Restrictions

Introduction

The following is an overview of the available iOS/iPadOS restrictions in Relution 5.28.3. Please note the additional information at the individual configuration points in Relution, such as supervised , User Enreollment, deprecated, deprecated on non-supervised Devices, as well as the min. OS version such as iOS 16+

Device

  • Allow in-app purchases
    • If disabled, in-app purchases cannot be used
  • Force App Store password for all purchases
    • If enabled, the iTunes password must be entered for each transaction.
  • Allow trusting of enterprise apps
    • If disabled, the ‘Trust Enterprise Developer’ button under ‘Settings -> General -> Profile & Device Management’ will disappear; this protects apps from being deployed by Universal Provisioning Profiles. This restriction applies to free developer accounts, but not to enterprise app developers who are trusted because their apps have been pushed via MDM. Likewise, revocation of a previously granted trust is not possible.
  • Allow apps to use cellular data
    • When disabled, apps are not allowed to use cellular data.
  • Allow Spotlight web searches
    • When disabled, Spotlight no longer displays Internet search results.
  • Allow installation of apps
    • If disabled, the App Store cannot be used and the icon is removed from the home screen. The user is not able to install or update applications.
  • Allow uninstalling apps
    • If disabled, apps cannot be uninstalled on the iOS device.
  • Allow spelling correction
    • If disabled, words will not be corrected when entering text.
  • Allow predictive text input
    • If disabled, words will not be automatically completed when entering text.
  • Allow autocorrect
    • If disabled, autocorrect is not available when entering text.
  • Allow App Store
    • If the App Store is blocked, the icon is removed from the home screen. Users can still install and update apps via iTunes or the Configurator.
  • Allow automatic app downloads
    • Automatic downloads of apps purchased on other devices. Does not affect updates to existing apps.
  • Allow dictation
    • If disabled, dictation is not available.
  • Allow removal of system apps
    • If disabled, removal of system apps is not allowed.
  • Enforce authentication before autofill
    • If disabled, the user does not have to authenticate before passwords or credit card information are automatically filled in Safari or other apps. When this restriction is disabled, the user can toggle this feature in Settings. Only supported on devices with Face ID or Touch ID.
  • Allow autofill passwords
    • When this setting is disabled, users cannot use the Autofill Passwords feature and will not be prompted to use a stored password in Safari and other apps. In addition, strong passwords are automatically disabled and not suggested to users.
  • Allow Touch ID or Face ID changes
    • When this option is disabled, the system prevents the user from changing Touch ID or Face ID.
  • Allow App Clips
    • If disabled, all existing app clips on the device will be removed.
  • Allow ‘Find My Device’
    • If disabled, the ‘Find My Device’ option in the ‘Find My’ app will not be available

  • Allow changes to ‘Find My Friends’

  • Allow ‘Find My Friends’
    • If disabled, the ‘Find My Friends’ option will not be available in the ‘Where is?’ app
  • Allow installation of alternative app marketplaces
    • If disabled, the system will prevent the installation of alternative app marketplaces from the internet and prevent installed alternative app marketplaces from installing apps.

  • Allow installation of apps directly from the web

Apps

Safari

  • Allow Safari
    • If disabled, the Safari app is not available and the icon is hidden from the home screen. In addition, web links on the home screen or from other apps can no longer be opened.
    • Allow Auto-Complete
      • Disables auto-complete in the Safari browser.
    • Force Fraud Warnings
      • When enabled, the display of fraud warnings in Safari is enforced.
    • Allow JavaScript
      • When disabled, Safari will not execute JavaScript.
    • Allow pop-ups
      • When disabled, pop-ups cannot be displayed in Safari.
    • Allow cookies
      • Always
      • Only from sites visited
      • Never

SIRI

  • Allow Siri
    • If disabled, Siri is not available.
    • Allow Siri when device is locked
      • If disabled, the user cannot use Siri while the device is locked. This function is ignored if the device has not set a password.
    • Use Siri word filter
      • If activated, the use of the Siri word filter is enforced.
    • Allow Siri to query user content on the web
      • If disabled, Siri is not allowed to query user content on the web.

Other Apps

  • Protect Mail Activity
    • When enabled, the IP address is hidden and remote content is loaded securely in the background, even if an email is not opened. This makes it more difficult for senders to track email activity.
  • Allow Messages App
    • When disabled, use of the Messages app is disabled.
  • Allow Music Service
    • If disabled, Apple Music cannot be used and the Music app is reset to classic mode.
  • Allow iTunes Store
    • If disabled, the iTunes Music Store is not available and the icon is hidden from the Home screen. In addition, content previews cannot be accessed, purchased or downloaded.
  • Allow Mail Summary
    • Allow manual creation of e-mail messages. This does not affect the automatic generation of summaries.

Managed apps and documents

Restrictions for managed apps and documents

  • Allow opening managed documents in unmanaged apps
    • If disabled, documents from managed apps and accounts cannot be opened in unmanaged apps and accounts. Starting with iOS 11.3, contacts are also included.
    • Allow unmanaged apps to access managed contacts
      • When activated, non-managed apps are allowed to read managed contacts. If “Allow opening managed documents in non-managed apps” is activated, this restriction has no effect.
    • Allow managed apps to write non-managed contacts
      • If enabled, managed apps are allowed to create unmanaged contacts. If “Allow opening managed documents in unmanaged apps” is enabled, this restriction has no effect.
  • Allow opening unmanaged documents in managed apps
    • If disabled, documents from unmanaged apps and accounts cannot be opened in managed apps and accounts.
  • Apply “Open from…” settings to copy and paste
    • When enabled, the “Allow opening of managed documents in unmanaged apps” and “Allow opening of unmanaged documents in managed apps” restrictions can be used to control whether information copied from managed applications can be pasted into unmanaged applications and/or vice versa.
  • Allow managed apps to sync with iCloud
    • When disabled, managed apps are prevented from using iCloud synchronization.
  • Always consider Airdrop destinations as unmanaged
    • When enabled, all Airdrop destinations are always considered unmanaged.

Settings

Restrictions of settings

  • Allow sending diagnostic and usage data to Apple
    • When disabled, the device is prevented from automatically sending diagnostic and usage data to Apple.
  • Allow personalized advertising from Apple
    • Allow personalized advertising from Apple
  • Allow over-the-air PKI updates
    • CRL and OCSP checks are not disabled
  • Allow users to accept untrusted TLS certificates.
    • If disabled, untrusted HTTPS certificates are automatically rejected without first asking the user.
  • Allow screenshots and screen recordings
    • If disabled, screenshots or screen recordings cannot be made. In addition, screen transmission is not available in the Classroom app.
  • Remotely monitor the screen with the Classroom app
  • Allow user to install configuration profiles
    • If disabled, configuration profiles and certificates cannot be installed.
  • Allow setting restrictions and screen time
    • When disabled, the ‘Allow Restrictions’ option in Settings is not available. Also, on iOS 12 or later, turning on Screen > Time is not available and if it is already active, it is disabled.
  • Allow ‘Erase All Content and Settings’
    • When disabled, the ‘Erase All Content and Settings’ option in the Reset menu is hidden.
  • Allow AirPrint credentials storage
    • If disabled, the username and password for AirPrint will not be stored.
  • Require trusted TLS certificate for AirPrint
    • Only allow printer communication with a trusted TLS certificate.
  • Enforce automatic date and time settings
    • When this setting is enabled, the date and time settings are set to “automatic” and cannot be changed by the user. Note: The device’s time zone can only be updated if the device can determine its location (requires a cellular or Wi-Fi connection with location settings).
  • Prohibit turning off Wi-Fi
    • Prevents the Wi-Fi from being switched off, even in flight mode. Switching between Wi-Fi networks is still allowed.
  • Allow QuickPath keyboard
    • Allows writing using swipe gestures (QuickPath).
  • Allow call recording
    • Enables call recording.
  • Allow RCS messaging
    • Enables the use of RCS messaging.
  • Allow External Intelligence Integrations
    • Enables the use of external, cloud-based information services with Siri
  • Allow Signing In to External Intelligence Integrations
    • Disabling this flag puts external information providers in anonymous mode. If a user is already signed in to an external information provider, applying this restriction will sign them out.

Classroom

Classroom Restrictions

  • Allow teacher to lock apps and devices without confirmation via Apple Classroom
    • Allows the teacher to lock devices or an app open on the device without requesting confirmation via Apple Classroom.
  • Enforce automatic class participation
    • When enabled, students will not be prompted to join a class.
  • Require permission to exit Classroom course
    • When enabled, leaving an unmanaged class requires the teacher’s permission.

Media

Restrictions for the media

  • Allow camera
    • If disabled, the camera icon is removed from the home screen and it is no longer possible to take photos or videos in any app.
  • Allow Photo Stream
    • If disabled, Photo Stream cannot be used.
  • Allow sharing of Photo Streams with other users
    • If disabled, the Shared Photo Stream cannot be used.
  • Allow downloads of media marked as erotic content
    • If disabled, the user cannot download books marked as erotic reading from the iBooks Store.
  • Force all devices receiving Airplay requests from this device to use a pairing password When enabled, all devices sending AirPlay requests to this device will be forced to use a pairing password.
  • Allow use of Game Center
    • When disabled, Game Center cannot be used.
    • Allow multiplayer games
    • Allow adding friends to Game Center
  • Allow iBookstore
    • If disabled, the iBooks Store cannot be used.
  • Allow Podcasts
    • If disabled, the Apple Podcasts app cannot be used.
  • Allow News
    • If disabled, the News widget and Apple News will not be displayed.
  • Allow Apple Music Radio
    • If disabled, Apple Music Radio cannot be used.
  • Allow Facetime Video Conferencing
    • If disabled, Facetime video conferencing cannot be used.
  • Do not allow explicit music, podcasts & iTunes U
    • If disabled, explicit music or video content purchased from the iTunes Store will not be displayed. Explicit content is marked as such by the content providers, such as music publishers, when sold through the iTunes Store.

Changes

Restrictions on changes

  • Allow account modifications
    • If disabled, account modifications are not possible in the settings.
  • Allow password changes
    • If disabled, the device password cannot be added, changed or deleted. This restriction is ignored by Shared iPads.
  • Allow changes to the device name
    • If disabled, the device name cannot be changed.
  • Allow changes to wallpaper
    • If disabled, the wallpaper cannot be changed.
  • Allow changes to notification settings
    • If disabled, it is not possible to change the notification settings.
  • Allow changing an app’s diagnostic data transmission
    • If disabled, the settings for sending diagnostic data cannot be changed.
  • Allow changes to Bluetooth settings
    • If disabled, it is not possible to change the Bluetooth settings.
  • Enforce Wi-Fi whitelisting
    • The devices can only join Wi-Fi networks that are defined as a Wi-Fi configuration in the policy.
  • Allow creation of VPN configurations
    • If disabled, it is not possible to create VPN configurations.
  • Allow changes to mobile tariff settings
    • If enabled, users can change settings related to the mobile tariff.
  • Allow changes to personal hotspot
    • Allow changes to personal hotspot settings.

iCloud

iCloud Restrictions

  • Allow iCloud Backup
    • If disabled, iCloud backups of the device are not possible.
  • Allow iCloud Keychain Synchronization
    • If disabled, iCloud Keychain synchronization cannot be used.
  • Allow iCloud Photo Library
    • If disabled, iCloud Photo Library is not available. Photos that have not yet been fully downloaded will be deleted from local storage.
  • Allow iCloud Documents and Data Synchronization
    • If disabled, iCloud Documents and Data Synchronization is not possible.
  • Allow iCloud Private Relay

Lock screen

Lockscreen restrictions

  • Allow Control Center access when device is locked
    • If disabled, Control Center will be prevented from appearing on the lockscreen.
  • Allow notifications in Notification Center when device is locked
    • If disabled, notifications will not appear on the lock screen and you will not be able to open Notification Center while your device is locked.
  • Allow Day View in Notification Center when your device is locked
    • If disabled, Day View is not available in Notification Center while your device is locked.
  • Show Passbook notification when device is locked
    • If disabled, Passbook notifications do not appear on the lock screen.

Data backup and synchronization

Restrictions for backups and synchronization

  • Force encryption of backups
    • Forces encryption to be switched on for backups.
  • Do not back up Enterprise Books
    • If disabled, Enterprise Books are not backed up.
  • Do not synchronize Enterprise Books, Notes and Highlights
    • If disabled, Enterprise Books, Notes and Highlights will not be synchronized.
  • Allow automatic synchronization in roaming mode
    • If disabled, background data retrieval in roaming mode is disabled.

  • Allow transfer of an eSIM to another device

  • Keep eSIM when erasing

Restrictions for AI features

General

  • Allow Genmoji creation

  • Allow image generation

  • Allow Apple Intelligence writing tools

  • Allow use of Image Wand

  • Allow live voicemail

  • Allow generation of text in the user’s handwriting