The payload for configuring restrictions on a device.
Technologies
- iOS 4.0+
- macOS 10.7+
- tvOS 9.0+
Properties
allow Account Modification
boolean
If false
, disables account modification. Requires a supervised device. Available in iOS 7 and later.
allow Activity Continuation
boolean
If false
, disables activity continuation. Available in iOS 8 and later, and macOS 10.15 and later.
allow Adding Game Center Friends
boolean
If false
, prohibits adding friends to Game Center. As of iOS 13, requires a supervised device. Available in iOS 4.2.1 and later, and macOS 10.13 and later.
allow Air Drop
boolean
If false
, disables AirDrop. Requires a supervised device. Available in iOS 7 and later, and macOS 10.13 and later.
allow Air Play Incoming Requests
boolean
If false
, disables incoming AirPlay requests. Requires a supervised device. Available in tvOS 10.2 and later.
allow Air Print
boolean
If false
, disables AirPrint. Requires a supervised device. Available in iOS 11 and later.
allow Air Print Credentials Storage
boolean
If false
, disables keychain storage of user name and password for AirPrint. Requires a supervised device. Available in iOS 11 and later.
allow Air Printi Beacon Discovery
boolean
If false
, disables iBeacon discovery of AirPrint printers, which prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Requires a supervised device. Available in iOS 11 and later.
allow App Cellular Data Modification
boolean
If false
, disables changing settings for cellular data usage for apps. Requires a supervised device. Available in iOS 7 and later.
allow App Installation
boolean
If false
, disables the App Store, and its icon is removed from the Home screen. Users are unable to install or update their apps. In iOS 10 and later, MDM commands can override this restriction. As of iOS 13, this restriction requires a supervised device. Available in iOS 4 and later.
allow App Removal
boolean
If false
, disables removal of apps from an iOS device. Requires a supervised device. Available in iOS 4.2.1 and later.
allow Assistant
boolean
If false
, disables Siri. Available in iOS 5 and later. Also available for user enrollment.
allow Assistant User Generated Content
boolean
If false
, prevents Siri from querying user-generated content from the web. Requires a supervised device. Available in iOS 7 and later.
allow Assistant While Locked
boolean
If false
, disables Siri when the device is locked. This restriction is ignored if the device doesn't have a passcode set. Available in iOS 5.1 and later. Also available for user enrollment.
allow Auto Correction
boolean
If false
, disables keyboard autocorrection. Requires a supervised device. Available in iOS 8.1.3 and later.
allow Automatic App Downloads
boolean
If false
, prevents automatic downloading of apps purchased on other devices. This setting doesn't affect updates to existing apps. Requires a supervised device. Available in iOS 9 and later.
allow Auto Unlock
boolean
If false
, disallows auto unlock. Available in macOS 10.12 and later.
allow Bluetooth Modification
boolean
If false
, prevents modification of Bluetooth settings. Requires a supervised device. Available in iOS 11 and later.
allow Bookstore
boolean
If false
, disables Apple Books. Requires a supervised device. Available in iOS 6 and later.
allow Bookstore Erotica
boolean
If false
, the user can't download Apple Books media that is tagged as erotica. Available in iOS 6 and later, and tvOS 11.3 and later.
allow Camera
boolean
If false
, disables the camera, and its icon is removed from the Home screen. Users are unable to take photographs. As of iOS 13, requires a supervised device. Available in iOS 4 and later, and macOS 10.11 and later.
allow Cellular Plan Modification
boolean
If false
, users can't change any settings related to their cellular plan. Requires a supervised device. Available in iOS 11 and later.
allow Chat
boolean
If false
, disables the use of the Messages app with supervised devices. Requires a supervised device. Available in iOS 5 and later.
allow Cloud Address Book
boolean
If false
, disables iCloud Address Book services. Available in macOS 10.12 and later.
allow Cloud Backup
boolean
If false
, disables backing up the device to iCloud. As of iOS 13, requires a supervised device. Available in iOS 5 and later.
allow Cloud Bookmarks
boolean
If false
, disables iCloud Bookmark sync. Available in macOS 10.12 and later.
allow Cloud Calendar
boolean
If false
, disables iCloud Calendar services. Available in macOS 10.12 and later.
allow Cloud Desktop And Documents
boolean
If false
, disables cloud desktop and document services. Available in macOS 10.12.4 and later.
allow Cloud Document Sync
boolean
If false
, disables document and key-value syncing to iCloud. As of iOS 13, this restriction requires a supervised device. Available in iOS 5 and later, and macOS 10.11 and later.
allow Cloud Keychain Sync
boolean
If false
, disables iCloud keychain synchronization. This restriction is deprecated on unsupervised devices and will be supervised only in a future release. Available in iOS 7 and later, and macOS 10.12 and later.
allow Cloud Mail
boolean
If false
, disables iCloud Mail services. Available in macOS 10.12 and later.
allow Cloud Notes
boolean
If false
, disables iCloud Notes services. Available in macOS 10.12 and later.
allow Cloud Photo Library
boolean
If false
, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device are removed from local storage. Available in iOS 9 and later, and macOS 10.12 and later.
allow Cloud Reminders
boolean
If false
, disables iCloud Reminder services. Available in macOS 10.12 and later.
allow Content Caching
boolean
If false
, disables content caching. As of 10.13.4 this is included in the content caching payload. Available in macOS 10.13 and later.
allow Continuous Path Keyboard
boolean
If false
, disables QuickPath keyboard. Requires a supervised device. Available in iOS 13 and later.
allow Definition Lookup
boolean
If false
, disables definition lookup. Requires a supervised device. Available in iOS 8.1.3 and later.
allow Device Name Modification
boolean
If false
, prevents the device name from being changed. Requires a supervised device. Available in iOS 9 and later, and tvOS 11.0 and later.
allow Device Sleep
boolean
If false
, prevents device from sleeping. Requires a supervised device. Available in tvOS 13 and later.
allow Diagnostic Submission
boolean
If false
, prevents the device from automatically submitting diagnostic reports to Apple. Available in iOS 6 and later, and macOS 10.13 and later. Also available for user enrollment.
allow Diagnostic Submission Modification
boolean
If false
, disables changing the diagnostic submission and app analytics settings in the Diagnostics & Usage UI in Settings. Requires a supervised device. Available in iOS 9.3.2 and later.
allow Dictation
boolean
If false
, disallows dictation input. Requires a supervised device. Available in iOS 10.3 and later, and macOS 10.13 and later.
allow Enabling Restrictions
boolean
If false
, disables the "Enable Restrictions" option in the Restrictions UI in Settings.
In iOS 12 or later, if false
, disables the "Enable ScreenTime" option in the ScreenTime UI in Settings and disables ScreenTime if already enabled. Requires a supervised device. Available in iOS 8 and later.
allow Enterprise App Trust
boolean
If false
, removes the Trust Enterprise Developer button in Settings > General > Profiles & Device Management, preventing apps from being provisioned by universal provisioning profiles. This restriction applies to free developer accounts. However, it doesn't apply to enterprise app developers who are trusted because their apps were pushed through MDM. It also doesn't revoke previously granted trust. Available in iOS 9 and later.
allow Enterprise Book Backup
boolean
If false
, disables backup of Enterprise books. Available in iOS 8 and later. Also available for user enrollment.
allow Enterprise Book Metadata Sync
boolean
If false
, disables sync of Enterprise books, notes, and highlights. Available in iOS 8 and later. Also available for user enrollment.
allow Erase Content And Settings
boolean
If false
, disables the Erase All Content And Settings option in the Reset UI. Requires a supervised device. Available in iOS 8 and later.
allow ESIMModification
boolean
If false
, disables modifications to the eSIM setting. Requires a supervised device. Available in iOS 12.1 and later.
allow Explicit Content
boolean
If false
, hides explicit music or video content purchased from the iTunes Store. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store. As of iOS 13, requires a supervised device. Available in iOS 4 and later, and tvOS 11.3 and later.
allow Files Network Drive Access
boolean
If false
, prevents connecting to network drives in the Files app. Available in iOS 13.0 and later.
allow Files USBDrive Access
boolean
If false
, prevents connecting to any connected USB devices in the Files app. Available in iOS 13.0 and later.
allow Find My Device
boolean
If false
, disables Find My Device in the Find My app. Requires a supervised device. Available in iOS 13 and later.
allow Find My Friends
boolean
If false
, disables Find My Friends in the Find My app. Requires a supervised device. Available in iOS 13 and later.
allow Find My Friends Modification
boolean
If false
, disables changes to Find My Friends. Requires a supervised device. Available in iOS 7 and later.
allow Fingerprint For Unlock
boolean
If false
, prevents Touch ID or Face ID from unlocking a device. Available in iOS 7 and later, and macOS 10.12.4 and later.
allow Fingerprint Modification
boolean
If false
, prevents the user from modifying Touch ID or Face ID. Requires a supervised device. Available in iOS 8.3 and later.
allow Game Center
boolean
If false
, disables Game Center, and its icon is removed from the Home screen. Requires a supervised device. Available in iOS 6 and later, and macOS 10.13 and later.
allow Global Background Fetch When Roaming
boolean
If false
, disables global background fetch activity when an iOS phone is roaming. Available in iOS 4 and later.
allow Host Pairing
boolean
If false
, disables host pairing with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled. Host pairing lets the administrator control which devices an iOS 7 device can pair with. Requires a supervised device. Available in iOS 7 and later.
allow In App Purchases
boolean
If false
, prohibits in-app purchasing. Available in iOS 4 and later.
allowi Tunes
boolean
If false
, disables the iTunes Music Store, and its icon is removed from the Home screen. Users cannot preview, purchase, or download content.
As of iOS 13, requires a supervised device. Available in iOS 4 and later.
allowi Tunes File Sharing
boolean
If false
, disables iTunes file sharing services. Available in macOS 10.13 and later.
allow Keyboard Shortcuts
boolean
If false
, disables keyboard shortcuts. Requires a supervised device. Available in iOS 9 and later.
allow Lock Screen Control Center
boolean
If false
, prevents Control Center from appearing on the Lock screen. Available in iOS 7 and later. Also available for user enrollment.
allow Lock Screen Notifications View
boolean
If false
, disables the Notifications history view on the lock screen, so users can't view past notifications. However, they can still see notifications when they arrive. Available in iOS 7 and later. Also available for user enrollment.
allow Lock Screen Today View
boolean
If false
, disables the Today view in Notification Center on the lock screen. Available in iOS 7 and later. Also available for user enrollment.
allow Managed Apps Cloud Sync
boolean
If false
, prevents managed apps from using iCloud sync. Available in iOS 8 and later. Also available for user enrollment.
allow Managed To Write Unmanaged Contacts
boolean
If true
, managed apps can write contacts to unmanaged contacts accounts. If allow
is true
, this restriction has no effect. If this restriction is set to true
, you must install the payload through MDM. Available in iOS 12 and later.
allow Multiplayer Gaming
boolean
If false
, prohibits multiplayer gaming. Requires a supervised device. Available in iOS 4.1 and later, and macOS 10.13 and later.
allow Music Service
boolean
If false
, disables the Music service, and the Music app reverts to classic mode. Requires a supervised device. Available in iOS 9.3 and later, and macOS 10.12 and later.
allow News
boolean
If false
, disables News. Requires a supervised device. Available in iOS 9 and later.
allow Notifications Modification
boolean
If false
, disables modification of notification settings. Requires a supervised device. Available in iOS 9.3 and later.
allow Open From Managed To Unmanaged
boolean
If false
, documents in managed apps and accounts only open in other managed apps and accounts. Available in iOS 7 and later. Also available for user enrollment.
allow Open From Unmanaged To Managed
boolean
If false
, documents in unmanaged apps and accounts only open in other unmanaged apps and accounts. Available in iOS 7 and later. Also available for user enrollment.
allow OTAPKIUpdates
boolean
If false
, disables over-the-air PKI updates. Setting this restriction to false
doesn't disable CRL and OCSP checks. Available in iOS 7 and later.
allow Paired Watch
boolean
If false
, disables pairing with an Apple Watch. Any currently paired Apple Watch is unpaired and the watch's content is erased. Requires a supervised device. Available in iOS 9 and later.
allow Passbook While Locked
boolean
If false
, hides Passbook notifications from the lock screen. Available in iOS 6 and later.
allow Passcode Modification
boolean
If false
, prevents the device passcode from being added, changed, or removed.
This restriction is ignored by Shared iPads. Requires a supervised device. Available in iOS 9 and later, and macOS 10.13 and later.
allow Password Auto Fill
boolean
If false
, disables the AutoFill Passwords feature in iOS and the user isn't prompted to use a saved password in Safari or in apps. This restriction also disables Automatic Strong Passwords, and strong passwords are no longer suggested to users. Requires a supervised device. Available in iOS 12 and later, and macOS 10.14 and later.
allow Password Proximity Requests
boolean
If false
, disables requesting passwords from nearby devices. Requires a supervised device. Available in iOS 12 and later, macOS 10.14 and later, and tvOS 12 and later.
allow Password Sharing
boolean
If false
, disables sharing passwords with the Airdrop Passwords feature. Requires a supervised device. Available in iOS 12 and later, and macOS 10.14 and later.
allow Personal Hotspot Modification
boolean
If false
, disables modifications of the personal hotspot setting. Requires a supervised device. Available in iOS 12.2 and later.
allow Photo Stream
boolean
If false
, disables Photo Stream. Available in iOS 5 and later.
allow Podcasts
boolean
If false
, disables podcasts. Requires a supervised device. Available in iOS 8 and later.
allow Predictive Keyboard
boolean
If false
, disables predictive keyboards. Requires a supervised device. Available in iOS 8.1.3 and later.
allow Proximity Setup To New Device
boolean
If false
, disables the prompt to set up new devices that are nearby. Requires a supervised device. Available in iOS 11 and later.
allow Radio Service
boolean
If false
, disables Apple Music Radio. Requires a supervised device. Available in iOS 9.3 and later.
allow Remote App Pairing
boolean
If false
, disables pairing Apple TV for use with the Remote app or Control Center widget. Requires a supervised device. Available in tvOS 10.2 and later.
allow Remote Screen Observation
boolean
If false
, disables remote screen observation by the Classroom app. Nest this key beneath allow
as a subrestriction. If allow
is set to false
, the Classroom app doesn't observe remote screens. Required a supervised device until iOS 13 and macOS 10.15. Available in iOS 12 and later, and macOS 10.14.4 and later.
allow Safari
boolean
If false
, disables the Safari web browser app, and its icon is removed from the Home screen. This setting also prevents users from opening web clips. As of iOS 13, requires a supervised device. Available in iOS 4 and later.
allow Screen Shot
boolean
If false
, disables saving a screenshot of the display and capturing a screen recording. It also disables the Classroom app from observing remote screens. Available in iOS 4 and later, and macOS 10.14.4 and later. Also available for user enrollment.
allow Shared Stream
boolean
If false
, disables Shared Photo Stream. Available in iOS 6 and later.
allow Spell Check
boolean
If false
, disables keyboard spell-check. Requires a supervised device. Available in iOS 8.1.3 and later.
allow Spotlight Internet Results
boolean
If false
, disables Spotlight Internet search results. Available in iOS 8 and later, and macOS 10.11 and later.
allow System App Removal
boolean
If false
, disables the removal of system apps from the device. Requires a supervised device. Available in iOS 11 and later.
allow UIApp Installation
boolean
If false
, disables the App Store, and its icon is removed from the Home screen. However, users may continue to use host apps (iTunes, Configurator) to install or update their apps.
In iOS 10 and later, MDM commands can override this restriction. Requires a supervised device. Available in iOS 9 and later.
allow UIConfiguration Profile Installation
boolean
If false
, prohibits the user from installing configuration profiles and certificates interactively. Requires a supervised device. Available in iOS 6 and later.
allow Unmanaged To Read Managed Contacts
boolean
If true
, unmanaged apps can read from managed contacts accounts. If allow
is true
, this restriction has no effect. If this restriction is set to true
, you must install the payload through MDM. Available in iOS 12 and later. Also available for user enrollment.
allow Untrusted TLSPrompt
boolean
If false
, automatically rejects untrusted HTTPS certificates without prompting the user. Available in iOS 5 and later.
allow USBRestricted Mode
boolean
If false
, allows the device to always connect to USB accessories while locked. Requires a supervised device. Available in iOS 11.4.1 and later.
allow Video Conferencing
boolean
If false
, hides the FaceTime app. As of iOS 13, requires a supervised device. Available in iOS 4 and later.
allow Voice Dialing
boolean
If false
, disables voice dialing if the device is locked with a passcode. Available in iOS 4 and later.
allow VPNCreation
boolean
If false
, disables the creation of VPN configurations. Requires a supervised device. Available in iOS 11 and later.
allow Wallpaper Modification
boolean
If false
, prevents wallpaper from being changed. Requires a supervised device. Available in iOS 9 and later, and macOS 10.13 and later.
autonomous Single App Mode Permitted App IDs
[string]
If present, allows apps identified by the bundle IDs listed in the array to autonomously enter Single App Mode. Requires a supervised device. Available in iOS 7 and later.
blacklisted App Bundle IDs
[string]
If present, prevents bundle IDs listed in the array from being shown or launchable. Include the value com
to blacklist all webclips. Requires a supervised device. Available in iOS 9.3 and later, and tvOS 11.0 and later.
enforced Software Update Delay
integer
Sets how many days to delay a software update on the device. With this restriction in place, the user doesn't see a software update until the specified number of days after the software update release date. Requires a supervised device. Available in iOS 11.3 and later, macOS 10.13.4 and later, and tvOS 12.2 and later.
force Air Drop Unmanaged
boolean
If true
, causes AirDrop to be considered an unmanaged drop target. Available in iOS 9 and later. Also available for user enrollment.
force Air Play Incoming Requests Pairing Password
boolean
If true
, forces all devices sending AirPlay requests to this device to use a pairing password. Available in Apple TV Software 6.2 and later. This key isn't supported in tvOS 10.2 and later. Use the AirPlay Security Payload instead.
force Air Play Outgoing Requests Pairing Password
boolean
If true
, forces all devices receiving AirPlay requests from this device to use a pairing password. Available in iOS 7.1 and later. Also available for user enrollment.
force Air Print Trusted TLSRequirement
boolean
If true
, requires trusted certificates for TLS printing communication. Requires a supervised device. Available in iOS 11 and later.
force Assistant Profanity Filter
boolean
If true
, forces the use of the profanity filter assistant. Requires a supervised device. Available in iOS 11 and later.
force Authentication Before Auto Fill
boolean
If true
, the user must authenticate before passwords or credit card information can be autofilled in Safari and Apps. If this restriction isn't enforced, the user can toggle this feature in Settings. Only supported on devices with Face ID or Touch ID. Requires a supervised device. Available in iOS 11 and later.
force Automatic Date And Time
boolean
If true
, enables the Set Automatically feature in Date & Time and can't be disabled by the user. The device's time zone is updated only when the device can determine its location using a cellular connection or Wi-Fi with location services enabled. Requires a supervised device. Available in iOS 12 and later, and tvOS 12.2 and later.
force Classroom Automatically Join Classes
boolean
If true
, automatically gives permission to the teacher's requests without prompting the student. Requires a supervised device. Available in iOS 11 and later, and macOS 10.14.4 and later.
force Classroom Request Permission To Leave Classes
boolean
If true
, a student enrolled in an unmanaged course through Classroom requests permission from the teacher when attempting to leave the course. Requires a supervised device. Available in iOS 11.3 and later, and macOS 10.14.4 and later.
force Classroom Unprompted App And Device Lock
boolean
If true
, allows the teacher to lock apps or the device without prompting the student. Requires a supervised device. Available in iOS 11 and later, and macOS 10.14.4 and later.
force Classroom Unprompted Screen Observation
boolean
If true
and Screen
is also true
in the Education payload, a student enrolled in a managed course via the Classroom app automatically gives permission to that course teacher's requests to observe the student's screen without prompting the student. Requires a supervised device. Available in iOS 11 and later, and macOS 10.14.4 and later.
force Delayed Software Updates
boolean
If true
, delays user visibility of software updates. In macOS, seed build updates are allowed, without delay. Requires a supervised device. Available in iOS 11.3 and later, macOS 10.13 and later, and tvOS 12.2 and later.
force Encrypted Backup
boolean
If true
, encrypts all backups. Available in iOS 4 and later. Also available for user enrollment.
force ITunes Store Password Entry
boolean
If true
, forces the user to enter their iTunes password for each transaction. Available in iOS 6 and later.
force Limit Ad Tracking
boolean
If true
, limits ad tracking. Available in iOS 7 and later.
force Watch Wrist Detection
boolean
If true
, forces a paired Apple Watch to use Wrist Detection. Available in iOS 8.2 and later. Also available for user enrollment.
force Wi Fi Power On
boolean
If false
, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use. Available in iOS 13.0 and later.
force Wi Fi Whitelisting
boolean
If true
, the device can join Wi-Fi networks only if they were set up through a configuration profile. Requires a supervised device. Available in iOS 10.3 and later.
rating Apps
integer
The maximum level of app content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later.
Possible values (with the US description of the rating level):
1000: All
600: 17+
300: 12+
200: 9+
100: 4+
0: None
rating Movies
integer
The maximum level of movie content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later.
Possible values (with the US description of the rating level):
1000: All
500: NC-17
400: R
300: PG-13
200: PG
100: G
0: None
rating Region
string
The two-letter key that profile tools use to display the proper ratings for the given region. This data is not recognized or reported by the client.
rating TVShows
integer
The maximum level of TV content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later.
Possible values (with the US description of the rating level):
1000: All
600: TV-MA
500: TV-14
400: TV-PG
300: TV-G
200: TV-Y7
100: TV-Y
0: None
safari Accept Cookies
number
This value defines the conditions under which the device accepts cookies. The user-facing settings changed in iOS 11, although the possible values remain the same. Available in iOS 4 and later.
0
: Prevent Cross-Site Tracking and Block All Cookies are enabled and the user canʼt disable either setting.
1
or 1
: Prevent Cross-Site Tracking is enabled and the user canʼt disable it. Block All Cookies is not enabled, although the user can enable it.
2
: Prevent Cross-Site Tracking is enabled and BlockAll Cookies is not enabled. The user can toggle either setting.
safari Allow Auto Fill
boolean
If false
, disables Safari autofill. As of iOS 13, requires a supervised device. Available in iOS 4 and later, and macOS 10.13 and later.
safari Allow Java Script
boolean
If false
, Safari doesn't execute JavaScript. Available in iOS 4 and later.
safari Allow Popups
boolean
If false
, Safari doesn't allow pop-up windows. Available in iOS 4 and later.
whitelisted App Bundle IDs
[string]
If present, this property allows only bundle IDs listed in the array to be shown or launchable. Include the value com
to whitelist all webclips. Requires a supervised device. Available in iOS 9.3 and later, and tvOS 11.0 and later.
safari Force Fraud Warning
boolean
If true
, enables Safari fraud warning. Available in iOS 4 and later. Also available for user enrollment.
Discussion
Specify com
as the payload type.
Profile Availability
Device Channel | iOS, macOS, Shared iPad, tvOS |
User Channel | macOS, Shared iPad |
Allow Manual Install | iOS, macOS, tvOS |
Requires Supervision | - |
Requires User Approved MDM | - |
Allowed in User Enrollment | iOS |
Allow Multiple Payloads | iOS, macOS, Shared iPad, tvOS |