Restrictions

If  false, disables account modification. Requires a supervised device. Available in iOS 7 and later.

If false, disables activity continuation. Available in iOS 8 and later, and macOS 10.15 and later.

If false, prohibits adding friends to Game Center. As of iOS 13, requires a supervised device. Available in iOS 4.2.1 and later, and macOS 10.13 and later.

If false, disables AirDrop. Requires a supervised device. Available in iOS 7 and later, and macOS 10.13 and later.

If false, disables incoming AirPlay requests. Requires a supervised device. Available in tvOS 10.2 and later.

If false, disables AirPrint.  Requires a supervised device. Available in iOS 11 and later.

If false, disables keychain storage of user name and password for AirPrint. Requires a supervised device. Available in iOS 11 and later.

If false, disables iBeacon discovery of AirPrint printers, which prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Requires a supervised device. Available in iOS 11 and later.

If false, disables changing settings for cellular data usage for apps. Requires a supervised device. Available in iOS 7 and later.

If false, disables the App Store, and its icon is removed from the Home screen. Users are unable to install or update their apps. In iOS 10 and later, MDM commands can override this restriction. As of iOS 13, this restriction requires a supervised device. Available in iOS 4 and later.

If false, disables removal of apps from an iOS device. Requires a supervised device. Available in iOS 4.2.1 and later.

If false, disables Siri. Available in iOS 5 and later. Also available for user enrollment.

If false, prevents Siri from querying user-generated content from the web. Requires a supervised device. Available in iOS 7 and later.

If false, disables Siri when the device is locked. This restriction is ignored if the device doesn't have a passcode set. Available in iOS 5.1 and later. Also available for user enrollment.

If false, disables keyboard autocorrection. Requires a supervised device. Available in iOS 8.1.3 and later.

If false, prevents automatic downloading of apps purchased on other devices. This setting doesn't affect updates to existing apps. Requires a supervised device. Available in iOS 9 and later.

If false, disallows auto unlock. Available in macOS 10.12 and later.

If false, prevents modification of Bluetooth settings. Requires a supervised device. Available in iOS 11 and later.

If false, disables Apple Books. Requires a supervised device. Available in iOS 6 and later.

If false, the user can't download Apple Books media that is tagged as erotica. Available in iOS 6 and later, and tvOS 11.3 and later.

If false, disables the camera, and its icon is removed from the Home screen. Users are unable to take photographs. This restriction is deprecated on unsupervised devices and will be supervised only in a future release.  Available in iOS 4 and later, and macOS 10.11 and later.

If false, users can't change any settings related to their cellular plan. Requires a supervised device. Available in iOS 11 and later.

If false, disables the use of the Messages app with supervised devices. Requires a supervised device. Available in iOS 5 and later.

If false, disables iCloud Address Book services. Available in macOS 10.12 and later.

If false, disables backing up the device to iCloud. This restriction is deprecated on unsupervised devices and will be supervised only in a future release. Available in iOS 5 and later.

If false, disables iCloud Bookmark sync. Available in macOS 10.12 and later.

If false, disables iCloud Calendar services. Available in macOS 10.12 and later.

If false, disables cloud desktop and document services. Available in macOS 10.12.4 and later.

If false, disables document and key-value syncing to iCloud. As of iOS 13, this restriction requires a supervised device. Available in iOS 5 and later, and macOS 10.11 and later.

If false, disables iCloud keychain synchronization. This restriction is deprecated on unsupervised devices and will be supervised only in a future release. Available in iOS 7 and later, and macOS 10.12 and later.

If false, disables iCloud Mail services. Available in macOS 10.12 and later.

If false, disables iCloud Notes services. Available in macOS 10.12 and later.

If false, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device are removed from local storage. Available in iOS 9 and later, and macOS 10.12 and later.

If false, disables iCloud Reminder services. Available in macOS 10.12 and later.

If false, disables content caching. As of 10.13.4 this is included in the content caching payload. Available in macOS 10.13 and later.

If false, disables QuickPath keyboard. Requires a supervised device. Available in iOS 13 and later.

If false, disables definition lookup. Requires a supervised device. Available in iOS 8.1.3 and later.

If false, prevents the device name from being changed. Requires a supervised device. Available in iOS 9 and later, and tvOS 11.0 and later.

If false, prevents device from sleeping. Requires a supervised device. Available in tvOS 13 and later.

If false, prevents the device from automatically submitting diagnostic reports to Apple. Available in iOS 6 and later, and macOS 10.13 and later. Also available for user enrollment.

If false, disables changing the diagnostic submission and app analytics settings in the Diagnostics & Usage UI in Settings. Requires a supervised device. Available in iOS 9.3.2 and later.

If false, disallows dictation input. Requires a supervised device. Available in iOS 10.3 and later, and macOS 10.13 and later.

If false, disables the "Enable Restrictions" option in the Restrictions UI in Settings.

In iOS 12 or later, if false, disables the "Enable ScreenTime" option in the ScreenTime UI in Settings and disables ScreenTime if already enabled. Requires a supervised device. Available in iOS 8 and later.

If false, removes the Trust Enterprise Developer button in Settings > General > Profiles & Device Management, preventing apps from being provisioned by universal provisioning profiles. This restriction applies to free developer accounts. However, it doesn't apply to enterprise app developers who are trusted because their apps were pushed through MDM. It also doesn't revoke previously granted trust. Available in iOS 9 and later.

If false, disables backup of Enterprise books. Available in iOS 8 and later. Also available for user enrollment.

If false, disables sync of Enterprise books, notes, and highlights. Available in iOS 8 and later. Also available for user enrollment.

If false, disables the Erase All Content And Settings option in the Reset UI. Requires a supervised device. Available in iOS 8 and later.

If false, disables modifications to the eSIM setting. Requires a supervised device. Available in iOS 12.1 and later.

If false, hides explicit music or video content purchased from the iTunes Store. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store. As of iOS 13, requires a supervised device. Available in iOS 4 and later, and tvOS 11.3 and later.

If false, prevents connecting to network drives in the Files app. Requires a supervised device. Available in iOS 13.1 and later.

If false, prevents connecting to any connected USB devices in the Files app. Requires a supervised device. Available in iOS 13.1 and later.

If false, disables Find My Device in the Find My app. Requires a supervised device. Available in iOS 13 and later.

If false, disables Find My Friends in the Find My app. Requires a supervised device. Available in iOS 13 and later.

If false, disables changes to Find My Friends. Requires a supervised device. Available in iOS 7 and later.

If false, prevents Touch ID or Face ID from unlocking a device. Available in iOS 7 and later, and macOS 10.12.4 and later.

If false, prevents the user from modifying Touch ID or Face ID. Requires a supervised device. Available in iOS 8.3 and later.

If false, disables Game Center, and its icon is removed from the Home screen. Requires a supervised device. Available in iOS 6 and later, and macOS 10.13 and later.

If false, disables global background fetch activity when an iOS phone is roaming. Available in iOS 4 and later.

If false, disables host pairing with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled. Host pairing lets the administrator control if an iOS device can pair with a host Mac or PC. Requires a supervised device. Available in iOS 7 and later.

If false, prohibits in-app purchasing. Available in iOS 4 and later.

If false, disables the iTunes Music Store, and its icon is removed from the Home screen. Users cannot preview, purchase, or download content.

As of iOS 13, requires a supervised device. Available in iOS 4 and later.

If false, disables iTunes file sharing services. Available in macOS 10.13 and later.

If false, disables keyboard shortcuts. Requires a supervised device. Available in iOS 9 and later.

If false, prevents Control Center from appearing on the Lock screen. Available in iOS 7 and later. Also available for user enrollment.

If false, disables the Notifications history view on the lock screen, so users can't view past notifications. However, they can still see notifications when they arrive. Available in iOS 7 and later. Also available for user enrollment.

If false, disables the Today view in Notification Center on the lock screen. Available in iOS 7 and later. Also available for user enrollment.

If false, prevents managed apps from using iCloud sync. Available in iOS 8 and later. Also available for user enrollment.

If true, managed apps can write contacts to unmanaged contacts accounts. If allowOpenFromManagedToUnmanaged is true, this restriction has no effect. If this restriction is set to true, you must install the payload through MDM. Available in iOS 12 and later.

If false, prohibits multiplayer gaming. Requires a supervised device. Available in iOS 4.1 and later, and macOS 10.13 and later.

If false, disables the Music service, and the Music app reverts to classic mode. Requires a supervised device. Available in iOS 9.3 and later, and macOS 10.12 and later.

If false, disables News. Requires a supervised device. Available in iOS 9 and later.

If false, disables modification of notification settings. Requires a supervised device. Available in iOS 9.3 and later.

If false, documents in managed apps and accounts only open in other managed apps and accounts. Available in iOS 7 and later. Also available for user enrollment.

If false, documents in unmanaged apps and accounts only open in other unmanaged apps and accounts. Available in iOS 7 and later. Also available for user enrollment.

If false, disables over-the-air PKI updates. Setting this restriction to false doesn't disable CRL and OCSP checks.  Available in iOS 7 and later.

If false, disables pairing with an Apple Watch. Any currently paired Apple Watch is unpaired and the watch's content is erased. Requires a supervised device. Available in iOS 9 and later.

If false, hides Passbook notifications from the lock screen. Available in iOS 6 and later.

If false, prevents the device passcode from being added, changed, or removed.

This restriction is ignored by Shared iPads. Requires a supervised device. Available in iOS 9 and later, and macOS 10.13 and later.

If false, disables the AutoFill Passwords feature in iOS (with Keychain and third-party password managers) and the user isn't prompted to use a saved password in Safari or in apps.

This restriction also disables Automatic Strong Passwords, and strong passwords are no longer suggested to users. 

It does not prevent AutoFill for contact info and credit cards in Safari.

Requires a supervised device. Available in iOS 12 and later, and macOS 10.14 and later.

If false, disables requesting passwords from nearby devices. Requires a supervised device. Available in iOS 12 and later, macOS 10.14 and later, and tvOS 12 and later.

If false, disables sharing passwords with the Airdrop Passwords feature. Requires a supervised device. Available in iOS 12 and later, and macOS 10.14 and later.

If false, disables modifications of the personal hotspot setting. Requires a supervised device. Available in iOS 12.2 and later.

If false, disables Photo Stream. Available in iOS 5 and later.

If false, disables podcasts. Requires a supervised device. Available in iOS 8 and later.

If false, disables predictive keyboards. Requires a supervised device. Available in iOS 8.1.3 and later.

If false, disables the prompt to set up new devices that are nearby. Requires a supervised device. Available in iOS 11 and later.

If false, disables Apple Music Radio. Requires a supervised device. Available in iOS 9.3 and later.

If false, disables pairing Apple TV for use with the Remote app or Control Center widget. Requires a supervised device. Available in tvOS 10.2 and later.

If false, disables remote screen observation by the Classroom app. Nest this key beneath allowScreenShot as a subrestriction. If allowScreenShot is set to false, the Classroom app doesn't observe remote screens. Required a supervised device until iOS 13 and macOS 10.15. Available in iOS 12 and later, and macOS 10.14.4 and later.

If false, disables the Safari web browser app, and its icon is removed from the Home screen. This setting also prevents users from opening web clips. As of iOS 13, requires a supervised device. Available in iOS 4 and later.

If false, disables saving a screenshot of the display and capturing a screen recording. It also disables the Classroom app from observing remote screens. Available in iOS 4 and later, and macOS 10.14.4 and later. Also available for user enrollment.

If false, disables Shared Photo Stream. Available in iOS 6 and later.

If false, disables keyboard spell-check. Requires a supervised device. Available in iOS 8.1.3 and later.

If false, disables Spotlight Internet search results in Siri Suggestions. Available in iOS 8 and later, and macOS 10.11 and later.

If false, disables the removal of system apps from the device. Requires a supervised device. Available in iOS 11 and later.

If false, disables the App Store, and its icon is removed from the Home screen. However, users may continue to use host apps (iTunes, Configurator) to install or update their apps.

In iOS 10 and later, MDM commands can override this restriction. Requires a supervised device. Available in iOS 9 and later.

If false, prohibits the user from installing configuration profiles and certificates interactively. Requires a supervised device. Available in iOS 6 and later.

If true, unmanaged apps can read from managed contacts accounts. If allowOpenFromManagedToUnmanaged is true, this restriction has no effect. If this restriction is set to true, you must install the payload through MDM. Available in iOS 12 and later. Also available for user enrollment.

If false, automatically rejects untrusted HTTPS certificates without prompting the user. Available in iOS 5 and later.

If false, allows the device to always connect to USB accessories while locked. Requires a supervised device. Available in iOS 11.4.1 and later.

If false, hides the FaceTime app. As of iOS 13, requires a supervised device. Available in iOS 4 and later.

If false, disables voice dialing if the device is locked with a passcode. Available in iOS 4 and later.

If false, disables the creation of VPN configurations. Requires a supervised device. Available in iOS 11 and later.

If false, prevents wallpaper from being changed. Requires a supervised device. Available in iOS 9 and later, and macOS 10.13 and later.

If present, allows apps identified by the bundle IDs listed in the array to autonomously enter Single App Mode. Requires a supervised device. Available in iOS 7 and later.

If present, prevents bundle IDs listed in the array from being shown or launchable. Include the value com.apple.webapp to blacklist all webclips. Requires a supervised device. Available in iOS 9.3 and later, and tvOS 11.0 and later.

Sets how many days to delay a software update on the device. With this restriction in place, the user doesn't see a software update until the specified number of days after the software update release date. Requires a supervised device. Available in iOS 11.3 and later, macOS 10.13.4 and later, and tvOS 12.2 and later.

If true, causes AirDrop to be considered an unmanaged drop target. Available in iOS 9 and later. Also available for user enrollment.

If true, forces all devices sending AirPlay requests to this device to use a pairing password. Available in Apple TV Software 6.2 and later. This key isn't supported in tvOS 10.2 and later. Use the AirPlay Security Payload instead.

If true, forces all devices receiving AirPlay requests from this device to use a pairing password. Available in iOS 7.1 and later. Also available for user enrollment.

If true, requires trusted certificates for TLS printing communication. Requires a supervised device. Available in iOS 11 and later.

If true, forces the use of the profanity filter assistant. Requires a supervised device. Available in iOS 11 and later.

If true, the user must authenticate before passwords or credit card information can be autofilled in Safari and Apps. If this restriction isn't enforced, the user can toggle this feature in Settings. Only supported on devices with Face ID or Touch ID. Requires a supervised device. Available in iOS 11 and later.

If true, enables the Set Automatically feature in Date & Time and can't be disabled by the user.  The device's time zone is updated only when the device can determine its location using a cellular connection or Wi-Fi with location services enabled. Requires a supervised device. Available in iOS 12 and later, and tvOS 12.2 and later.

If true, automatically gives permission to the teacher's requests without prompting the student. Requires a supervised device. Available in iOS 11 and later, and macOS 10.14.4 and later.

If true, a student enrolled in an unmanaged course through Classroom requests permission from the teacher when attempting to leave the course. Requires a supervised device. Available in iOS 11.3 and later, and macOS 10.14.4 and later.

If true, allows the teacher to lock apps or the device without prompting the student. Requires a supervised device. Available in iOS 11 and later, and macOS 10.14.4 and later.

If true and ScreenObservationPermissionModificationAllowed is also true in the Education payload, a student enrolled in a managed course via the Classroom app automatically gives permission to that course teacher's requests to observe the student's screen without prompting the student. Requires a supervised device. Available in iOS 11 and later, and macOS 10.14.4 and later.

If true, delays user visibility of software updates. In macOS, seed build updates are allowed, without delay. Requires a supervised device. Available in iOS 11.3 and later, macOS 10.13 and later, and tvOS 12.2 and later.

If true, encrypts all backups. Available in iOS 4 and later. Also available for user enrollment.

If true, forces the user to enter their iTunes password for each transaction. Available in iOS 6 and later.

If true, limits ad tracking. Available in iOS 7 and later.

If true, forces a paired Apple Watch to use Wrist Detection. Available in iOS 8.2 and later. Also available for user enrollment.

If true, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use. Requires a supervised device. Available in iOS 13.0 and later.

If true, the device can join Wi-Fi networks only if they were set up through a configuration profile. Requires a supervised device. Available in iOS 10.3 and later.

The maximum level of app content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later.

Possible values (with the US description of the rating level):

• 1000: All

• 600: 17+

• 300: 12+

• 200: 9+

• 100: 4+

• 0: None

The maximum level of movie content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later.

Possible values (with the US description of the rating level):

• 1000: All

• 500: NC-17

• 400: R

• 300: PG-13

• 200: PG

• 100: G

• 0: None 

The two-letter key that profile tools use to display the proper ratings for the given region. This data is not recognized or reported by the client.

The maximum level of TV content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later.

Possible values (with the US description of the rating level):

• 1000: All

• 600: TV-MA

• 500: TV-14

• 400: TV-PG

• 300: TV-G

• 200: TV-Y7

• 100: TV-Y

• 0: None 

This value defines the conditions under which the device accepts cookies. The user-facing settings changed in iOS 11, although the possible values remain the same. Available in iOS 4 and later.

0: Prevent Cross-Site Tracking and Block All Cookies are enabled and the user canʼt disable either setting. 


1 or 1.5: Prevent Cross-Site Tracking is enabled and the user canʼt disable it. Block All Cookies is not enabled, although the user can enable it. 


2: Prevent Cross-Site Tracking is enabled and BlockAll Cookies is not enabled. The user can toggle either setting.

If false, disables Safari AutoFill for passwords, contact info, and credit cards and also prevents the Keychain from being used for AutoFill. Though third-party password managers are allowed and apps can use AutoFill.

As of iOS 13, requires a supervised device. Available in iOS 4 and later, and macOS 10.13 and later.

If false, Safari doesn't execute JavaScript. Available in iOS 4 and later.

If false, Safari doesn't allow pop-up windows. Available in iOS 4 and later.

If true, enables Safari fraud warning. Available in iOS 4 and later. Also available for user enrollment.

If present, this property allows only bundle IDs listed in the array to be shown or launchable. Include the value com.apple.webapp to whitelist all webclips. Requires a supervised device. Available in iOS 9.3 and later, and tvOS 11.0 and later.