrist Detection | If set to true, a paired Apple Watch will be forced to use Wrist Detection. Defaults to false. Availability: Available in iOS 8.2 and later. | [Not Checked] | |
| iOS 9+ features | |||
| Allow Music Service | Supervised only. If set to false, Music service is disabled and the Music app reverts to classic mode. Defaults to true. Availability: Available in iOS 9.3 and later. | [Checked] | |
| Allow Cloud Photo Library | If set to false, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device will be removed from local storage. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow News | Supervised only. If set to false, disables News. Defaults to true. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Force AirDrop Unmanaged | Optional. If set to true, causes AirDrop to be considered an unmanaged drop target. Defaults to false. Availability: Available in iOS 9.0 and later. | [Not Checked] | |
| Allow UI App Installation | Supervised only. When false, the App Store is disabled and its icon is removed from the Home screen. However, users may continue to use Host apps (iTunes, Configurator) to install or update their apps. Defaults to true. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow Keyboard Shortcuts | Supervised only. If set to false, keyboard shortcuts cannot be used. Defaults to true. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow Paired Watch | Supervised only. If set to false, disables pairing with an Apple Watch. Any currently paired Apple Watch is unpaired and erased. Defaults to true. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow Passcode Modification | Supervised only. If set to false, prevents the device passcode from being added, changed, or removed. Defaults to true. This restriction is ignored by shared iPads. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow Device Name Modification | Supervised only. If set to false, prevents device name from being changed. Defaults to true. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow Wallpaper Modification | Supervised only. If set to false, prevents wallpaper from being changed. Defaults to true. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow Automatic App Downloads | Supervised only. If set to false, prevents automatic downloading of apps purchased on other devices. Does not affect updates to existing apps. Defaults to true. Availability: Available in iOS 9.0 and later | [Checked] | |
| Allow Enterprise App Trust | If set to false removes the Trust Enterprise Developer button in Settings->General->Profiles & Device Management, preventing apps from being provisioned by universal provisioning profiles. This restriction applies to free developer accounts but it does not apply to enterprise app developers who are trusted because their apps were pushed via MDM, nor does it revoke previously granted trust. Defaults to true. Availability: Available in iOS 9.0 and later. | [Checked] | |
| Allow Radio Service | Supervised only. If set to false, Apple Music Radio is disabled. Defaults to true. Availability: Available in iOS 9.3 and later. | [Checked] | |
| Allow Notifications Modification | Supervised only. If set to false, notification settings cannot be modified. Defaults to true. Availability: Available in iOS 9.3 and later. | [Checked] | |
| Allow Remote Screen Observation | Supervised only. If set to false, remote screen observation by the Classroom app is disabled. Defaults to true. This key should be nested beneath allowScreenShot as a sub-restriction. If allowScreenShot is set to false, it also prevents the Classroom app from observing remote screens. Availability: Available in iOS 9.3 and later. | [Checked] | |
| Allow Diagnostic Submission Modification | Supervised only. If set to false, the diagnostic submission and app analytics settings in the Diagnostics & Usage pane in Settings cannot be modified. Defaults to true. Availability: Available in iOS 9.3.2 and later. | [Checked] | |
| Blacklisted App Bundle IDs | If present prevents bundle IDs listed from being shown or launchable. Include the value com.apple.webapp to blacklist all web clips. | | |
| Whitelisted App Bundle IDs | If present allows only bundle IDs listed from being shown or launchable. Include the value com.apple.webapp to whitelist all web clips | | |
| iOS 10+ features | |||
| Allow Bluetooth Modification | Supervised only. If set to false, prevents modification of Bluetooth settings. Defaults to true. Availability: Available in iOS 10.0 and later. | [Checked] | |
| Allow Dictation | Supervised only. If set to false, disallows dictation input. Defaults to true. Availability: Available only in iOS 10.3 and later. | [Checked] | |
| Force WiFi Whitelisting | Optional. Supervised only. If set to true, the device can join Wi-Fi networks only if they were set up through a configuration profile. Defaults to false. Availability: Available only in iOS 10.3 and later. | [Not Checked] | |
| Force Unprompted Managed Classroom Screen Observation | Optional. Supervised only. If set to true, and ScreenObservationPermissionModificationAllowed is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that course's teacher’s requests to observe the student’s screen without prompting the student. Defaults to false. Availability: Available only in iOS 10.3 and later. | [Not Checked] | |
| iOS 11+ features | |||
| Allow Air Print | Supervised only. If set to false, disallow AirPrint. Defaults to true. Availability: Available in iOS 11.0 and later | [Checked] | |
| Allow Air Print Credentials Storage | Supervised only. If set to false, disallows keychain storage of username and password for Airprint. Defaults to true. Availability: Available only in iOS 11.0 and later. | [Checked] | |
| Force Air Print Trusted TLS Requirement | Supervised only. If set to true, requires trusted certificates for TLS printing communication. Defaults to false. Availability: Available in iOS 11.0 and later. | [Not Checked] | |
| Allow Air Print iBeacon Discovery | Supervised only. If set to false, disables iBeacon discovery of AirPrint printers. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Defaults to true. Availability: Available in iOS 11.0 and later. | [Checked] | |
| Allow System App Removal | Supervised only. If set to false, disables the removal of system apps from the device. Defaults to true. Availability: Available only in iOS 11.0 and later. | [Checked] | |
| Allow VPN Creation | Supervised only. If set to false, disallow the creation of VPN configurations. Defaults to true. Availability: Available only in iOS 11.0 and later. | [Checked] | |
| Allow USB Restricted Mode | Supervised only. If set to false, the device will always be able to connect to USB accessories while locked. Defaults to true. | [Checked] | |
| Force Delayed Software Updates | Supervised only. If set to true, delay user visibility of Software Updates. Defaults to false. | [Not Checked] | |
| Enforced Software Update Delay | Supervised only. This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. | [30] | |
| Force Authentication Before AutoFill | Optional. Supervised only. If set to true, the user will have to authenticate before passwords or credit card information can be auto-filled in Safari and Apps. If this restriction is not enforced, the user can toggle this feature in settings. | [Not Checked] | |
| Allow Game Center | Supervised only. When false, Game Center is disabled and its icon is removed from the Home screen | [Checked] | |
| Allow Cellular Plan Modification | If set to false, users canʼt change any settings related to their cellular plan. Defaults to true. | [Checked] | |
| Allow Proximity Setup To New Device | If set to false, disables the prompt to set up new devices that are nearby. Defaults to true. | [Checked] | |
| Force Classroom Automatically Join Classes | If set to true, automatically give permission to the teacherʼs requests without prompting the student. Defaults to false. | [Not Checked] | |
| Force Classroom Request Permission To Leave Classes | If set to true, a student enrolled in an unmanaged course via Classroom will request permission from the teacher when attempting to leave the course. Defaults to false. | [Not Checked] | |
| Force Classroom Unprompted App And Device Lock | If set to true, allow the teacher to lock apps or the device without prompting the student. Defaults to false. | [Not Checked] | |
| Force Classroom Unprompted Screen Observation | If set to true, and 'Screen Observation Permission Modification Allowed' is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that courseʼs teacherʼs requests to observe the studentʼs screen without prompting the student. Defaults to false. | [Not Checked] | |
| iOS 12+ features | |||
| Force Automatic Date And Time | If set to true, the Date & Time 'Set Automatically' feature is turned on and canʼt be turned off by the user. Defaults to false. Note: The deviceʼs time zone will only be updated when the device can determine its location (cellular connection or wifi with location services enabled). | [Not Checked] | |
| Allow Password AutoFill | If set to false, users will not be able to use the AutoFill Passwords feature on iOS and will not be prompted to use a saved password in Safari or in apps. If set to false, Automatic Strong Passwords will also be disabled and strong passwords will not be suggested to users. Defaults to true. | [Checked] | |
| Allow Password Proximity Requests | If set to false, a userʼs device will not request passwords from nearby devices. Defaults to true. | [Checked] | |
| Allow Password Sharing | If set to false, users can not share their passwords with the Airdrop Passwords feature. Defaults to true. | [Checked] | |
| Allow Managed To Write Unmanaged Contacts | If set to true, managed apps can write contacts to unmanaged contacts accounts. Defaults to false. if 'Allow Open From Managed To Unmanaged' is true, this restriction has no effect. A payload that sets this to true must be installed via MDM. | [Checked] | |
| Allow Unmanaged To Read Managed Contacts | If set to true, unmanaged apps can read from managed contacts accounts. Defaults to false. if 'Allow Open From Managed To Unmanaged' is true, this restriction has no effect. A payload that sets this to true must be installed via MDM. | [Checked] | |
| Allow ESIM Modification | If set to false, the user may not remove or add a cellular plan to the eSIM on the device. Defaults to true. | [Checked] | |
| Allow Personal Hotspot Modification | If set to false, the user may not modify the personal hotspot setting. Defaults to true. | [Checked] | |