iOS and iPadOS: Device functionality rules
iOS
and iPadOS
: Device functionality rulesName | Description | Activation types | Default | Possible values |
|---|---|---|---|---|
Allow installing apps (supervised only) | Specify whether the App Store is available on an iOS device. If this rule is not selected, the App Store icon is removed from the home screen and users can't install or update apps, including marketplace apps. If the "Allowed content ratings for apps" rule is set to "Don't allow apps", users can't install or update apps, regardless of the setting for this rule. Not supported for unsupervised devices. | MDM controls | Selected | |
Allow use of camera (supervised only) | Specify whether the camera is enabled on an iOS device. If this rule is not selected, the Camera icon is removed from the home screen and users can't take photos or videos, or use FaceTime. This rule is deprecated for unsupervised devices. | MDM controls | Selected | |
Allow FaceTime (supervised only) | Specify whether FaceTime is available on an iOS device. If this rule is not selected, the FaceTime icon is removed from the home screen and users can't make or receive FaceTime video calls. This rule is deprecated for unsupervised devices. Depends on: Allow use of camera (supervised only) | MDM controls | Selected | |
Allowed exceptions to Camera restriction (supervised only) | If present, the system exempts apps with bundle IDs in the array from the "Allow Camera" restriction. The system doesn't grant these apps access to the camera automatically; they're only exempted from the "Alllow Camera" restriction. This key has no effect when the camera isn't restricted. Minimum OS version: 26.0 | MDM controls | ||
Denied ICCID's for iMessage and FaceTime (supervised only) | An array of strings representing ICCIDs of cellular plans. The device prevents use of any matching cellular networks in iMessage and FaceTime. The array must contain no more than 4 ICCID strings. Minimum OS version: 26.0 | MDM controls | ||
Allow screenshots and screen recording | Specify whether users can save a screenshot of the display. For devices with iOS 9.0 and later, this rule also prevents screen recordings. |
| Selected | |
Allow remote screen observation in Classroom | Specify whether remote screen observation is enabled for the Classroom app. To enable this setting, Allow screenshots and screen recording must also be selected. Minimum OS version: 12.0 Depends on: Allow screenshots and screen recording | MDM controls | Selected | |
Allow iPhone mirroring (supervised only) | Prevents the iPhone from mirroring to any Mac. Minimum OS version: 18.0 | MDM controls | Selected | |
Allow call recording (supervised only) | Specify whether an iOS device can allow call recording. Minimum OS version: 18.1 | MDM controls | Not selected | |
Allow automatic sync while roaming | Specify whether an iOS device can synchronize data automatically while roaming. If this rule is not selected, a roaming device can synchronize data only when a user accesses an account. | MDM controls | Selected | |
Allow voice dialing | Specify whether a user can make phone calls using Voice Control on an iOS device. This rule takes effect only if the "Allow Siri" rule is not selected. | MDM controls | Selected | |
Allow Passbook notifications in lock screen | Specify whether an iOS device can display Passbook notifications on the lock screen. | MDM controls | Selected | |
Allow in-app purchase | Specify whether users can make in-app purchases. | MDM controls | Selected | |
Require iTunes Store password for all purchases | Specify whether users must enter their Apple ID password for each purchase or download. If this rule is not selected, there is a brief grace period after a purchase is made before users must authenticate for subsequent purchases. This rule takes effect only if the "Allow use of iTunes Store" rule, the "Allow installing apps" rule, or the "Allow iBook Store" rule is selected. | MDM controls | Not selected | |
Allow modifying cellular data app settings (supervised only) | Specify whether a user can change cellular data usage for apps on an iOS device. | MDM controls | Selected | |
Allow pairing with non-Configurator hosts (supervised only) | Specify whether an iOS device can pair with a computer other than the Apple Configurator host. | MDM controls | Selected | |
Autonomous apps in single app mode (supervised only) | Specify the list of apps that can request single app mode on an iOS device. You must specify the bundle ID of each app that you want to include in the list. | MDM controls | ||
Allow iBooks Store (supervised only) | Specify whether the iBooks Store is available on an iOS device. If this rule is not selected, users can't access the iBooks Store from the iBooks app. | MDM controls | Selected | |
Allow installing configuration profiles (supervised only) | Specify whether users can install additional configuration profiles on their device. | MDM controls | Selected | |
Show Today view in lock screen | Specify whether users can access the Today view in Notification Center on the lock screen. |
| Selected | |
Show Notification Center in lock screen | Specify whether users can access the Notifications view in Notification Center on the lock screen. |
| Selected | |
Show Control Center in lock screen | Specify whether users can access Control Center on the lock screen. |
| Selected | |
Allow Touch ID and Face ID to unlock device | Specify whether a user can use Touch ID and Face ID to unlock an iOS device. If this rule is not selected, the user must use a password to unlock the device. | MDM controls | Selected | |
Require passcode on first AirPlay pairing | Specify whether a password is required on the first AirPlay pairing. If this rule is selected, all devices receiving AirPlay requests from a device must use a pairing password. |
| Not selected | |
Allow Siri | Specify whether Siri is enabled on an iOS device. If this rule is not selected, users can't use Siri and dictation is disabled. |
| Selected | |
Allow Siri while device is locked | Specify whether a user can use Siri when an iOS device is locked. This rule takes effect only if the user set a password for the device. Depends on: Allow Siri |
| Selected | |
Show user-generated content in Siri (supervised only) | Specify whether Siri can search user-generated content from the Internet. Depends on: Allow Siri | MDM controls | Selected | |
Enable Siri profanity filters (supervised only) | Specify if the Siri profanity filter is turned on. Depends on: Allow Siri | MDM controls | Selected | |
Allow dictation to be sent to Siri servers | Specify whether the device can send dictation audio to Siri servers for the purpose of improving dictation results. If this rule is not selected, the device does not send dictation audio to Apple. Minimum OS version: 14.5.0 Depends on: Allow Siri | MDM controls | Selected | |
Allow translation to be sent to Siri servers | Specify whether the device can send translation audio to Siri servers for the purpose of improving translation results. If this rule is not selected, the device does not send translation audio to Apple. Minimum OS version: 15.0.0 Depends on: Allow Siri | MDM controls | Selected | |
Allow backup of enterprise books | Specify whether a user can back up enterprise books. |
| Selected | |
Allow notes and highlights sync for enterprise books | Specify whether a user can sync enterprise book metadata such as notes and highlights. |
| Selected | |
Allow podcasts (supervised only) | Specify if a user can access podcasts using an iOS device. | MDM controls | Selected | |
Allow Apple Music service (supervised only) | Specify if the Apple Music service can be used on the device. If this rule is not selected, the Music app reverts to classic mode. | MDM controls | Selected | |
Allow News app (supervised only) | Specify if the user can use the News app on the device. | MDM controls | Selected | |
Allow definition lookup (supervised only) | Specify if an iOS device can use the definition lookup functionality. | MDM controls | Selected | |
Allow predictive keyboard (supervised only) | Specify whether an iOS device can use predictive keyboards. | MDM controls | Selected | |
Allow auto-correction (supervised only) | Specify whether an iOS device can use keyboard auto-correction. | MDM controls | Selected | |
Allow spell check (supervised only) | Specify whether an iOS device can use keyboard spell check. | MDM controls | Selected | |
Allow QuickPath keyboard (supervised only) | Specify whether users can use the QuickPath keyboard. | MDM controls | Selected | |
Allow iMessage (supervised only) | Specify whether a user can use iMessage on an iOS device. | MDM controls | Selected | |
Allow RCS messaging (supervised only) | Specify whether a user can use RCS messaging on an iOS device. Minimum OS version: 18.1 | MDM controls | Selected | |
Denied ICCID's for RCS | An array of strings representing ICCIDs of cellular plans. The device prevents use of any matching cellular networks with RCS messaging. The array must contain no more than 4 ICCID strings. Minimum OS version: 26.0 | MDM controls | ||
Allow removing apps (supervised only) | Specify whether a user can remove apps (including marketplace apps) from an iOS device. This rule is deprecated for unsupervised devices. | MDM controls | Selected | |
Allow modifying Touch ID fingerprints (supervised only) | Specify if the user can update their Touch ID fingerprint. | MDM controls | Selected | |
Force Apple Watch wrist detection | Specify if Apple Watch devices must use wrist detection. |
| Selected | |
Allow pairing with Apple Watch (supervised only) | Specify whether an iOS device can pair with an Apple Watch. | MDM controls | Selected | |
Allow Apple Watch to unlock device | Specify whether users can unlock the device from a paired Apple Watch. Minimum OS version: 14.5.0 | MDM controls | Selected | |
Allow keyboard shortcuts (supervised only) | Specify whether an iOS device can use keyboard shortcuts. | MDM controls | Selected | |
Allow wallpaper changes (supervised only) | Specify if a user can change the wallpaper on the device. | MDM controls | Selected | |
Allow radio service (supervised only) | Specify if a user can use the iTunes radio service. | MDM controls | Selected | |
Allow notification changes (supervised only) | Specify if a user can change the notification settings on the device. | MDM controls | Selected | |
Allow Bluetooth changes (supervised only) | Specify whether users can change the Bluetooth settings on the device. | MDM controls | Selected | |
Allow Bluetooth (supervised only) | Specify whether users can use Bluetooth on the device. If you don't want to allow Bluetooth, the "Allow Bluetooth changes" rule should also not be selected. If "Allow Bluetooth changes" is selected, users can re-enable Bluetooth on the device. | MDM controls | Selected | |
Allow AirPrint (supervised only) | Specify whether users can use AirPrint on the device. | MDM controls | Selected | |
Allow AirPrint credentials storage (supervised only) | Specify whether users can store AirPrint credentials using iCloud Keychain. Depends on: Allow AirPrint (supervised only) | MDM controls | Selected | |
Force trusted certificates for TLS (supervised only) | Specify whether the device must use trusted certificates with TLS to connect to printers using AirPrint. Depends on: Allow AirPrint (supervised only) | MDM controls | Not selected | |
Allow AirPrint iBeacon discovery (supervised only) | Specify whether the AirPrint app can use iBeacons to discover nearby printers. Depends on: Allow AirPrint (supervised only) | MDM controls | Selected | |
Allow users to configure Wi-Fi settings (supervised only) | Specify whether users can configure Wi-Fi connections. Obsolete in OS version: 14.5.0. Use the "Allow Wi-Fi connections only to specified networks" rule instead. | MDM controls | Selected | |
Force Wi-Fi to be enabled (supervised only) | Specify whether Wi-Fi is always enabled on the device. If this rule is selected, users can't turn Wi-Fi off using the Device Settings or Control Center and Airplane Mode doesn't disable Wi-Fi. | MDM controls | Not selected | |
Allow changing diagnostic submission and app analytics settings (supervised only) | Specify whether users can change diagnostic submission and app analytics settings. | MDM controls | Selected | |
Allow dictation (supervised only) | Specify whether users can use dictation on the device. | MDM controls | Selected | |
Allow Wi-Fi connections only to specified networks (supervised only) | Specify whether devices can connect only to Wi-Fi networks specified by a Wi-Fi profile. If this rule is not selected, devices can connect to networks specified by the user. Minimum OS version: 14.5.0 | MDM controls | Not selected | |
Allow user-configured VPN (supervised only) | Specify whether a user can add a VPN configuration to the device. | MDM controls | Selected | |
Allow restart to recovery mode from untrusted host (supervised only) | Specify whether users can restart the device into recovery mode from any host computer. If this rule is not selected, the device can only be restarted into recovery mode from computers that the device has previously trusted. Minimum OS version: 14.5.0 | MDM controls | Not selected | |
Allow system app removal (supervised only) | Specify whether a user can remove system apps from the device. | MDM controls | Selected | |
Allow USB connections when device is locked (supervised only) | Specify whether the user can connect to a USB accessory without unlocking the device. If this rule is not selected, the user must unlock the device to connect to USB accessory and enter device password periodically to maintain a USB connection for an extended time. If this rule is selected, the user never needs to enter a password to connect to a USB accessory. | MDM controls | Not selected | |
Force automatic date and time (supervised only) | Specify whether automatic date and time is enabled on the device. If this rule is selected, users can't disable the automatic date and time setting. If this rule is not selected, users can choose whether to enable the automatic date and time setting. | MDM controls | Not selected | |
Allow password autofill (supervised only) | Specify whether the device prompts users to use saved passwords in Safari and other apps. If this rule is not selected, automatic strong passwords are also disabled and won't be suggested to users. | MDM controls | Selected | |
Allow password proximity requests (supervised only) | Specify whether a device can request a password from a nearby device. | MDM controls | Selected | |
Allow password sharing (supervised only) | Specify whether a user can share passwords using AirDrop. | MDM controls | Selected | |
Allow the user to remove or add a cellular plan to the eSIM on the device (supervised only) | Specify whether the user is able to remove or add a cellular plan to the eSIM on the device. | MDM controls | Selected | |
Allow eSIM outgoing transfers (supervised only) | Allow transfer of an eSIM from the device on which the restriction is installed to a different device. Minimum OS version: 18.0 | MDM controls | Selected | |
Preserve eSIM data plan on device wipe (supervised only) | Specify whether to preserve eSIM data plans when the device is wiped. Minimum OS version: 17.2.0 | MDM controls | Selected | |
Allow changing cellular plan settings (supervised only) | Specify whether the user can change settings related to their cellular plan. | MDM controls | Selected | |
Allow modifying personal hotspot settings (supervised only) | Specify whether the user can to modify the personal hotspot settings. | MDM controls | Selected | |
Allow NFC (supervised only) | Specify whether a device can use NFC. Minimum OS version: 14.2.0 | MDM controls | Selected | |
Allow Apple personalized ads | Specify whether users can receive personalized ads from Apple. Minimum OS version: 14.0.0 | MDM controls | Selected | |
Allow devices to join classes automatically (supervised only) | Specify whether devices can join classes automatically without prompting the user. This rule is deprecated for unsupervised devices. Minimum OS version: 11.0.0 | MDM controls | Not selected | |
Allow users to leave Classroom sessions (supervised only) | Specify whether users can leave unmanaged Classroom sessions without requesting permission. This rule is deprecated for unsupervised devices. Minimum OS version: 11.3.0 | MDM controls | Not selected | |
Allow teachers to lock Classroom app and device (supervised only) | Specify whether teachers can lock the Classroom app and device without prompting the user. This rule is deprecated for unsupervised devices. Minimum OS version: 11.0.0 | MDM controls | Not selected | |
Allow shared device temporary sessions | Specify whether temporary sessions are allowed on shared devices. Minimum OS version: 13.4.0 | MDM controls | Selected | |
Allow Live Voicemail (supervised only) | Specify whether Live Voicemail is allowed on the device. Minimum OS version: 17.2.0 | MDM controls | Selected | |
Allow auto dim (supervised only) | Allow auto dim on iPads with OLED displays. Minimum OS version: 17.4 | MDM controls | Selected | |
Allow Genmoji (supervised only) | Allow creating new Genmoji. Minimum OS version: 18.0 | MDM controls | Selected | |
Allow image playground (supervised only) | Allow use of image generation. Minimum OS version: 18.0 | MDM controls | Selected | |
Allow image wand (supervised only) | Allow use of image wand. Minimum OS version: 18.0 | MDM controls | Selected | |
Allow mail summary (supervised only) | Allow the system to create summaries of email messages manually. Minimum OS version: 18.1 | MDM controls | Selected | |
Allow personalized handwriting results (supervised only) | Allow system to generate text in the user's handwriting. Minimum OS version: 18.0 | MDM controls | Selected |