Restrictions

Introduction

The following is an overview of the available iOS/iPadOS restrictions in Relution 5.28.3. Please note the additional information at the individual configuration points in Relution, such as supervised , User Enreollment, deprecated, deprecated on non-supervised Devices, as well as the min. OS version such as iOS 16+

Device

  • Allow in-app purchases

    If disabled, in-app purchases cannot be used

  • Force App Store password for all purchases

    If enabled, the iTunes password must be entered for each transaction.

  • Allow trusting of enterprise apps

    If disabled, the ‘Trust Enterprise Developer’ button under ‘Settings -> General -> Profile & Device Management’ will disappear; this protects apps from being deployed by Universal Provisioning Profiles. This restriction applies to free developer accounts, but not to enterprise app developers who are trusted because their apps have been pushed via MDM. Likewise, revocation of a previously granted trust is not possible.

  • Allow apps to use cellular data

    When disabled, apps are not allowed to use cellular data.

  • Allow Spotlight web searches

    When disabled, Spotlight no longer displays Internet search results.

  • Allow installation of apps

    If disabled, the App Store cannot be used and the icon is removed from the home screen. The user is not able to install or update applications.

  • Allow uninstalling apps

    If disabled, apps cannot be uninstalled on the iOS device.

  • Allow spelling correction

    If disabled, words will not be corrected when entering text.

  • Allow predictive text input

    If disabled, words will not be automatically completed when entering text.

  • Allow autocorrect

    If disabled, autocorrect is not available when entering text.

  • Allow App Store

    If the App Store is blocked, the icon is removed from the home screen. Users can still install and update apps via iTunes or the Configurator.

  • Allow automatic app downloads

    Automatic downloads of apps purchased on other devices. Does not affect updates to existing apps.

  • Allow dictation

    If disabled, dictation is not available.

  • Allow removal of system apps

    If disabled, removal of system apps is not allowed.

  • Enforce authentication before autofill

    If disabled, the user does not have to authenticate before passwords or credit card information are automatically filled in Safari or other apps. When this restriction is disabled, the user can toggle this feature in Settings. Only supported on devices with Face ID or Touch ID.

  • Allow autofill passwords

    When this setting is disabled, users cannot use the Autofill Passwords feature and will not be prompted to use a stored password in Safari and other apps. In addition, strong passwords are automatically disabled and not suggested to users.

  • Allow Touch ID or Face ID changes

    When this option is disabled, the system prevents the user from changing Touch ID or Face ID.

  • Allow App Clips

    If disabled, all existing app clips on the device will be removed.

  • Allow ‘Find My Device’

    If disabled, the ‘Find My Device’ option in the ‘Find My’ app will not be available

  • Allow changes to ‘Find My Friends’
  • Allow ‘Find My Friends’

    If disabled, the ‘Find My Friends’ option will not be available in the ‘Where is?’ app

  • Allow installation of alternative app marketplaces

    If disabled, the system will prevent the installation of alternative app marketplaces from the internet and prevent installed alternative app marketplaces from installing apps.

  • Allow installation of apps directly from the web

Apps

Safari

  • Allow Safari

    If disabled, the Safari app is not available and the icon is hidden from the home screen. In addition, web links on the home screen or from other apps can no longer be opened.

    • Allow Auto-Complete

      Disables auto-complete in the Safari browser.

    • Force Fraud Warnings

      When enabled, the display of fraud warnings in Safari is enforced.

    • Allow JavaScript

      When disabled, Safari will not execute JavaScript.

    • Allow pop-ups

      When disabled, pop-ups cannot be displayed in Safari.

    • Allow cookies
      • Always
      • Only from sites visited
      • Never

SIRI

  • Allow Siri

    If disabled, Siri is not available.

    • Allow Siri when device is locked

      If disabled, the user cannot use Siri while the device is locked. This function is ignored if the device has not set a password.

    • Use Siri word filter

      If activated, the use of the Siri word filter is enforced.

    • Allow Siri to query user content on the web

      If disabled, Siri is not allowed to query user content on the web.

Other Apps

  • Protect Mail Activity

    When enabled, the IP address is hidden and remote content is loaded securely in the background, even if an email is not opened. This makes it more difficult for senders to track email activity.

  • Allow Messages App

    When disabled, use of the Messages app is disabled.

  • Allow Music Service

    If disabled, Apple Music cannot be used and the Music app is reset to classic mode.

  • Allow iTunes Store

    If disabled, the iTunes Music Store is not available and the icon is hidden from the Home screen. In addition, content previews cannot be accessed, purchased or downloaded.

  • Allow Mail Summary

    Allow manual creation of e-mail messages. This does not affect the automatic generation of summaries.

Managed apps and documents

Restrictions for managed apps and documents

  • Allow opening managed documents in unmanaged apps

    If disabled, documents from managed apps and accounts cannot be opened in unmanaged apps and accounts. Starting with iOS 11.3, contacts are also included.

    • Allow unmanaged apps to access managed contacts

      When activated, non-managed apps are allowed to read managed contacts. If “Allow opening managed documents in non-managed apps” is activated, this restriction has no effect.

    • Allow managed apps to write non-managed contacts

      If enabled, managed apps are allowed to create unmanaged contacts. If “Allow opening managed documents in unmanaged apps” is enabled, this restriction has no effect.

  • Allow opening unmanaged documents in managed apps

    If disabled, documents from unmanaged apps and accounts cannot be opened in managed apps and accounts.

  • Apply “Open from…” settings to copy and paste

    When enabled, the “Allow opening of managed documents in unmanaged apps” and “Allow opening of unmanaged documents in managed apps” restrictions can be used to control whether information copied from managed applications can be pasted into unmanaged applications and/or vice versa.

  • Allow managed apps to sync with iCloud

    When disabled, managed apps are prevented from using iCloud synchronization.

  • Always consider Airdrop destinations as unmanaged

    When enabled, all Airdrop destinations are always considered unmanaged.

Settings

Restrictions of settings

  • Allow sending diagnostic and usage data to Apple

    When disabled, the device is prevented from automatically sending diagnostic and usage data to Apple.

  • Allow personalized advertising from Apple

    Allow personalized advertising from Apple

  • Allow over-the-air PKI updates

    CRL and OCSP checks are not disabled

  • Allow users to accept untrusted TLS certificates.

    If disabled, untrusted HTTPS certificates are automatically rejected without first asking the user.

  • Allow screenshots and screen recordings

    If disabled, screenshots or screen recordings cannot be made. In addition, screen transmission is not available in the Classroom app.

  • Remotely monitor the screen with the Classroom app
  • Allow user to install configuration profiles

    If disabled, configuration profiles and certificates cannot be installed.

  • Allow setting restrictions and screen time

    When disabled, the ‘Allow Restrictions’ option in Settings is not available. Also, on iOS 12 or later, turning on Screen > Time is not available and if it is already active, it is disabled.

  • Allow ‘Erase All Content and Settings’

    When disabled, the ‘Erase All Content and Settings’ option in the Reset menu is hidden.

  • Allow AirPrint credentials storage

    If disabled, the username and password for AirPrint will not be stored.

  • Require trusted TLS certificate for AirPrint

    Only allow printer communication with a trusted TLS certificate.

  • Enforce automatic date and time settings

    When this setting is enabled, the date and time settings are set to “automatic” and cannot be changed by the user. Note: The device’s time zone can only be updated if the device can determine its location (requires a cellular or Wi-Fi connection with location settings).

  • Prohibit turning off Wi-Fi

    Prevents the Wi-Fi from being switched off, even in flight mode. Switching between Wi-Fi networks is still allowed.

  • Allow QuickPath keyboard

    Allows writing using swipe gestures (QuickPath).

  • Allow call recording

    Enables call recording.

  • Allow RCS messaging

    Enables the use of RCS messaging.

  • Allow External Intelligence Integrations

    Enables the use of external, cloud-based information services with Siri

  • Allow Signing In to External Intelligence Integrations

    Disabling this flag puts external information providers in anonymous mode. If a user is already signed in to an external information provider, applying this restriction will sign them out.

Classroom

Classroom Restrictions

  • Allow teacher to lock apps and devices without confirmation via Apple Classroom

    Allows the teacher to lock devices or an app open on the device without requesting confirmation via Apple Classroom.

  • Enforce automatic class participation

    When enabled, students will not be prompted to join a class.

  • Require permission to exit Classroom course

    When enabled, leaving an unmanaged class requires the teacher’s permission.

Media

Restrictions for the media

  • Allow camera

    If disabled, the camera icon is removed from the home screen and it is no longer possible to take photos or videos in any app.

  • Allow Photo Stream

    If disabled, Photo Stream cannot be used.

  • Allow sharing of Photo Streams with other users

    If disabled, the Shared Photo Stream cannot be used.

  • Allow downloads of media marked as erotic content

    If disabled, the user cannot download books marked as erotic reading from the iBooks Store.

  • Force all devices receiving Airplay requests from this device to use a pairing password When enabled, all devices sending AirPlay requests to this device will be forced to use a pairing password.
  • Allow use of Game Center

    When disabled, Game Center cannot be used.

    • Allow multiplayer games
    • Allow adding friends to Game Center
  • Allow iBookstore

    If disabled, the iBooks Store cannot be used.

  • Allow Podcasts

    If disabled, the Apple Podcasts app cannot be used.

  • Allow News

    If disabled, the News widget and Apple News will not be displayed.

  • Allow Apple Music Radio

    If disabled, Apple Music Radio cannot be used.

  • Allow Facetime Video Conferencing

    If disabled, Facetime video conferencing cannot be used.

  • Do not allow explicit music, podcasts & iTunes U

    If disabled, explicit music or video content purchased from the iTunes Store will not be displayed. Explicit content is marked as such by the content providers, such as music publishers, when sold through the iTunes Store.

Changes

Restrictions on changes

  • Allow account modifications

    If disabled, account modifications are not possible in the settings.

  • Allow password changes

    If disabled, the device password cannot be added, changed or deleted. This restriction is ignored by Shared iPads.

  • Allow changes to the device name

    If disabled, the device name cannot be changed.

  • Allow changes to wallpaper

    If disabled, the wallpaper cannot be changed.

  • Allow changes to notification settings

    If disabled, it is not possible to change the notification settings.

  • Allow changing an app’s diagnostic data transmission

    If disabled, the settings for sending diagnostic data cannot be changed.

  • Allow changes to Bluetooth settings

    If disabled, it is not possible to change the Bluetooth settings.

  • Enforce Wi-Fi whitelisting

    The devices can only join Wi-Fi networks that are defined as a Wi-Fi configuration in the policy.

  • Allow creation of VPN configurations

    If disabled, it is not possible to create VPN configurations.

  • Allow changes to mobile tariff settings

    If enabled, users can change settings related to the mobile tariff.

  • Allow changes to personal hotspot

    Allow changes to personal hotspot settings.

iCloud

iCloud Restrictions

  • Allow iCloud Backup

    If disabled, iCloud backups of the device are not possible.

  • Allow iCloud Keychain Synchronization

    If disabled, iCloud Keychain synchronization cannot be used.

  • Allow iCloud Photo Library

    If disabled, iCloud Photo Library is not available. Photos that have not yet been fully downloaded will be deleted from local storage.

  • Allow iCloud Documents and Data Synchronization

    If disabled, iCloud Documents and Data Synchronization is not possible.

  • Allow iCloud Private Relay

Lock screen

Lockscreen restrictions

  • Allow Control Center access when device is locked

    If disabled, Control Center will be prevented from appearing on the lockscreen.

  • Allow notifications in Notification Center when device is locked

    If disabled, notifications will not appear on the lock screen and you will not be able to open Notification Center while your device is locked.

  • Allow Day View in Notification Center when your device is locked

    If disabled, Day View is not available in Notification Center while your device is locked.

  • Show Passbook notification when device is locked

    If disabled, Passbook notifications do not appear on the lock screen.

Data backup and synchronization

Restrictions for backups and synchronization

  • Force encryption of backups

    Forces encryption to be switched on for backups.

  • Do not back up Enterprise Books

    If disabled, Enterprise Books are not backed up.

  • Do not synchronize Enterprise Books, Notes and Highlights

    If disabled, Enterprise Books, Notes and Highlights will not be synchronized.

  • Allow automatic synchronization in roaming mode

    If disabled, background data retrieval in roaming mode is disabled.

  • Allow transfer of an eSIM to another device
  • Keep eSIM when erasing

Restrictions for AI features

General

  • Allow Genmoji creation
  • Allow image generation
  • Allow Apple Intelligence writing tools
  • Allow use of Image Wand
  • Allow live voicemail
  • Allow generation of text in the user’s handwriting