Configuration Settings Payload - Restrictions

When disabled - Siri can't be used. 

No

iOS 5 or iPadOS 13.1

• Allow Siri while locked
  • **Allow device assistant must be enabled for this setting

When disabled - Siri responds only when the device is unlocked.

No

iOS 5.1 or iPadOS 13.1

If disabled -  the system disables voice dialing if the device is locked with
a passcode. 

No

Only Supported on iOS versions iOS 4 - iOS 16.

• Allow automatic sync when roaming

If disabled, Devices that are roaming sync only when an account is accessed by the user.

No

iOS 5 or iPadOS 13.1

• Allow Passbook notifications while locked

If disabled, the system hides Passbook notifications from the lock screen.

No

iOS 6 +

• Allow in-app purchases

If disabled, the system prohibits in-app purchasing.

iOS 5 or iPadOS 13.1

• Force user to enter iTunes Store password for all purchases

If enabled, the system forces the user to enter their iTunes password for each transaction 

No 

Only Supported on iOS versions iOS 6 - iOS 16.

• Show Control Center in lock screen

If disabled, the system prevents the Control Center from appearing on the Lock screen.
 

Users can’t swipe up to view Control Centre.

No

iOS 7 or iPadOS 13.1

• Show Notification Center in lock screen

Users can’t view the Notification history when the screen is locked; however, they can still view a Notification when it appears.

No

iOS 7 or iPadOS 13.1

• Show Today view in lock screen

If disabled, users can’t swipe down to see the Notification Centre using Today View in the Lock Screen.

No

iOS 7 or iPadOS 13.1

• Allow remote screen observation by the Classroom app
  • **Screenshot feature must be enabled for this. 

If disabled, the system disables remote screen observation by the Classroom app.

iOS 12+

• Do not containerize work data and contacts from unmanaged apps 

Unmanaged apps will have access to work data and contacts

No

iOS 12+

• Do not containerize personal data and contacts from managed apps

Managed apps will have access to work data and contacts

No

iOS 12+

• Require managed pasteboard

Helps control the pasting of content from an app that’s using Open In management by following the Managed Open In restrictions in force. Apple apps that work with the managed pasteboard include Calendar, Files, Mail and Notes. Third-party apps are controlled based on whether they’re managed. When a user attempts to paste content where it isn’t permitted, a Paste Not Allowed notice appears along with the organisation’s name (which can be changed using the Settings command). Apps also can’t request items from the pasteboard when this restriction is used and the content crosses the managed boundary.

Default is off.

No

iOS 15 or iPadOS 15

• Allow Handoff

Users can’t use Handoff with their Apple devices.

No

iOS 8 or iPadOS 13.1

• Require passcode on outgoing AirPlay pairing requests

If enabled, the system forces all devices receiving AirPlay requests from this device to use a pairing password. 

No

iOS 7.1+

• Require passcode on incoming AirPlay pairing requests

If enabled, the system forces all devices receiving AirPlay requests from this device to use a pairing password.

No

iOS 7.1+

• Force paired Apple Watch to use Wrist Detection

If enabled, Apple Watch locks automatically when it’s removed from the user’s wrist. It can be unlocked with its passcode or the paired iPhone.

Default is off.

No

iOS 8.2+ and iPadOS 13.1+

• Allow user to add App Clips

If disabled, users can’t add App Clips. Any existing App Clips are removed when this restriction is applied

iOS 14 and iPadOS 14

• Disallow sharing of managed documents with AirDrop

If enabled, the system considers AirDrop to be an unmanaged drop target

No

iOS 9

• Allow managed apps to write contacts to unmanaged contacts accounts

Managed Apps can edit contacts to unmanaged accounts, even if Managed Apps are prevented from editing unmanaged destinations

Default is off

No

iOS 12 and iPadOS 13.1

• Allow unmanaged apps to read from managed contacts accounts

Unmanaged apps can read contacts from managed accounts, even if unmanaged apps are prevented from reading to managed destinations

Default is off

No

iOS 12 and iPadOS 13.1

• Allow server-side Siri logging

if enabled, Allows Siri from logging to its server

iOS 12.2

• Allow shared device temporary session

If disabled, Shared iPad won’t allow a Temporary Session

iPadOS 13.4

• Allow NFC

If disabled, the system disables NFC. Prevents users from using built-in NFC (near–field communications) hardware in compatible devices. 

iOS 14.2

• Allow Apple personalized advertising

If disabled, users’ data won’t be used by the Apple advertising platform to deliver personalized ads.

No

iOS 14 and iPadOS 14

• Allow unpaired external boot to recovery

If enabled, the system allows unpaired devices to boot devices into recovery.

iOS 14.5 and iPadOS 14.5

• Force on-device-only dictation

Prevents dictated content from being sent to Siri servers for processing. Supported on the following devices.

• iPhone XR, iPhone XS, iPhone XS Max or later

• iPad Air (3rd generation), iPad mini (5th generation), iPad Pro (2nd generation) or later

Default is off.

No

iOS 14.5 and iPadOS 14.5

• Force on-device-only translation

Won’t let the device connect to Siri servers for the purposes of translation.

Default is off

No

iOS 14.5 and iPadOS 14.5

• Enforce SSID allowlisting (Deprecated)

N/A

N/A

• Force WiFi to Allowed Networks Only
  • ** The WiFi Network payload must be pushed on the device before the profile, otherwise, the device will not be able to connect to any network and will need to be DFU'd. 

If enabled, the system limits the device to only join Wi-Fi networks set up through a configuration profile.

iOS 14.5 

• Allow Mail Privacy Protection

If disabled, the system disables Mail Privacy Protection on the device.

iOS 15.2

• Preserve eSIM on erase

If enabled,  the system preserves eSIM when it erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset

iOS 17.2 and iPadOS 17.2

• Allow Web Distribution App Installation

If disabled, prevents installation of apps directly from the web

iOS 17.4 

• Allow Auto Dim

If disabled, Prevents a device with a Tandem OLED screen from dimming.

iPadOS 17.4

• Allow eSIM Outgoing Transfers

If disabled , prevents the transfer of an eSIM from the device on which the restriction is installed to a different device.

iOS 18 and iPadOS 18

• 
  Allow Genmoji

If disabled, prevents users from creating a Genmoji.

iOS 18 and iPadOS 18

• Allow Image Wand

If disabled, Prevents users from using Image Wand.

iOS 18 and iPadOS 18

• Allow Writing Tools

If disabled, prevents Apple Intelligence writing tools.

iOS 18 and iPadOS 18

• Allow Image Playground

If disabled, prevents users from using Image Playground.

iOS 18 and iPadOS 18

• Allow Call Recording

If disabled, prevents the use of call recording on iPhone.

iOS 18

• Allow Personalized Handwriting Results

If disabled, Prevents iOS and iPadOS from generating text in the user’s handwriting.

iOS 18 and iPadOS 18

• Allow iPhone Mirroring

If disabled, On iPhone, prevents an iPhone from mirroring to a Mac.

iOS 18

• Allow Apps to be Hidden

If disabled, prevents users from hiding apps.

iOS 18 and iPadOS 18

• Allow Apps to be Locked

If disabled, prevents users from locking apps. If this restriction is used, hiding apps is also prevented.

iOS 18 and iPadOS 18

• Allow Mail Summary

If disabled Prevents the ability to create summaries of email messages manually.

This doesn’t affect automatic summary generation.

iOS 18 and iPadOS 18

• Allow RCS Messaging

If disabled, prevents the use of RCS messaging.

iOS 18 and iPadOS 18

• Allow External intelligence Integrations

If disabled, prevents the use of external, cloud-based intelligence services with Siri. On iOS, this restriction is temporarily allowed on unsupervised and user enrollments. In a future release, this restriction will require supervision, and will be ignored on non-supervised devices. 

No

iOS 18.2 and macOS 15.2

• Allow External Intelligence Integrations Sign In

If false, forces external intelligence providers into anonymous mode. If a user is already signed in to an external intelligence provider, applying this restriction will cause them to be signed out when the next request is attempted. 

No

iOS 18.2 and macOS 15.2

• Allow iCloud Photo Library

If disabled, users can’t use their iCloud Photos.

iOS 9 and IPadOS 13.1

• Allow backup of enterprise books (Back up proprietary in-house books)

If disabled, the system disables backup of Enterprise books.

Users can’t back up books distributed by their organisation to iCloud, the Finder (macOS 10.15 or later) or in iTunes (macOS 10.14 or earlier).

No

iOS 8 and iPadOS 13.1

• Allow notes and highlights sync for enterprise books (Notes and highlights sync for proprietary in-house books)

If disabled, the system disables sync of Enterprise books, notes, and highlights. 

users can’t sync notes or highlights to other devices using iCloud.

No

iOS 8 and iPadOS 13.1

• Allow photo stream

If disabled, the system disables Photo Stream.

No

Only supported on iOS 5  through iOS 16. 

• Allow shared stream

If disabled, the system disables Shared Photo Stream

iOS 6

• Allow managed app to store data in iCloud

If disabled, the system prevents managed apps from using iCloud sync

No

iOS 8

• Allow diagnostic data to be sent to Apple

If disabled, users can’t choose to send diagnostic information to Apple.

No

iOS 6 and iPadOS 13.1

• Allow user to accept untrusted TLS certificates

If disabled, the system automatically rejects untrusted HTTPS certificates without prompting the user.

No

iOS 5

• Force encrypted backup

If enabled, the system encrypts all backups.

No 

iOS 4

• Allow automatic updates to certificate trust settings

If disabled, Automatic updates to certificate trust settings can’t occur.

No

iOS 7

• Force limited ad tracking

If enabled, the system limits ad tracking. Additionally, it disables app tracking and the Allow Apps to Request to Track setting.

No

iOS 7

• Allow Touch ID to unlock device

If disabled, users must use a passcode to unlock the device.

No

iOS 7 and iPadOS 13.1

• Allow Rapid Security Response Instal

If disabled, the system prohibits installation of rapid security responses.

No 

iOS 16 and macOS 13

• Allow Rapid Security Response Removal

If disabled, the system prohibits removal of rapid security responses

No

iOS 16 and macOS 13

• Regions

  • This feature can not be disabled and the default by Apple is the United States. 

• Australia - iOS and tvOS 11.3+ 

• Canada - iOS and tvOS 11.3+

• France - iOS and tvOS 11.3+

• Germany - iOS and tvOS 11.3+

• Ireland - iOS and tvOS 11.3+

• Japan - iOS and tvOS 11.3+

• New Zealand - iOS and tvOS 11.3+

• United Kingdom - iOS and tvOS 11.3+

• United States - iOS and tvOS 11.3+

No

N/A

• Movies

• Do not allow movies 
• G
• PG
• PG-13
• R
• NC-17
• Allow all movies 

No

iOS 5  or iPadOS 13.1

• TV Shows

• Do not allow TV shows 
• TV-Y
• TV-7
• TV-G
• TV-PG
• TV-14
• TV-MA
• Allow all TV shows 

No

iOS 5  or iPadOS 13.1

• Apps

• Do not allow apps
• 4+ 
• 9+
• 12+
• 17+
• Allow all apps 

No

iOS 5  or iPadOS 13.1

• Delay user visibility of all OS software updates

If enabled, the system delays user visibility of software updates. In macOS, the system allows seed build updates without delay. The delay is 30 days unless you set another value under hid all software updates. 

iOS 11.3 and macOS 10.13.4  and tvOS 12.2  

• Hide all software updates until X - Days after release date

Allows admins to determine how many days to delay a software update on the device. With this restriction in place, the user doesn’t see a software update until the specified number of days after the software update release date

Max # of days is 90

iOS 11.3 and macOS 10.13.4  and tvOS 12.2  

If disabled, the system disables the use of iMessage on supervised devices. If the device supports text messaging, the user can still send and receive text messages. 

For Wi-Fi–only devices, the Messages app is hidden. 

iOS 5 and iPadOS 13.1

If disabled, the Game Center app and its icon are removed.

iOS 6 and iPadOS 13.1

If disabled, the system removes the Book Store tab from the Books app.

iOS 6 and iPadOS 13.1

If disabled, the system prevents the user from downloading Apple Books media that’s tagged as erotica. 

iOS 4.0, iPadOS 13.1,  macOS 15, and tvOS 17 

If disabled, the system disables podcasts

iOS 8 and iPadOS 13.1

If disabled , the system disables the App Store, and the systems removes its icon from the Home screen. However, users can continue to use host apps such as iTunes or Configurator to install or update their apps.

In iOS 10 and later, MDM commands can override this restriction.

iOS 9  and iPadOS 13.1

If disabled, users can’t use the News app

iOS 9 and iPadOS 13.1

If disabled, users can’t use Apple Music

iOS 9.3 and iPadOS 13.1

If disabled, sers can’t listen to the radio with Apple Music.

iOS 9.3 and iPadOS 13.1

iOS 7 and iPadOS 13.1

N/A

If disabled, the system prohibits the user from installing configuration profiles and certificates interactively. 

iOS 6, iPadOS 13.1, and macOS 13

If disabled, the system prohibits adding friends to Game Center.

iOS 5, iPadOS 13.1 and macOS 10.13

If disabled, the system disables modification of accounts such as Apple IDs and Internet-based accounts such as Mail, Contacts, and Calendar.
Users can’t create new accounts or change their username, password, or other settings associated with their account.

iOS 7 and iPadOS 13.1

If disabled, users can’t use AirDrop.

iOS 7 and iPadOS 13.1 and macOS 10.13

If disabled, the system disables changing settings for cellular data usage for apps.

iOS 7 and iPadOS 13.1

If disabled, Siri can’t access content from sources that allow user-generated content, such as Wikipedia.

iOS 7 and iPadOS 13.1

If disabled, the system disables Find My Device in the Find My app

iOS 13, iPadOS 13.1 and macOS 10.15

If disabled, the system disables Find My Friends in the Find My app

iOS 13, iPadOS 13.1 and macOS 10.15

If disabled, the system disables changes to Find My Friends.

iOS 7, iPadOS 13.1 and macOS 10.15

If disabled, the system disables host pairing with the exception of the supervision host. If there’s no configured supervision host certificate, the system disables all pairing. Host pairing lets the administrator control if an iOS device can pair with a host Mac or PC. 

iOS 7 or iPadOS 13.1

If disabled, Users can’t play multiplayer games in Game Center.

iOS 4 .1 and iPadOS 13.1 and MacOS 10.12

If enabled, the system prevents turning off Wi-Fi in Settings or Control Center, even by entering or leaving Airplane Mode. It doesn’t prevent selecting which Wi-Fi network to use.

iOS  13.0

If enabled, the system forces the use of the profanity filter assistant. 

iOS 11 and iPadOS 13.1 and macOIS 

If disabled, the system prevents connecting to network drives in the Files app.

iOS 13.1 and iPadOS 13.1

If disabled, the system prevents connecting to any connected USB devices in the Files app

iOS 13.1

If disabled, the system disables the Enable Restrictions option in the Restrictions UI in Settings. In iOS 12 and later, the system disables the Enable ScreenTime option in the ScreenTime UI in Settings and disables ScreenTime if already enabled.

iOS 8

If disabled, the system disables the Erase All Content and Settings option in the Reset UI.

iOS 8, iPadOS 13.1 and macOS 12

If disabled, the system disables Spotlight Internet search results in Siri Suggestions. 

iOS 8, iPadOS 13.1 and macOS 10.11

If disabled, the system disables keyboard autocorrection. 

iOS 8.1.3, iPadOS 13.1

If disabled, the system disables the keyboard spell checker. 

iOS 8.1.3, iPadOS 13.1

If disabled, the system disables definition lookup. 

iOS 8.1.3, iPadOS 13.1 and macOS 10.11

If disabled, the system disables predictive keyboards. 

iOS 8.1.3, iPadOS 13.1 and macOS 10.11

If disabled,  the system disables QuickPath keyboard

iOS 13 and iPadOS 13.1

If disabled, the system disables keyboard shortcuts. 

iOS 9 and iPadOS 13.1

If disabled,  the system disables pairing with an Apple Watch, and the system unpairs any currently paired Apple Watch and erases its content.

iOS 9 and iPadOS 13.1

If disabled, the system prevents adding, changing, or removing the passcode. The system ignores this restriction on Shared iPad

iOS 9, iPadOS 13.1 and macOS 10.13

If disabled, the system prevents the user from changing the device name.

iOS 9, iPadOS 13.1, macOS 14 and tvOS 11.0

When enabled, the system allows the dashboard to push the currently configured hostname in the dashboard to the device. 

iOS 9, tvOS 10.2 and macOS 15.1

If disabled, the system prevents changing the wallpaper.

iOS 9, iPadOS 13.1 and macOS 10.13

If disabled, the system prevents automatic downloading of apps purchased on other devices. This setting doesn’t affect updates to existing apps

iOS 9 and iPadOS 13.1 

If disabled, the system removes the Trust Enterprise Developer button in Settings > General > Profiles & Device Management, which prevents provisioning apps by universal provisioning profiles. This restriction applies to free developer accounts. However, it doesn’t apply to enterprise app developers, because they’re trusted and the system installed their apps through MDM. It also doesn’t revoke previously granted trust. 

iOS 9 and iPadOS 13.1 

If disabled, the system disables modification of notification settings.

iOS 9.3 and iPadOS 13.1 

If disabled, the system disables changing the diagnostic submission and app analytics settings in the Diagnostics & Usage UI in Settings.

iOS 9.3.2 and iPadOS 13.1

If disabled, the system prevents modification of Bluetooth settings

iOS 11 and iPadOS 13.1

If disabled, the system disallows dictation input.

iOS 10.3, iPadOS 13.1 and macOS 10.13

If disabled, the system disables AirPrint.

iOS 11 and iPadOS 13.1

If disabled, the system disables keychain storage of user name and password for AirPrint

iOS 11 and iPadOS 13.1

If enabled,  the system requires trusted certificates for TLS printing communication.

iOS 11 and iPadOS 13.1

If disabled,  the system disables iBeacon discovery of AirPrint printers, which prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. 

iOS 11 and iPadOS 13.1

If disabled,  the system disables the removal of system apps from the device

iOS 11 and iPadOS 13.1

If disabled,  the system disables the creation of VPN configurations

iOS 11 and iPadOS 13.1

If disabled, the system allows iOS devices to always connect to USB accessories while locked. On macOS, allows new USB and Thunderbolt accessories and SD cards to connect without authorization. If the system has Lockdown mode enabled, it ignores this value. 

iOS 11.4.1, iPadOS 13.1 and macOS 13

If enabled, the system enables the Set Automatically feature in Date & Time and the user can’t disable it. The system updates the device’s time zone only when the device can determine its location using a cellular connection or Wi-Fi with location services enabled. 

iOS 12, iPadOS 13.1 and tvOS 12.2

If disabled,  the system disables:

• The AutoFill Passwords feature in iOS, with Keychain and third-party password managers
• Prompting the user to use a saved password in Safari or in apps
• Automatic strong passwords
• Suggesting strong passwords to users

However the system does not prevent autofill contact info and credit cards in safari

iOS 12, iPadOS 13.1 and macOS 10.14

If disabled, the system disables requesting passwords from nearby devices. 

iOS 12, iPadOS 13.1, macOS 10.14 and tvOS 12

If disabled, the system disables sharing passwords with the Airdrop Passwords feature.

iOS 12, iPadOS 13.1 and macOS 10.14

If disabled, he system disables modifications to carrier plan related settings.

iOS 11 

If disabled, the system disables modifications of the personal hotspot setting.

iOS 12.2

If disabled, the system disallows iPhone widgets on a Mac that has signed in the same Apple ID for iCloud.

iOS 17

If disabled,  the system disables live voicemail on the device.

iOS 17.2

If disabled, the system prevents installation of alternative marketplace apps from the web and prevents any installed alternative marketplace apps from installing apps.

iOS 17.4

If disabled, the system disables document and key-value syncing to iCloud.

iOS 5, iPadOS 13.1 and macOS  10.11

If disabled, the system disables iCloud keychain synchronization.

iOS 7, iPadOS 13.1 and macOS 10.12

If disabled, the system disables backing up the device to iCloud.

iOS 5, iPadOS 13.1

If disabled, the system prevents the user from modifying Touch ID or Face ID

iOS 8.3, iPadOS 13.1 and macOS 14

If disabled, the system hides explicit music or video content purchased from the iTunes Store. The system marks explicit content as such by content providers, such as record labels, when sold through the iTunes Store. Explicit content in the News and Podcast apps is also hidden.

iOS 4.0, iPadOS 13.1, macOS 15 and tvOS 11.3

• Force Classroom to automatically join classes

If Enabled, the system automatically gives permission to the teacher’s requests without prompting the student. 

iOS 11, iPadOS 13.1 and macOS 10.14.4

• Require permission to leave classes

If enabled, a student enrolled in an unmanaged course through Classroom needs to request permission from the teacher to leave the course.

iOS 11.3, iPadOS 13.1 and macOS 10.14.4

• Allow unprompted App and Device Lock

If enabled, the system allows the teacher to lock apps or the device without prompting the student.

iOS 11, iPadOS 13.1 and macOS 10.14.4

• Automatically grant observation permission to teachers using Classroom app

If enable and the setting for  "ScreenObservationPermissionModificationAllowed" is also enabled in the Education payload, a student enrolled in a managed course through the Classroom app automatically gives permission to that course teacher’s requests to observe the student’s screen without prompting the student.

iOS 11, iPadOS 13.1 and macOS 10.14.4

• Allow Use of Camera

If disabled - Cameras are disabled and the Camera icon is removed from the Home Screen in iOS and iPadOS. Users can’t take photographs or videos.

macOS 10.11+

• Allow screen capture

When disabled - Users can’t save a screenshot or recording of the screen.

No 

macOS 10.14.4+

• Allow device assistant (Siri/Cortana)

When disabled - Siri/Cortana can't be used. 

No

macOS 14

If disabled, the system disables iTunes file sharing services. 

No

macOS 10.13

If disabled,  prevents modification of Media Sharing settings.

macOS 15.1

If disabled, the system disables remote screen observation by the Classroom app.

macOS 10.14.4

If enabled, helps control the pasting of content from an app that’s using Open In management by following the Managed Open In restrictions in force. Apple apps that work with the managed pasteboard include Calendar, Files, Mail and Notes. Third-party apps are controlled based on whether they’re managed. When a user attempts to paste content where it isn’t permitted, a Paste Not Allowed notice appears along with the organisation’s name (which can be changed using the Settings command). Apps also can’t request items from the pasteboard when this restriction is used and the content crosses the managed boundary.

Default is off 

No

macOS

Users can’t use Handoff with their Apple devices.

No

iOS 8,  iPadOS 13.1 and macOS 10.15

If disabled, the system disables Universal Control.

No

macOS 13

If disabled, prevents a user with the role of administrator from creating new users in Users & Groups.

No

macOS 14

• Allow Remote Apple Events Modification

If disabled, prevents the user from modifying remote Apple events settings.

No

macOS 14

• Allow ARD Remote Management Modification

If disabled, prevents the user from modifying Remote Desktop management settings.

No

macOS 14

• Allow Startup Disk Modification

If disabled, prevents the user from selecting a different startup disk.

No

macOS 14

• Allow Time Machine Backup

If disabled, prevents the user from setting up and using a Time Machine backup.

No

macOS 14

• Allow Bluetooth Sharing Modification

If disabled, prevents the user from modifying Bluetooth® settings.

No

macOS 14

• Allow File Sharing Modification

If disabled, revents the user from modifying file sharing settings.

No

macOS 14

• Allow Internet Sharing Modification

If disabled, revents the user from modifying internet sharing settings.

No

macOS 14

• Allow Printer Sharing Modification

If disabled, prevents the user from modifying printer sharing settings.

No

macOS 14

If disabled, prevents the use of external, cloud-based intelligence services with Siri. On iOS, this restriction is temporarily allowed on unsupervised and user enrollments. In a future release, this restriction will require supervision, and will be ignored on non-supervised devices. Available in iOS 18.2 and later, and macOS 15.2 and later.

No

iOS 18.2 and macOS 15.2

• Allow External Intelligence Integrations Sign In

If false, forces external intelligence providers into anonymous mode. If a user is already signed in to an external intelligence provider, applying this restriction will cause them to be signed out when the next request is attempted. Available in iOS 18.2 and later, and macOS 15.2 and later.

No

iOS 18.2 and macOS 15.2

• Allow iCloud Photo Library

If disabled, users can’t use their iCloud Photos.

iOS 9 and IPadOS 13.1 and macOS 10.12

• Allow Back to My Mac

• Allow Find My Mac

If disabled, users can't use Find My Device services

No

iOS 13, iPadOS 13.1 and macOS 10.15

• Allow Bookmark sync

If disabled, the system disables iCloud Bookmark sync. Bookmarks won't be uploaded to the cloud

No

macOS 10.12

• Allow Mail sync

If disabled, the system disables iCloud Mail services. Mail won't be uploaded to the cloud

No

macOS 10.12

• Allow Calendar sync

If disabled, the system disables iCloud Calendar services. Calendar won't be uploaded to the cloud

No

macOS 10.12

• Allow Reminder sync

If disabled, the system disables iCloud Reminder services. Reminders won't be uploaded to the cloud

No

macOS 10.12

• Allow Address Book sync

If disabled, the system disables iCloud Address Book services.  Address Book won't be uploaded to the cloud

No

macOS 10.12

• Allow Notes sync

If disabled,  the system disables iCloud Notes services.  Notes won't be uploaded to the cloud

No

macOS 10.12

macOS 10.12.4

If disabled, prevents the user from storing Freeform files in iCloud

macOS 14

If disabled, users can’t choose to send diagnostic information to Apple.

No

MacOS 10.13

If disabled, users must use a passcode to unlock the device.

No

iOS 7 and iPadOS 13.1 and mac OS 10.12.4

If disabled, the system prohibits installation of rapid security responses.

No 

iOS 16 and macOS 13

• Allow Rapid Security Response Removal

If disabled, the system prohibits removal of rapid security responses

No

iOS 16 and macOS 13

• Delay user visibility of all OS software updates

If enabled, the system delays user visibility of software updates. In macOS, the system allows seed build updates without delay. The delay is 30 days unless you set another value under hid all software updates. 

iOS 11.3 and macOS 10.13.4  and tvOS 12.2  

• Hide all software updates until X - Days after release date

Allows admins to determine how many days to delay a software update on the device. With this restriction in place, the user doesn’t see a software update until the specified number of days after the software update release date

Max # of days is 90

iOS 11.3 and macOS 10.13.4  and tvOS 12.2  

• Hide minor software updates until "X - Days" after release date

• Delay user visibility of major OS software updates

• Delay user visibility of non-OS Software Updates

• Enable Safari autofill

• Allow Game Center

• Allow UI configuration profile installation

• Allow adding Game Center friends

• Allow modifying account settings

• Allow AirDrop

• Allow multiplayer gaming

• Allow Internet results in Spotlight

• Allow definition lookup

• Allow modification of passcode settings

• Allow modification of device name

• Allow modification of wallpaper

• Allow dictation input

macOS 10.13

• Enable USB Restricted Mode

If disabled, the system allows iOS devices to always connect to USB accessories while locked. On macOS, allows new USB and Thunderbolt accessories and SD cards to connect without authorization. If the system has Lockdown mode enabled, it ignores this value. 

iOS 11.4.1, iPadOS 13.1 and macOS 13

• Allow users to use saved passwords in Safari and AutoFill Passwords feature

If disabled,  the system disables:

• The AutoFill Passwords feature in iOS, with Keychain and third-party password managers
• Prompting the user to use a saved password in Safari or in apps
• Automatic strong passwords
• Suggesting strong passwords to users

However the system does not prevent autofill contact info and credit cards in safari

iOS 12, iPadOS 13.1 and macOS 10.14

• Allow users device to request passwords from nearby devices

If disabled, the system disables requesting passwords from nearby devices. 

iOS 12, iPadOS 13.1, macOS 10.14 and tvOS 12

• Allow users to share their passwords with the Airdrop Passwords feature

If disabled, the system disables sharing passwords with the Airdrop Passwords feature.

iOS 12, iPadOS 13.1 and macOS 10.14

• Allow document sync

If disabled, the system disables document and key-value syncing to iCloud. Shared iPad doesn’t support it. 

iOS 5 and macOS 10.11 and later.

• Allow cloud Keychain sync

If disabled, the system disables iCloud keychain synchronization

iOS 7, iPadOS 13.1 and macOS 10.12

• Allow modification of Touch ID or Face ID

iOS 8.3, iPadOS 13.1 and macOS 14

• Force Classroom to automatically join classes

If Enabled, the system automatically gives permission to the teacher’s requests without prompting the student. 

iOS 11, iPadOS 13.1 and macOS 10.14.4

• Require permission to leave classes

If enabled, a student enrolled in an unmanaged course through Classroom needs to request permission from the teacher to leave the course.

iOS 11.3, iPadOS 13.1 and macOS 10.14.4

• Allow unprompted App and Device Lock

If enabled, the system allows the teacher to lock apps or the device without prompting the student.

iOS 11, iPadOS 13.1 and macOS 10.14.4

• Automatically grant observation permission to teachers using Classroom app

If enable and the setting for  "ScreenObservationPermissionModificationAllowed" is also enabled in the Education payload, a student enrolled in a managed course through the Classroom app automatically gives permission to that course teacher’s requests to observe the student’s screen without prompting the student.

iOS 11, iPadOS 13.1 and macOS 10.14.4

If disabled, users can’t use the Apple TV Remote app to control the Apple TV.

Yes

• Australia - iOS and tvOS 11.3+ 

• Canada - iOS and tvOS 11.3+

• France - iOS and tvOS 11.3+

• Germany - iOS and tvOS 11.3+

• Ireland - iOS and tvOS 11.3+

• Japan - iOS and tvOS 11.3+

• New Zealand - iOS and tvOS 11.3+

• United Kingdom - iOS and tvOS 11.3+

• United States - iOS and tvOS 11.3+

No

• Allow use of camera

• Allow installing apps

• Allow use of camera

• Allow device assistant (Siri/Cortana)