CalvinBackup/apple_device-management
1
0
Fork 0
mirror of https://github.com/apple/device-management.git synced 2026-02-12 21:03:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bfcc8bbd01bd384582da322fd6c46c1a5e00e8c6
apple_device-management/mdm/profiles/com.apple.applicationaccess.yaml
Cyrus Daboo bfcc8bbd01 Release-v26.1
2025-11-04 12:35:42 -08:00

4706 lines
114 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
title: Restrictions
description: The payload that configures restrictions on a device.
payload:
payloadtype: com.apple.applicationaccess
supportedOS:
iOS:
introduced: '4.0'
multiple: true
supervised: false
allowmanualinstall: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: true
userenrollment:
mode: allowed
macOS:
introduced: '10.7'
multiple: true
devicechannel: true
userchannel: true
supervised: false
requiresdep: false
userapprovedmdm: false
allowmanualinstall: true
userenrollment:
mode: allowed
tvOS:
introduced: '9.0'
multiple: true
supervised: false
allowmanualinstall: true
visionOS:
introduced: '1.1'
multiple: true
supervised: false
allowmanualinstall: true
userenrollment:
mode: allowed
watchOS:
introduced: '10.0'
multiple: true
supervised: false
allowmanualinstall: true
payloadkeys:
- key: allowAccountModification
supportedOS:
iOS:
introduced: '7.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
supervised: true
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables modification of accounts, such as Apple
Accounts, and internet-based accounts, such as Mail, Contacts, and Calendar.
- key: allowActivityContinuation
title: Allow Handoff
supportedOS:
iOS:
introduced: '8.0'
userenrollment:
mode: forbidden
macOS:
introduced: '10.15'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables activity continuation. Support for this
restriction on unsupervised devices and with Managed Apple Accounts is deprecated.
In a future release, this restriction will begin requiring supervision and will
apply to personal Apple Accounts only.
- key: allowAddingGameCenterFriends
title: Allow Adding Game Center Friends
supportedOS:
iOS:
introduced: 4.2.1
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prohibits adding friends to Game Center. Requires
a supervised device in iOS 13 and later.
- key: allowAirDrop
supportedOS:
iOS:
introduced: '7.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables AirDrop.
- key: allowAirPlayIncomingRequests
title: Allow incoming AirPlay requests
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '12.3'
userenrollment:
mode: forbidden
tvOS:
introduced: '10.2'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables incoming AirPlay requests.
- key: allowAirPrint
title: Allow AirPrint
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables AirPrint.
- key: allowAirPrintCredentialsStorage
title: Allow storage of AirPrint credentials in Keychain
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Keychain storage of user name and password
for AirPrint.
- key: allowAirPrintiBeaconDiscovery
title: Allow discovery of AirPrint printers using iBeacons
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iBeacon discovery of AirPrint printers,
which prevents spurious AirPrint Bluetooth beacons from phishing for network traffic.
- key: allowAppCellularDataModification
title: Allow Modifying Cellular Data Usage for Apps Settings
supportedOS:
iOS:
introduced: '7.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables changing settings for cellular data usage
for apps.
- key: allowAppClips
title: Allow App Clips
supportedOS:
iOS:
introduced: '14.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents a user from adding any App Clips, and removes
any existing App Clips on the device.
- key: allowAppInstallation
title: Allow App Installation
supportedOS:
iOS:
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
supervised: true
type: <boolean>
presence: optional
default: true
content: |-
If `false`, the system disables the App Store and removes its icon from the Home Screen. Users are unable to install or update their apps. This applies to App Store apps, marketplace apps, and locally installed apps (using Configurator, Xcode, and so forth).
In iOS 10 and later, MDM commands can override this restriction. Requires a supervised device in iOS 13 and later.
- key: allowAppleIntelligenceReport
title: Allow Apple Intelligence Report
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Apple Intelligence reports.
- key: allowApplePersonalizedAdvertising
supportedOS:
iOS:
introduced: '14.0'
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
introduced: '12.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system limits Apple personalized advertising.
- key: allowAppRemoval
title: Allow App Removal
supportedOS:
iOS:
introduced: 4.2.1
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
supervised: true
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables removal of apps from an iOS device. This
applies to App Store apps, marketplace apps, and locally installed apps (using
Configurator, Xcode, and so forth).
- key: allowAppsToBeHidden
title: Allow Hiding Apps
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables the ability for the user to hide apps. It doesn't
affect the user's ability to leave it in the App Library, while removing it from
the Home Screen.
- key: allowAppsToBeLocked
title: Allow Locking Apps
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables the ability for the user to lock apps. Because hiding
apps also requires locking them, disallowing locking also disallows hiding.
- key: allowARDRemoteManagementModification
title: Allow modifying Remote Management Sharing setting
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modifying the Remote Management Sharing
setting in System Settings.
- key: allowAssistant
title: Allow Siri
supportedOS:
iOS:
introduced: '5.0'
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Siri.
- key: allowAssistantUserGeneratedContent
supportedOS:
iOS:
introduced: '7.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
supervised: true
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents Siri from querying user-generated content
from the web.
- key: allowAssistantWhileLocked
title: Allow Siri While Locked
supportedOS:
iOS:
introduced: '5.1'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Siri when the device is locked. The system
ignores this restriction if the device doesn't have a passcode set.
- key: allowAutoCorrection
title: Allow Auto Correction
supportedOS:
iOS:
introduced: 8.1.3
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables keyboard autocorrection.
- key: allowAutoDim
title: Allow Auto Dim
supportedOS:
iOS:
introduced: '17.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables auto dim on iPads with OLED displays.
- key: allowAutomaticAppDownloads
title: Allow Automatic App Downloads
supportedOS:
iOS:
introduced: '9.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
supervised: true
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents automatic downloading of apps purchased
on other devices. This setting doesn't affect updates to existing apps.
- key: allowAutomaticScreenSaver
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: n/a
tvOS:
introduced: '15.4'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Apple TV's automatic screen saver.
- key: allowAutoUnlock
supportedOS:
iOS:
introduced: '14.5'
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disallows auto unlock. Support for this restriction
on unsupervised devices is deprecated.
- key: allowBluetoothModification
title: Allow modifying Bluetooth settings
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '13.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modification of Bluetooth settings.
- key: allowBluetoothSharingModification
title: Allow modifying Bluetooth Sharing setting
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modifying Bluetooth settings in System
Settings.
- key: allowBookstore
title: Allow Bookstore
supportedOS:
iOS:
introduced: '6.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system removes the Book Store tab from the Books app.
- key: allowBookstoreErotica
title: Allow Bookstore Erotica
supportedOS:
iOS:
introduced: '6.0'
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '11.3'
deprecated: '17.0'
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents the user from downloading Apple Books media
that's tagged as erotica. Support for this restriction on unsupervised devices
is deprecated.
- key: allowCallRecording
title: Allow Call Recording
supportedOS:
iOS:
introduced: '18.1'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables call recording.
- key: allowCamera
title: Allow Camera Use
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: '10.11'
userenrollment:
mode: forbidden
tvOS:
introduced: '17.0'
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the camera and removes its icon from the
Home Screen, and users are unable to take photographs. Support for this restriction
on unsupervised devices is deprecated.
- key: allowCellularPlanModification
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents users from changing settings related to
their cellular plan (available only on select carriers).
- key: allowChat
title: Allow use of iMessage
supportedOS:
iOS:
introduced: '5.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the use of iMessage with supervised devices.
If the device supports text messaging, the user can still send and receive text
messages.
- key: allowCloudAddressBook
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Contacts services.
- key: allowCloudBackup
title: Allow iCloud Backup
supportedOS:
iOS:
introduced: '5.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables backing up the device to iCloud. Support
for this restriction on unsupervised devices is deprecated.
- key: allowCloudBookmarks
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Bookmark sync.
- key: allowCloudCalendar
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Calendar services.
- key: allowCloudDesktopAndDocuments
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: 10.12.4
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Desktop and Document services.
- key: allowCloudDocumentSync
title: Allow iCloud Document Sync
supportedOS:
iOS:
introduced: '5.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '10.11'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables document and key-value syncing to iCloud.
Requires a supervised device in iOS 13 and later, and Shared iPad doesn't support
it. Support for this restriction on unsupervised devices and with Managed Apple
Accounts is deprecated.
- key: allowCloudFreeform
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disallows iCloud Freeform services.
- key: allowCloudKeychainSync
supportedOS:
iOS:
introduced: '7.0'
userenrollment:
mode: forbidden
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Keychain synchronization. Support
for this restriction on unsupervised devices and with Managed Apple Accounts is
deprecated.
- key: allowCloudMail
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Mail services.
- key: allowCloudNotes
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Notes services.
- key: allowCloudPhotoLibrary
title: Allow iCloud Photo Library
supportedOS:
iOS:
introduced: '9.0'
userenrollment:
mode: forbidden
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Photo Library. The system removes
any photos from local storage that aren't fully downloaded from iCloud Photo Library
to the device. Support for this restriction on unsupervised devices and with Managed
Apple Accounts is deprecated.
- key: allowCloudPrivateRelay
supportedOS:
iOS:
introduced: '15.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '12.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Private Relay. Support for this
restriction on unsupervised devices and with Managed Apple Accounts is deprecated.
- key: allowCloudReminders
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iCloud Reminder services.
- key: allowContentCaching
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.13'
userchannel: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables content caching. This restriction is not
supported on the user channel.
- key: allowContinuousPathKeyboard
title: Allow Continuous Path Keyboard
supportedOS:
iOS:
introduced: '13.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables QuickPath keyboard.
- key: allowDefaultBrowserModification
title: Allow default browser modification
supportedOS:
iOS:
introduced: '18.2'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables default browser preference modification. The MDM Settings
command to set the default browser preference still works when applying this.
- key: allowDefaultCallingAppModification
title: Allow default calling app modification
supportedOS:
iOS:
introduced: '18.4'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables default calling app preference modification. The MDM
Settings command to set the default calling app preference still works when applying
this.
- key: allowDefaultMessagingAppModification
title: Allow default messaging app modification
supportedOS:
iOS:
introduced: '18.4'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables default messaging app preference modification. The
MDM Settings command to set the default messaging app preference still works when
applying this.
- key: allowDefinitionLookup
title: Allow Define
supportedOS:
iOS:
introduced: 8.1.3
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.11'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables definition lookup.
- key: allowDeviceNameModification
title: Allow Modifying Device Name
supportedOS:
iOS:
introduced: '9.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '11.0'
supervised: true
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents the user from changing the device name.
- key: allowDeviceSleep
title: Allow Device Sleep
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: n/a
tvOS:
introduced: '13.0'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents the device from automatically sleeping.
- key: allowDiagnosticSubmission
title: Allow diagnostic submission
supportedOS:
iOS:
introduced: '6.0'
macOS:
introduced: '10.13'
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents the device from automatically submitting
diagnostic reports to Apple.
- key: allowDiagnosticSubmissionModification
title: Allow modifying diagnostics settings
supportedOS:
iOS:
introduced: 9.3.2
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables changing the diagnostic submission and
app analytics settings in the Diagnostics & Usage UI in Settings.
- key: allowDictation
title: Allow dictation
supportedOS:
iOS:
introduced: '10.3'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disallows dictation input.
- key: allowedCameraRestrictionBundleIDs
title: Allowed Exceptions to Camera Restriction
supportedOS:
iOS:
introduced: '26.0'
supervised: true
allowmanualinstall: false
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: If present, the system exempts apps with bundle IDs in the array from the
`allowCamera` restriction. The system doesn't grant these apps access to the camera
automatically; they're only exempted from the `allowCamera` restriction. This
key has no effect when the camera isn't restricted. Multiple payloads combine
using an intersect operation. Requires a supervised device.
subkeys:
- key: bundleIDException
title: Bundle ID to be excepted
type: <string>
- key: allowedExternalIntelligenceWorkspaceIDs
title: Allowed External Intelligence Workspace IDs
supportedOS:
iOS:
introduced: '18.3'
supervised: true
allowmanualinstall: false
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.3'
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
allowmanualinstall: false
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <array>
presence: optional
content: An array of strings, but currently restricted to a single element. If present,
Apple Intelligence allows use of only the given external integration workspace
ID, and requires a sign-in to make requests. The user is required to sign in to
integrations that support signing in. Multiple payloads combine using an intersect
operation. This means the allowed set of workspace IDs can become the empty set
if multiple payloads specify conflicting values.
subkeys:
- key: allowedWorkspaceID
title: Allowed Workspace ID
type: <string>
- key: allowEnablingRestrictions
title: Allow Configuring Restrictions or ScreenTime
supportedOS:
iOS:
introduced: '8.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the Enable Restrictions option in the Restrictions
UI in Settings. If `false` in iOS 12 and later, the system disables the Enable
ScreenTime option in the ScreenTime UI in Settings and disables ScreenTime if
already enabled.
- key: allowEnterpriseAppTrust
title: Allow Trusting Enterprise Apps
supportedOS:
iOS:
introduced: '9.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system removes the Trust Enterprise Developer button in
Settings > General > VPN & Device Management, which prevents provisioning apps
by universal provisioning profiles. This restriction applies to free developer
accounts and enterprise app developers that aren't implicitly trusted by apps
that install through MDM. This restriction doesn't revoke previously granted trust.
- key: allowEnterpriseBookBackup
title: Allow Enterprise Books Backup
supportedOS:
iOS:
introduced: '8.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables backup of Enterprise books.
- key: allowEnterpriseBookMetadataSync
title: Allow Enterprise Books Notes and Highlights Sync
supportedOS:
iOS:
introduced: '8.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables sync of Enterprise books, notes, and highlights.
- key: allowEraseContentAndSettings
title: Allow Erase All Content and Settings
supportedOS:
iOS:
introduced: '8.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '12.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the Erase All Content and Settings option
in the Reset UI.
- key: allowESIMModification
title: Allow eSIM Modification
supportedOS:
iOS:
introduced: '12.1'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables modifications of eSIMs.
- key: allowESIMOutgoingTransfers
title: Allow eSIM Outgoing Transfers
supportedOS:
iOS:
introduced: '18.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, prevents the transfer of an eSIM from the device on which the
restriction is installed to a different device.
- key: allowExplicitContent
title: Allow Explicit Content
supportedOS:
iOS:
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '11.3'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: |-
If `false`, the system hides explicit music or video content purchased from the iTunes Store. The system marks explicit content as such by content providers, such as record labels, when sold through the iTunes Store. Explicit content in the News and Podcast apps is also hidden.
Requires a supervised device in iOS 13 and later. Support for this restriction on unsupervised devices is deprecated.
- key: allowExternalIntelligenceIntegrations
title: Allow external intelligence integrations
supportedOS:
iOS:
introduced: '18.2'
sharedipad:
mode: forbidden
userenrollment:
mode: allowed
macOS:
introduced: '15.2'
userenrollment:
mode: allowed
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
userenrollment:
mode: allowed
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables the use of external, cloud-based intelligence services
with Siri. In iOS, this restriction is temporarily allowed on unsupervised and
user enrollments. In a future release, this restriction will require supervision,
and will be ignored on unsupervised devices.
- key: allowExternalIntelligenceIntegrationsSignIn
title: Allow external intelligence integrations sign-in
supportedOS:
iOS:
introduced: '18.2'
sharedipad:
mode: forbidden
userenrollment:
mode: allowed
macOS:
introduced: '15.2'
userenrollment:
mode: allowed
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
userenrollment:
mode: allowed
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, forces external intelligence providers into anonymous mode.
If a user is already signed in to an external intelligence provider, applying
this restriction signs them out when attempting the next request.
- key: allowFileSharingModification
title: Allow modifying File Sharing setting
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modifying File Sharing setting in System
Settings.
- key: allowFilesNetworkDriveAccess
supportedOS:
iOS:
introduced: '13.1'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents connecting to network drives in the Files
app.
- key: allowFilesUSBDriveAccess
supportedOS:
iOS:
introduced: '13.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents connecting to any connected USB devices
in the Files app.
- key: allowFindMyDevice
supportedOS:
iOS:
introduced: '13.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '10.15'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Find My Device in the Find My app.
- key: allowFindMyFriends
supportedOS:
iOS:
introduced: '13.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '10.15'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Find My Friends in the Find My app.
- key: allowFindMyFriendsModification
supportedOS:
iOS:
introduced: '7.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables changes to Find My Friends.
- key: allowFingerprintForUnlock
title: Allow Touch ID to Unlock Device
supportedOS:
iOS:
introduced: '7.0'
userenrollment:
mode: forbidden
macOS:
introduced: 10.12.4
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents Touch ID, Face ID, or Optic ID from unlocking
a device. Support for this restriction on unsupervised devices is deprecated.
- key: allowFingerprintModification
title: Allow Modifying Touch ID Fingerprints
supportedOS:
iOS:
introduced: '8.3'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents the user from modifying Touch ID or Face
ID.
- key: allowGameCenter
title: Allow Game Center
supportedOS:
iOS:
introduced: '6.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Game Center, and the system removes its
icon from the Home Screen.
- key: allowGenmoji
title: Allow Genmoji
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, prohibits creating new Genmoji.
- key: allowGlobalBackgroundFetchWhenRoaming
title: Allow Automatic Sync While Roaming
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables global background fetch activity when an
iOS phone is roaming. Support for this restriction on unsupervised devices is
deprecated.
- key: allowHostPairing
supportedOS:
iOS:
introduced: '7.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables host pairing with the exception of the
supervision host. If there's no configured supervision host certificate, the system
disables all pairing. Host pairing lets the administrator control whether an iOS
device can pair with a host Mac or PC.
- key: allowImagePlayground
title: Allow Image Playground
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, prohibits the use of image generation.
- key: allowImageWand
title: Allow Image Wand
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, prohibits the use of Image Wand.
- key: allowInAppPurchases
title: Allow In App Purchases
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prohibits in-app purchasing. Support for this restriction
on unsupervised devices is deprecated.
- key: allowInternetSharingModification
title: Allow modifying Internet Sharing setting
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modifying the Internet Sharing setting
in System Settings.
- key: allowiPhoneMirroring
title: Allow iPhone mirroring
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, prohibits the use of iPhone Mirroring. In macOS, this prevents
the Mac from mirroring any iPhone. In iOS, this prevents the iPhone from mirroring
to any Mac.
- key: allowiPhoneWidgetsOnMac
title: Allow iPhone widget on Mac
supportedOS:
iOS:
introduced: '17.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disallows iPhone widgets on a Mac that signs in
with the same Apple Account for iCloud.
- key: allowiTunes
title: Allow use of iTunes
supportedOS:
iOS:
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the iTunes Music Store and removes its
icon from the Home Screen. Users can't preview, purchase, or download content.
Requires a supervised device in iOS 13 and later.
- key: allowiTunesFileSharing
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables iTunes file sharing services.
- key: allowKeyboardShortcuts
title: Allow Keyboard Shortcuts
supportedOS:
iOS:
introduced: '9.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables keyboard shortcuts.
- key: allowListedAppBundleIDs
title: Allow Listed Apps
supportedOS:
iOS:
introduced: '15.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: '15.0'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: If present, the system only shows or can launch apps with bundle IDs in
the array. Include the value `com.apple.webapp` to allow all webclips. This applies
to App Store apps, marketplace apps, and locally installed apps (using Configurator,
Xcode, and so forth).
subkeys:
- key: appAllowlistedBundleID
title: Allow Listed App
type: <string>
- key: allowLiveVoicemail
title: Allow Live Voicemail
supportedOS:
iOS:
introduced: '17.2'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables live voicemail on the device.
- key: allowLocalUserCreation
title: Allow creating users in System Settings
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents creating users in System Settings.
- key: allowLockScreenControlCenter
supportedOS:
iOS:
introduced: '7.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents Control Center from appearing on the Lock
Screen.
- key: allowLockScreenNotificationsView
supportedOS:
iOS:
introduced: '7.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the Notifications history view on the Lock
Screen, so users can't view past notifications. However, they can still see notifications
when they arrive.
- key: allowLockScreenTodayView
supportedOS:
iOS:
introduced: '7.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the Today view in Notification Center on
the Lock Screen.
- key: allowMailPrivacyProtection
supportedOS:
iOS:
introduced: '15.2'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Mail Privacy Protection on the device.
- key: allowMailSmartReplies
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables smart replies in Mail.
- key: allowMailSummary
supportedOS:
iOS:
introduced: '18.1'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.1'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables the ability to create summaries of email messages
manually. This doesn't affect automatic summary generation.
- key: allowManagedAppsCloudSync
title: Allow iCloud Sync for Managed Apps
supportedOS:
iOS:
introduced: '8.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents managed apps from using iCloud sync.
- key: allowManagedToWriteUnmanagedContacts
title: Allow managed apps to write to managed contacts accounts
supportedOS:
iOS:
introduced: '12.0'
allowmanualinstall: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
allowmanualinstall: false
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: |-
If `true`, the system allows managed apps to write contacts to unmanaged accounts. If `allowOpenFromManagedToUnmanaged` is `true`, this restriction has no effect.
> Important:
> Use MDM to install profiles that contain this restriction.
- key: allowMarketplaceAppInstallation
title: Allow App Installation from alternative marketplaces
supportedOS:
iOS:
introduced: '17.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents installation of alternative marketplace
apps from the web and prevents any installed alternative marketplace apps from
installing apps.
- key: allowMediaSharingModification
title: Allow modifying Media Sharing setting
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '15.1'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, prevents modification of Media Sharing settings.
- key: allowMultiplayerGaming
title: Allow Multiplayer Gaming
supportedOS:
iOS:
introduced: '4.1'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prohibits multiplayer gaming.
- key: allowMusicService
title: Allow Apple Music
supportedOS:
iOS:
introduced: '9.3'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.12'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the Music service, and the Music app reverts
to classic mode.
- key: allowNews
title: Allow use of News
supportedOS:
iOS:
introduced: '9.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables News.
- key: allowNFC
supportedOS:
iOS:
introduced: '14.2'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables NFC.
- key: allowNotesTranscription
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables transcription in Notes.
- key: allowNotesTranscriptionSummary
supportedOS:
iOS:
introduced: '18.3'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.3'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables transcription summarization in Notes.
- key: allowNotificationsModification
title: Allow Modifying Notifications Settings
supportedOS:
iOS:
introduced: '9.3'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables modification of notification settings.
- key: allowOpenFromManagedToUnmanaged
title: Enable allow open from managed to unmanaged
supportedOS:
iOS:
introduced: '7.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, documents in managed apps and accounts open only in other managed
apps and accounts.
- key: allowOpenFromUnmanagedToManaged
title: Enable allow open from unmanaged to managed
supportedOS:
iOS:
introduced: '7.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, documents in unmanaged apps and accounts open only in other
unmanaged apps and accounts.
- key: allowOTAPKIUpdates
supportedOS:
iOS:
introduced: '7.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables over-the-air PKI updates. Setting this
restriction to `false` doesn't disable CRL and OCSP checks.
- key: allowPairedWatch
title: Allow Pairing With Apple Watch
supportedOS:
iOS:
introduced: '9.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables pairing with an Apple Watch, and the system
unpairs any currently paired Apple Watch and erases its content.
- key: allowPassbookWhileLocked
title: Allow Wallet While Locked
supportedOS:
iOS:
introduced: '6.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system hides Passbook notifications from the Lock Screen.
- key: allowPasscodeModification
title: Allow Modifying Passcode
supportedOS:
iOS:
introduced: '9.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents adding, changing, or removing the passcode.
The system ignores this restriction on Shared iPad.
- key: allowPasswordAutoFill
supportedOS:
iOS:
introduced: '12.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.14'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: |-
If `false`, the system disables:
- The AutoFill Passwords feature in iOS, with Keychain and third-party password managers
- Prompting the user to use a saved password in Safari or in apps
- Automatic strong passwords
- Suggesting strong passwords to users
However, if `false`, the system doesn't prevent AutoFill for contact info and credit cards in Safari.
- key: allowPasswordProximityRequests
supportedOS:
iOS:
introduced: '12.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.14'
userenrollment:
mode: forbidden
tvOS:
introduced: '12.0'
deprecated: '17.4'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables requesting passwords from nearby devices.
- key: allowPasswordSharing
supportedOS:
iOS:
introduced: '12.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.14'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables sharing passwords with the AirDrop passwords
feature, or with the Passwords app.
- key: allowPersonalHotspotModification
title: Allow modifying Personal Hotspot settings
supportedOS:
iOS:
introduced: '12.2'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables modifications of the personal hotspot setting.
- key: allowPersonalizedHandwritingResults
title: Allow personalized handwriting results
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If false, prevents the system from generating text in the user's handwriting.
- key: allowPhotoStream
title: Allow Photo Stream
supportedOS:
iOS:
introduced: '5.0'
deprecated: '17.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Photo Stream.
- key: allowPodcasts
supportedOS:
iOS:
introduced: '8.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables podcasts.
- key: allowPredictiveKeyboard
title: Allow Predictive Keyboard
supportedOS:
iOS:
introduced: 8.1.3
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables predictive keyboards.
- key: allowPrinterSharingModification
title: Allow modifying Printer Sharing setting
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modifying Printer Sharing settings in System
Settings.
- key: allowProximitySetupToNewDevice
supportedOS:
iOS:
introduced: '11.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables the prompt to set up new devices that are nearby.
- key: allowRadioService
title: Allow iTunes Radio
supportedOS:
iOS:
introduced: '9.3'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Apple Music Radio.
- key: allowRapidSecurityResponseInstallation
title: Allow Background Security Improvement Installation
supportedOS:
iOS:
introduced: '16.0'
deprecated: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '13.0'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prohibits installation of Background Security Improvements.
- key: allowRapidSecurityResponseRemoval
title: Allow Background Security Improvement Removal
supportedOS:
iOS:
introduced: '16.0'
deprecated: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '13.0'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prohibits removal of Background Security Improvements.
- key: allowRCSMessaging
supportedOS:
iOS:
introduced: '18.1'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, prevents the use of RCS messaging.
- key: allowRemoteAppleEventsModification
title: Allow modifying Remote Apple Events Sharing setting
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modifying Remote Apple Events Sharing settings
in System Settings.
- key: allowRemoteAppPairing
title: Allow pairing with Remote app
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: n/a
tvOS:
introduced: '10.2'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables pairing Apple TV for use with the Control
Center widget.
- key: allowRemoteScreenObservation
title: Allow Remote Screen Observation
supportedOS:
iOS:
introduced: '9.3'
macOS:
introduced: 10.14.4
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables remote screen observation by the Classroom
app. Nest this key beneath `allowScreenShot` as a subrestriction. If `allowScreenShot`
is `false`, the Classroom app doesn't observe remote screens. Requires a supervised
device until iOS 13 and macOS 10.15. Allowed for user enrollments in macOS 12
and later.
- key: allowSafari
title: Allow use of Safari
supportedOS:
iOS:
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the Safari web browser app, and the system
removes its icon from the Home Screen. This setting also prevents users from opening
web clips. Requires a supervised device in iOS 13 and later.
- key: allowSafariHistoryClearing
supportedOS:
iOS:
introduced: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '26.0'
devicechannel: true
userchannel: true
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '26.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the ability to clear browsing history in
Safari.
- key: allowSafariPrivateBrowsing
supportedOS:
iOS:
introduced: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '26.0'
devicechannel: true
userchannel: true
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '26.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the ability to use private browsing in
Safari.
- key: allowSafariSummary
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the ability to summarize content in Safari.
- key: allowSatelliteConnection
title: Allow use of satellite connectivity
supportedOS:
iOS:
introduced: '18.2'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prohibits the connection to and use of satellite
services.
- key: allowScreenShot
title: Allow Screenshots and Screen Recording
supportedOS:
iOS:
introduced: '3.1'
macOS:
introduced: 10.14.4
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables saving a screenshot of the display and
capturing a screen recording. It also disables the Classroom app from observing
remote screens.
- key: allowSharedDeviceTemporarySession
supportedOS:
iOS:
introduced: '13.4'
supervised: true
sharedipad:
mode: required
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system makes temporary sessions unavailable on Shared iPad.
- key: allowSharedStream
title: Allow Shared Stream
supportedOS:
iOS:
introduced: '6.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Shared Photo Stream. Support for this restriction
on unsupervised devices is deprecated.
- key: allowSpellCheck
title: Allow Spell Check
supportedOS:
iOS:
introduced: 8.1.3
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the keyboard spell checker.
- key: allowSpotlightInternetResults
title: Allow Siri Suggestions
supportedOS:
iOS:
introduced: '8.0'
userenrollment:
mode: forbidden
macOS:
introduced: '10.11'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Spotlight Internet search results in Siri
Suggestions. Support for this restriction on unsupervised devices is deprecated.
- key: allowStartupDiskModification
title: Allow modifying Startup Disk settings
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modification of Startup Disk settings in
System Settings.
- key: allowSystemAppRemoval
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables the removal of system apps from the device.
- key: allowTimeMachineBackup
title: Allow modifying Time Machine settings
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '14.0'
userchannel: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents modification of Time Machine settings in
System Settings. This restriction is not supported on the user channel.
- key: allowUIAppInstallation
title: Allow App Installation from App Store
supportedOS:
iOS:
introduced: '9.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
supervised: true
type: <boolean>
presence: optional
default: true
content: |-
If `false`, the system disables the App Store and removes its icon from the Home Screen. However, users can continue to install or update their apps either locally (via Configurator, Xcode, and so forth), or using alternative marketplace apps.
In iOS 10 and later, MDM commands can override this restriction.
- key: allowUIConfigurationProfileInstallation
title: Allow UI Configuration Profile Installation
supportedOS:
iOS:
introduced: '6.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '13.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prohibits the user from installing configuration
profiles and certificates interactively.
- key: allowUniversalControl
title: Allow Universal Control
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '13.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables Universal Control.
- key: allowUnmanagedToReadManagedContacts
title: Allow unmanaged apps to read managed contacts accounts
supportedOS:
iOS:
introduced: '12.0'
allowmanualinstall: false
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
allowmanualinstall: false
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: |-
If `true`, the system allows unmanaged apps to read from managed contacts accounts. If `allowOpenFromManagedToUnmanaged` is `true`, this restriction has no effect.
> Important:
> Use MDM to install profiles that contain this restriction.
- key: allowUnpairedExternalBootToRecovery
supportedOS:
iOS:
introduced: '14.5'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system allows unpaired devices to boot devices into recovery.
- key: allowUntrustedTLSPrompt
title: Allow user to accept untrusted TLS certificates
supportedOS:
iOS:
introduced: '5.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '1.1'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system automatically rejects untrusted HTTPS certificates
without prompting the user.
- key: allowUSBRestrictedMode
supportedOS:
iOS:
introduced: 11.4.1
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '13.0'
userchannel: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system allows iOS devices to always connect to USB accessories
while locked. In macOS, allows new USB and Thunderbolt accessories, and SD cards
to connect without authorization. If the system has Lockdown mode enabled, it
ignores this value. This restriction is not supported on the user channel.
- key: allowVideoConferencing
title: Allow Video Conferencing
supportedOS:
iOS:
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system hides the FaceTime app. Requires a supervised device
in iOS 13 and later.
- key: allowVideoConferencingRemoteControl
title: Allow Video Conferencing Remote Control
supportedOS:
iOS:
introduced: '18.4'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables the ability for a remote FaceTime session to request
control of the device.
- key: allowVisualIntelligenceSummary
title: Allow Visual Intelligence Summary
supportedOS:
iOS:
introduced: '18.3'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables visual intelligence summarization.
- key: allowVoiceDialing
title: Allow Voice Dialing While Device is Locked
supportedOS:
iOS:
deprecated: '17.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system disables voice dialing if the device is locked with
a passcode.
- key: allowVPNCreation
title: Allow Adding VPN Configurations (Supervised devices only)
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system allows only managed apps to create VPN configurations.
Prior to iOS 18, the system also allows unmanaged apps to create VPN configurations.
- key: allowWallpaperModification
title: Allow Modifying Wallpaper
supportedOS:
iOS:
introduced: '9.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents changing the wallpaper.
- key: allowWebDistributionAppInstallation
title: Allow App Installation from web sites
supportedOS:
iOS:
introduced: '17.5'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the device prevents installation of apps directly from the
web.
- key: allowWritingTools
title: Allow writing tools
supportedOS:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, disables Apple Intelligence writing tools.
- key: autonomousSingleAppModePermittedAppIDs
supportedOS:
iOS:
introduced: '7.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: If present, the system allows apps identified by the bundle IDs listed
in the array to autonomously enter Single App Mode.
subkeys:
- key: appAutonomousSingleAppModePermittedID
title: Apps allow list for Autonomous Single App Mode
type: <string>
- key: blacklistedAppBundleIDs
title: Blacklisted Apps
supportedOS:
iOS:
introduced: '9.3'
deprecated: '15.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: '11.0'
deprecated: '15.0'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: Use `blockedAppBundleIDs` instead.
subkeys:
- key: appBlacklistedBundleID
title: Blacklisted App
type: <string>
- key: blockedAppBundleIDs
title: Blocked Apps
supportedOS:
iOS:
introduced: '15.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: '15.0'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: |-
If present, the system prevents showing or launching apps with bundle IDs in the array. Include the value `com.apple.webapp` to restrict all webclips. This applies to App Store apps, marketplace apps, and locally installed apps (using Configurator, Xcode, and so forth).
> Note:
> Denying system apps may disable other functionality. For example, denying the App Store app may prevent users from accepting the terms and conditions for the user-based Volume Purchase Program (VPP).
subkeys:
- key: appBlockedBundleID
title: Blocked App
type: <string>
- key: deniedICCIDsForiMessageFaceTime
supportedOS:
iOS:
introduced: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: An array of strings representing ICCIDs of cellular plans. The device prevents
use of any matching cellular networks in iMessage and FaceTime. The array must
contain no more than 4 ICCID strings.
subkeys:
- key: deniedICCIDForiMessageFaceTime
title: Denied ICCID for iMessage and FaceTime
type: <string>
content: An ICCID.
- key: deniedICCIDsForRCS
supportedOS:
iOS:
introduced: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: An array of strings representing ICCIDs of cellular plans. The device prevents
use of any matching cellular networks with RCS messaging. The array must contain
no more than 4 ICCID strings.
subkeys:
- key: deniedICCIDForRCS
title: Denied ICCID for RCS
type: <string>
content: An ICCID.
- key: enforcedFingerprintTimeout
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '12.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
default: 172800
content: The value, in seconds, after which the fingerprint unlock requires a password
to authenticate. The default value is 48 hours.
- key: enforcedSoftwareUpdateDelay
supportedOS:
iOS:
introduced: '11.3'
deprecated: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: 10.13.4
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '12.2'
deprecated: '26.0'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
range:
min: 1
max: 90
default: 30
content: How many days to delay a software update on the device. With this restriction
in place, the user doesn't see a software update until the specified number of
days after the software update release date. The restrictions `forceDelayedAppSoftwareUpdates`
and `forceDelayedSoftwareUpdates` use this value.
- key: enforcedSoftwareUpdateMajorOSDeferredInstallDelay
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '11.3'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
range:
min: 1
max: 90
default: 30
content: This restriction allows the administrator to set the number of days to
delay a major software upgrade on the device. When this restriction is in place,
the user sees a software upgrade only after the specified delay after the release
of the software upgrade. This value controls the delay for `forceDelayedMajorSoftwareUpdates`.
- key: enforcedSoftwareUpdateMinorOSDeferredInstallDelay
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '11.3'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
range:
min: 1
max: 90
default: 30
content: This restriction allows the administrator to set the number of days to
delay a minor OS software update on the device. When this restriction is in place,
the user sees a software update only after the specified delay after the release
of the software update. This value controls the delay for `forceDelayedSoftwareUpdates`.
- key: enforcedSoftwareUpdateNonOSDeferredInstallDelay
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '11.3'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
range:
min: 1
max: 90
default: 30
content: This restriction allows the administrator to set the number of days to
delay an app software update on the device. When this restriction is in place,
the user sees a non-OS software update only after the specified delay after the
release of the software. This value controls the delay for `forceDelayedAppSoftwareUpdates`.
- key: forceAirDropUnmanaged
title: Treat AirDrop as Unmanaged Destination
supportedOS:
iOS:
introduced: '9.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system considers AirDrop to be an unmanaged drop target.
- key: forceAirPlayIncomingRequestsPairingPassword
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system forces all devices sending AirPlay requests to this
device to use a pairing password. This key isn't supported in tvOS 10.2 and later.
Use the AirPlay Security Payload instead.
- key: forceAirPlayOutgoingRequestsPairingPassword
supportedOS:
iOS:
introduced: '7.1'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system forces all devices receiving AirPlay requests from
this device to use a pairing password.
- key: forceAirPrintTrustedTLSRequirement
title: Disallow AirPrint to destinations with untrusted certificates
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system requires trusted certificates for TLS printing communication.
- key: forceAssistantProfanityFilter
title: Enable Siri Profanity Filter
supportedOS:
iOS:
introduced: '5.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system forces the use of the profanity filter for Siri and
dictation. Requires a supervised device in iOS.
- key: forceAuthenticationBeforeAutoFill
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the user needs to authenticate before the system can autofill
passwords or credit card information in Safari and apps. If this restriction isn't
enforced, the user can toggle this feature in Settings. Only supported on devices
with Face ID or Touch ID.
- key: forceAutomaticDateAndTime
supportedOS:
iOS:
introduced: '12.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: '12.2'
supervised: true
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables the Set Automatically feature in Date & Time
and the user can't disable it. The system updates the device's time zone only
when the device can determine its location using a cellular connection or Wi-Fi
with location services enabled.
- key: forceBypassScreenCaptureAlert
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '15.1'
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, then the system bypasses the presentation of a screen capture
alert.
- key: forceClassroomAutomaticallyJoinClasses
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: 10.14.4
supervised: true
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system automatically gives permission to the teacher's requests
without prompting the student.
- key: forceClassroomRequestPermissionToLeaveClasses
supportedOS:
iOS:
introduced: '11.3'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: 10.14.4
supervised: true
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, a student enrolled in an unmanaged course through Classroom
needs to request permission from the teacher to leave the course.
- key: forceClassroomUnpromptedAppAndDeviceLock
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: 10.14.4
supervised: true
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system allows the teacher to lock apps or the device without
prompting the student.
- key: forceClassroomUnpromptedScreenObservation
supportedOS:
iOS:
introduced: '11.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: 10.14.4
supervised: true
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true` and `ScreenObservationPermissionModificationAllowed` is also
`true` in the Education payload, a student enrolled in a managed course through
the Classroom app automatically gives permission to that course teacher's requests
to observe the student's screen without prompting the student.
- key: forceDelayedAppSoftwareUpdates
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '11.0'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system delays user visibility of non-OS software updates.
Control visibility of operating system updates through `forceDelayedSoftwareUpdates`.
The delay is 30 days unless you set `enforcedSoftwareUpdateDelay` to another value.
- key: forceDelayedMajorSoftwareUpdates
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '11.3'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system delays user visibility of major OS updates.
- key: forceDelayedSoftwareUpdates
supportedOS:
iOS:
introduced: '11.3'
deprecated: '26.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
deprecated: '26.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '12.2'
deprecated: '26.0'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system delays user visibility of software updates. In macOS,
the system allows seed build updates without delay. The delay is 30 days unless
you set `enforcedSoftwareUpdateDelay` to another value.
- key: forceEncryptedBackup
title: Force Encrypted Backups
supportedOS:
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system encrypts all backups.
- key: forceITunesStorePasswordEntry
title: Require iTunes password for all purchases
supportedOS:
iOS:
introduced: '6.0'
deprecated: '17.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system forces the user to enter their iTunes password for
each transaction.
- key: forceLimitAdTracking
supportedOS:
iOS:
introduced: '7.0'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system limits ad tracking. Additionally, it disables app
tracking and the Allow Apps to Request to Track setting.
- key: forceOnDeviceOnlyDictation
supportedOS:
iOS:
introduced: '14.5'
macOS:
introduced: '14.0'
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
type: <boolean>
presence: optional
default: false
content: If `true`, the system disables connections to Siri servers for the purposes
of dictation.
- key: forceOnDeviceOnlyTranslation
supportedOS:
iOS:
introduced: '15.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the device can't connect to Siri servers for the purposes of
translation.
- key: forcePreserveESIMOnErase
title: Force Preserve ESIM on Erase
supportedOS:
iOS:
introduced: '17.2'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: |-
If `true`, the system preserves eSIM when it erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset.
> Note:
> The system doesn't preserve eSIM if Find My initiates erasing the device.
- key: forceWatchWristDetection
title: Force Apple Watch Wrist Detection
supportedOS:
iOS:
introduced: '8.2'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system forces a paired Apple Watch to use Wrist Detection.
- key: forceWiFiPowerOn
title: Disallow Wi-Fi from being turned off
supportedOS:
iOS:
introduced: '13.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system prevents turning off Wi-Fi in Settings or Control
Center, even by entering or leaving Airplane Mode. It doesn't prevent selecting
which Wi-Fi network to use. and later.
- key: forceWiFiToAllowedNetworksOnly
supportedOS:
iOS:
introduced: '14.5'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system limits the device to only join Wi-Fi networks set
up through a configuration profile.
- key: forceWiFiWhitelisting
title: Only join Wi-Fi networks installed by profiles
supportedOS:
iOS:
introduced: '10.3'
deprecated: '14.5'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: Use `forceWiFiToAllowedNetworksOnly` instead.
- key: ratingApps
title: Apps Ranking Number
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '11.3'
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
range:
min: 0
max: 1000
default: 1000
content: |-
The maximum level of app content allowed on the device. Preinstalled (first-party) apps ignore this restriction.
Possible values, with the U.S. description of the rating level:
- `1000`: All
- `600`: 17+
- `300`: 12+
- `200`: 9+
- `100`: 4+
- `0`: None
Age bands and the number of discrete age values vary by region, but the values are consistent across regions. For example, in a region that defines rating level 14+, its value is guaranteed to be larger than 300 (12+) and smaller than 600 (17+). Also, the value of rating level 15+ is guaranteed to be larger than the assigned value of rating level 14+. For more information about age ratings, see [Age ratings values and definitions](https://developer.apple.com/help/app-store-connect/reference/age-ratings-values-and-definitions).
Examples of values in other regions include:
- `1000`: All
- `621`: 21+
- `620`: 20+
- `619`: 19+
- `618`: 18+
- `600`: 17+
- `416`: 16+
- `415`: 15+
- `314`: 14+
- `313`: 13+
- `300`: 12+
- `211`: 11+
- `210`: 10+
- `200`: 9+
- `108`: 8+
- `107`: 7+
- `106`: 6+
- `105`: 5+
- `100`: 4+
- `3`: 3+
- `2`: 2+
- `1`: 1+
- `0`: None
This restriction will require supervision in a future release.
- key: ratingAppsExemptedBundleIDs
title: Apps Exempted from Rating Restrictions
supportedOS:
iOS:
introduced: '26.1'
allowmanualinstall: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: If present, the system exempts apps with bundle IDs in the array from age-based
rating restrictions. The system uses intersection combine rules to combine multiple
payloads and any exceptions that parental control apps provide, including ScreenTime.
subkeys:
- key: ratingAppsExemptedBundleID
title: Exempted App
type: <string>
- key: ratingMovies
title: Movies Ranking Number
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '11.3'
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
range:
min: 0
max: 1000
default: 1000
content: |-
The maximum level of movie content allowed on the device. Support for this restriction on unsupervised devices is deprecated.
Possible values, with the U.S. description of the rating level:
- `1000`: All
- `500`: NC-17
- `400`: R
- `300`: PG-13
- `200`: PG
- `100`: G
- `0`: None
- key: ratingRegion
title: Region Code
supportedOS:
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <string>
presence: optional
rangelist:
- us
- au
- ca
- de
- fr
- ie
- jp
- nz
- gb
content: The two-letter key that profile tools use to display the proper ratings
for the given region. The client doesn't recognize or report this data.
- key: ratingTVShows
title: TV Shows Ranking Number
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: '15.0'
userenrollment:
mode: forbidden
tvOS:
introduced: '11.3'
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <integer>
presence: optional
range:
min: 0
max: 1000
default: 1000
content: |-
The maximum level of TV content allowed on the device. Support for this restriction on unsupervised devices is deprecated.
Possible values, with the U.S. description of the rating level:
- `1000`: All
- `600`: TV-MA
- `500`: TV-14
- `400`: TV-PG
- `300`: TV-G
- `200`: TV-Y7
- `100`: TV-Y
- `0`: None
- key: requireManagedPasteboard
supportedOS:
iOS:
introduced: '15.0'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, copy-and-paste functionality is limited by the `allowOpenFromManagedToUnmanaged`
and `allowOpenFromUnmanagedToManaged` restrictions.
- key: safariAcceptCookies
title: Accept Cookies in Safari
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <real>
presence: optional
rangelist:
- 0.0
- 1.0
- 1.5
- 2.0
default: 2.0
content: |-
Defines the conditions under which the device accepts cookies. The user-facing settings changed in iOS 11, although the possible values remain the same. Support for this restriction on unsupervised devices is deprecated. Allowed values:
- `0`: Enables Prevent Cross-Site Tracking and Block All Cookies, and the user canʼt disable either setting.
- `1` or `1.5`: Enables Prevent Cross-Site Tracking, and the user canʼt disable it. Doesn't enable Block All Cookies, but the user can enable it.
- `2`: Enables Prevent Cross-Site Tracking, but doesn't enable Block All Cookies. The user can toggle either setting.
- key: safariAllowAutoFill
title: Allow AutoFill in Safari
supportedOS:
iOS:
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.13'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: |-
If `false`, the system disables Safari AutoFill for passwords, contact info, and credit cards, and also prevents using the Keychain for AutoFill. Requires a supervised device in iOS 13 and later.
> Note:
> The system still allows third-party password managers, and apps can use AutoFill.
- key: safariAllowJavaScript
title: Allow JavaScript
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, Safari doesn't execute JavaScript. This restriction will require
supervision in a future release.
- key: safariAllowPopups
title: Allow Pop-ups
supportedOS:
iOS:
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, Safari doesn't allow pop-up windows. Support for this restriction
on unsupervised devices is deprecated.
- key: safariForceFraudWarning
title: Enable Fraud Warning
supportedOS:
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables Safari fraud warning.
- key: whitelistedAppBundleIDs
title: Whitelisted Apps
supportedOS:
iOS:
introduced: '9.3'
deprecated: '15.0'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: '11.0'
deprecated: '15.0'
supervised: true
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: Use `allowListedAppBundleIDs` instead.
subkeys:
- key: appWhitelistedBundleID
title: Whitelisted App
type: <string>
notes:
- title: ''
content: |-
> Important:
> The system allows multiple Restrictions payloads. However, don't attempt to manage the same restriction in different payloads. Doing so results in unexpected behavior.
Reference in New Issue View Git Blame Copy Permalink