Description

This payload can be used to restrict iOS device capabilities.

Some restrictions requires that the device is Supervised and is marked with an asterisk.

Configuration	Description	Example
Functionality
Allow use of camera	When false, the camera is completely disabled and its icon is removed from the Home screen. Users are unable to take photographs.	[Checked]
Allow FaceTime		[Checked]
Allow photo Stream	When false, disables Photo Stream...	[Checked]
Allow Shared Photo Stream	When false, disables Shared Photo Stream.	[Checked]
Allow screen capture	When false, users are unable to save a screenshot of the display.	[Checked]
Allow installing apps	When false, the App Store is disabled and its icon is removed from the Home screen. Users are unable to install or update their applications.	[Checked]
Allow in-app purchase		[Checked]
Require iTunes password for all purchases	When true, forces user to enter their iTunes password for each transaction.	[Not Checked]
Allow multiplayer gaming		[Checked]
Allow adding Game Center friends		[Checked]
Allow iCloud backup	When false, disables backing up the device to iCloud...	[Checked]
Allow iCloud document syncing	When false, disables document and key-value syncing to iCloud.	[Checked]
Allow automatic sync while roaming		[Checked]
Allow voice dialing		[Checked]
Force encrypted backups		[Not Checked]
Allow Siri	When set to false, Siri is disabled.	[Checked]
Allow Siri while device is locked	When false, the user is unable to use Siri when the device is locked. Defaults to true. This restriction is ignored if the device does not have a passcode set.	[Checked]
Allow Passbook while device is locked	If set to false, Passbook notifications will not be shown on the lock screen. This will default to true.	[Checked]
Allow accepting untrusted TLS certificates	When false, automatically rejects untrusted HTTPS certificates without prompting the user.	[Checked]
Allow Diagnostic Submission	When false, this prevents the device from automatically submitting diagnostic reports to Apple.	[Checked]
Allow App Removal		[Checked]
Allow Chat		[Checked]
Force Assistant Profanity Filter		[Not Checked]
Application
Allow YouTube	When false, the YouTube application is disabled and its icon is removed from the Home screen. This key is ignored in iOS 6 and later because the YouTube app is not provided...	[Checked]
Allow iTunes	When false, the iTunes Music Store is disabled and its icon is removed from the Home screen. Users cannot preview, purchase, or download content.	[Checked]
Allow Safari	When false, the Safari web browser application is disabled and its icon removed from the Home screen. This also prevents users from opening web clips.	[Checked]
Allow Safari: Enable autofill		[Checked]
Allow Safari: Force fraud warning		[Not Checked]
Allow Safari: Enable JavaScript		[Checked]
Allow Safari: Block Pop-ups		[Not Checked]
Allow Safari: Accept Cookies		[NEVER]
Media
Allow explicit content	When false, explicit music or video content purchased from the iTunes Store is hidden. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store.	[Checked]
Region	Sets the region for the ratings.	[United States]
Allowed Content
Allowed Content: Movies	Don´t Allow=0 Allow All=1000.	[Allow All Movies]
Allowed Content: TV Shows	Don´t Allow=0 Allow All=1000.	[Allow All TV Shows]
Allowed Content: Apps	Don´t Allow=0 Allow All=1000.	[Allow All Apps]
iOS 7+ features
Allow Account Modification	If set to false, account modification is disabled.	[Checked]
Allow AirDrop	If set to false, AirDrop is disabled.	[Checked]
Allow Modification of Cellular App Data Usage	If set to false, changes to cellular data usage for apps are disabled.	[Checked]
Allow User-Generated Content to be queried from Siri	When false, prevents Siri from querying user-generated content from the web.	[Checked]
Allow Syncing of Keychain to iCloud	If false, disables keychain syncing to iCloud. The default is true.	[Checked]
Allow Find My Friends	If set to false, changes to Find My Friends are disabled.	[Checked]
Allow Finger Print For Unlocking Device	If false, prevents Touch ID from unlocking a device.	[Checked]
Allow Host Pairing	If set to false, host pairing is disabled with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled.	[Checked]
Allow Control Center on Lock Screen	If false, prevents Control Center from appearing on the Lock screen.	[Checked]
Allow Notification Center on Lock Screen	If set to false, the Notifications view in Notification Center on the lock screen is disabled.	[Checked]
Allow Today View in Notification Center on the Lock Screen	If set to false, the Today view in Notification Center on the lock screen is disabled.	[Checked]
Allow Using Managed Apps documents in Unmanaged Apps	If false, documents in managed apps and accounts only open in other managed apps and accounts. The default is true.	[Checked]
Allow Using Unmanaged Apps documents in Managed Apps	If set to false, documents in unmanaged apps and accounts will only open in other unmanaged apps and accounts. The default is true.	[Checked]
Allow Over-The-Air PKI Updates	If false, over-the-air PKI updates are disabled. The default is true.	[Checked]
Disable Ad's tracking	If true, limits ad tracking. The default is false.	[Not Checked]
Allow UI Configuration Profile Installation		[Not Checked]
Allow Bookstore		[Checked]
Allow Bookstore Erotica		[Checked]
Allow Managed Apps Cloud Sync	If set to false, prevents managed applications from using iCloud sync.	[Checked]
Allow Erase Content And Settings	Supervised only. If set to false, disables the (Erase All Content And Settings) option in the Reset UI.	[Checked]
Allow Spotlight Internet Results	Supervised only. If set to false, the Spotlight will not return Internet search results	[Checked]
Allow Enabling Restrictions	Supervised only. If set to false, disables the (Enable Restrictions) option in the Restrictions UI in Settings.	[Checked]
Allow Activity Continuation	If set to false, Activity Continuation will be disabled. Defaults to true.	[Checked]
Allow Enterprise Book Backup	If set to false, Enterprise books will not be backed up. Defaults to true.	[Checked]
Allow Enterprise Book Metadata Sync	If set to false, Enterprise book notes and highlights will not be synced. Defaults to true.	[Checked]
Allow AirPlay Outgoing Requests Pairing Password	If set to true, forces all devices receiving AirPlay requests from this device to use a pairing password. The default is false. Available only in iOS 7.1 and later.	[Not Checked]
Autonomous Single App Mode Permitted App IDs
iOS 8+ features
Allow Podcasts	Supervised only. If set to false, disables podcasts. Defaults to true. Availability: Available in iOS 8.0 and later.	[Checked]
Allow Definition Lookup	Supervised only. If set to false, disables definition lookup. Defaults to true. Availability: Available in iOS 8.1.3 and later	[Checked]
Allow Predictive Keyboard	Supervised only. If set to false, disables predictive keyboards. Defaults to true. Availability: Available in iOS 8.1.3 and later.	[Checked]
Allow Auto-Correction	Supervised only. If set to false, disables keyboard auto-correction. Defaults to true. Availability: Available in iOS 8.1.3 and later.	[Checked]
Allow Spell-Check	Supervised only. If set to false, disables keyboard spell-check. Defaults to true. Availability: Available in iOS 8.1.3 and later.	[Checked]
Force Watch Wrist Detection	If set to true, a paired Apple Watch will be forced to use Wrist Detection. Defaults to false. Availability: Available in iOS 8.2 and later.	[Not Checked]
iOS 9+ features
Allow Music Service	Supervised only. If set to false, Music service is disabled and the Music app reverts to classic mode. Defaults to true. Availability: Available in iOS 9.3 and later.	[Checked]
Allow Cloud Photo Library	If set to false, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device will be removed from local storage. Availability: Available in iOS 9.0 and later.	[Checked]
Allow News	Supervised only. If set to false, disables News. Defaults to true. Availability: Available in iOS 9.0 and later.	[Checked]
Force AirDrop Unmanaged	Optional. If set to true, causes AirDrop to be considered an unmanaged drop target. Defaults to false. Availability: Available in iOS 9.0 and later.	[Not Checked]
Allow UI App Installation	Supervised only. When false, the App Store is disabled and its icon is removed from the Home screen. However, users may continue to use Host apps (iTunes, Configurator) to install or update their apps. Defaults to true. Availability: Available in iOS 9.0 and later.	[Checked]
Allow Keyboard Shortcuts	Supervised only. If set to false, keyboard shortcuts cannot be used. Defaults to true. Availability: Available in iOS 9.0 and later.	[Checked]
Allow Paired Watch	Supervised only. If set to false, disables pairing with an Apple Watch. Any currently paired Apple Watch is unpaired and erased. Defaults to true. Availability: Available in iOS 9.0 and later.	[Checked]
Allow Passcode Modification	Supervised only. If set to false, prevents the device passcode from being added, changed, or removed. Defaults to true. This restriction is ignored by shared iPads. Availability: Available in iOS 9.0 and later.	[Checked]
Allow Device Name Modification	Supervised only. If set to false, prevents device name from being changed. Defaults to true. Availability: Available in iOS 9.0 and later.	[Checked]
Allow Wallpaper Modification	Supervised only. If set to false, prevents wallpaper from being changed. Defaults to true. Availability: Available in iOS 9.0 and later.	[Checked]
Allow Automatic App Downloads	Supervised only. If set to false, prevents automatic downloading of apps purchased on other devices. Does not affect updates to existing apps. Defaults to true. Availability: Available in iOS 9.0 and later	[Checked]
Allow Enterprise App Trust	If set to false removes the Trust Enterprise Developer button in Settings->General->Profiles & Device Management, preventing apps from being provisioned by universal provisioning profiles. This restriction applies to free developer accounts but it does not apply to enterprise app developers who are trusted because their apps were pushed via MDM, nor does it revoke previously granted trust. Defaults to true. Availability: Available in iOS 9.0 and later.	[Checked]
Allow Radio Service	Supervised only. If set to false, Apple Music Radio is disabled. Defaults to true. Availability: Available in iOS 9.3 and later.	[Checked]
Allow Notifications Modification	Supervised only. If set to false, notification settings cannot be modified. Defaults to true. Availability: Available in iOS 9.3 and later.	[Checked]
Allow Remote Screen Observation	Supervised only. If set to false, remote screen observation by the Classroom app is disabled. Defaults to true. This key should be nested beneath allowScreenShot as a sub-restriction. If allowScreenShot is set to false, it also prevents the Classroom app from observing remote screens. Availability: Available in iOS 9.3 and later.	[Checked]
Allow Diagnostic Submission Modification	Supervised only. If set to false, the diagnostic submission and app analytics settings in the Diagnostics & Usage pane in Settings cannot be modified. Defaults to true. Availability: Available in iOS 9.3.2 and later.	[Checked]
Blacklisted App Bundle IDs	If present prevents bundle IDs listed from being shown or launchable. Include the value com.apple.webapp to blacklist all web clips.
Whitelisted App Bundle IDs	If present allows only bundle IDs listed from being shown or launchable. Include the value com.apple.webapp to whitelist all web clips
iOS 10+ features
Allow Bluetooth Modification	Supervised only. If set to false, prevents modification of Bluetooth settings. Defaults to true. Availability: Available in iOS 10.0 and later.	[Checked]
Allow Dictation	Supervised only. If set to false, disallows dictation input. Defaults to true. Availability: Available only in iOS 10.3 and later.	[Checked]
Force WiFi Whitelisting	Optional. Supervised only. If set to true, the device can join Wi-Fi networks only if they were set up through a configuration profile. Defaults to false. Availability: Available only in iOS 10.3 and later.	[Not Checked]
Force Unprompted Managed Classroom Screen Observation	Optional. Supervised only. If set to true, and ScreenObservationPermissionModificationAllowed is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that course's teacher’s requests to observe the student’s screen without prompting the student. Defaults to false. Availability: Available only in iOS 10.3 and later.	[Not Checked]
iOS 11+ features
Allow Air Print	Supervised only. If set to false, disallow AirPrint. Defaults to true. Availability: Available in iOS 11.0 and later	[Checked]
Allow Air Print Credentials Storage	Supervised only. If set to false, disallows keychain storage of username and password for Airprint. Defaults to true. Availability: Available only in iOS 11.0 and later.	[Checked]
Force Air Print Trusted TLS Requirement	Supervised only. If set to true, requires trusted certificates for TLS printing communication. Defaults to false. Availability: Available in iOS 11.0 and later.	[Not Checked]
Allow Air Print iBeacon Discovery	Supervised only. If set to false, disables iBeacon discovery of AirPrint printers. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Defaults to true. Availability: Available in iOS 11.0 and later.	[Checked]
Allow System App Removal	Supervised only. If set to false, disables the removal of system apps from the device. Defaults to true. Availability: Available only in iOS 11.0 and later.	[Checked]
Allow VPN Creation	Supervised only. If set to false, disallow the creation of VPN configurations. Defaults to true. Availability: Available only in iOS 11.0 and later.	[Checked]
Allow USB Restricted Mode	Supervised only. If set to false, the device will always be able to connect to USB accessories while locked. Defaults to true. Availability: Available only in iOS 11.3 and later.	[Checked]
Force Delayed Software Updates	Supervised only. If set to true, delay user visibility of Software Updates. Defaults to false. Availability: Available only in iOS 11.3 and later.	[Not Checked]
Enforced Software Update Delay	Supervised only. This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. The max is 90 days and the default value is 30. Availability: Available only in iOS 11.3 and later.	[30]
Force Authentication Before AutoFill	Optional. Supervised only. If set to true, the user will have to authenticate before passwords or credit card information can be auto-filled in Safari and Apps. If this restriction is not enforced, the user can toggle this feature in settings. Only supported on devices with FaceID. Defaults to true. Availability: Available only in iOS 11.0 and later.	[Not Checked]
Allow Game Center	Supervised only. When false, Game Center is disabled and its icon is removed from the Home screen	[Checked]
Allow Cellular Plan Modification	If set to false, users canʼt change any settings related to their cellular plan. Defaults to true.	[Checked]
Allow Proximity Setup To New Device	If set to false, disables the prompt to set up new devices that are nearby. Defaults to true.	[Checked]
Force Classroom Automatically Join Classes	If set to true, automatically give permission to the teacherʼs requests without prompting the student. Defaults to false.	[Not Checked]
Force Classroom Request Permission To Leave Classes	If set to true, a student enrolled in an unmanaged course via Classroom will request permission from the teacher when attempting to leave the course. Defaults to false.	[Not Checked]
Force Classroom Unprompted App And Device Lock	If set to true, allow the teacher to lock apps or the device without prompting the student. Defaults to false.	[Not Checked]
Force Classroom Unprompted Screen Observation	If set to true, and 'Screen Observation Permission Modification Allowed' is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that courseʼs teacherʼs requests to observe the studentʼs screen without prompting the student. Defaults to false.	[Not Checked]
iOS 12+ features
Force Automatic Date And Time	If set to true, the Date & Time 'Set Automatically' feature is turned on and canʼt be turned off by the user. Defaults to false. Note: The deviceʼs time zone will only be updated when the device can determine its location (cellular connection or wifi with location services enabled).	[Not Checked]
Allow Password AutoFill	If set to false, users will not be able to use the AutoFill Passwords feature on iOS and will not be prompted to use a saved password in Safari or in apps. If set to false, Automatic Strong Passwords will also be disabled and strong passwords will not be suggested to users. Defaults to true.	[Checked]
Allow Password Proximity Requests	If set to false, a userʼs device will not request passwords from nearby devices. Defaults to true.	[Checked]
Allow Password Sharing	If set to false, users can not share their passwords with the Airdrop Passwords feature. Defaults to true.	[Checked]
Allow Managed To Write Unmanaged Contacts	If set to true, managed apps can write contacts to unmanaged contacts accounts. Defaults to false. if 'Allow Open From Managed To Unmanaged' is true, this restriction has no effect. A payload that sets this to true must be installed via MDM.	[Checked]
Allow Unmanaged To Read Managed Contacts	If set to true, unmanaged apps can read from managed contacts accounts. Defaults to false. if 'Allow Open From Managed To Unmanaged' is true, this restriction has no effect. A payload that sets this to true must be installed via MDM.	[Checked]
Allow ESIM Modification	If set to false, the user may not remove or add a cellular plan to the eSIM on the device. Defaults to true.	[Checked]
Allow Personal Hotspot Modification	If set to false, the user may not modify the personal hotspot setting. Defaults to true.	[Checked]

Browser not supported