Feature Control (Phone)

Use this dialog box to configure individual device features.

Some feature control options are available only on certain operating systems.

Windows Phone 8.0: WP8.0

Windows Phone 8.1: WP8.1

Windows 10 Mobile: WP10

Hardware

Feature Control Option Description Compatible OS
Disable NFC Prevent the user from using Near Field Communication. WP8.1, WP10
Disable USB Connection (MTP/IPoUSB) Disable the device from being connected as a Media Transfer Protocol client or IP over USB device through USB. This will block users from being able to transfer files from the device to a computer using USB. WP8.1, WP10
Disable Camera Prevent the user from using the camera on the device. WP8.1, WP10
Disable Location Service Disable any Location Services on the device. This will also block various applications on the device from using Location Services. WP8.1, WP10

Application

Feature Control Option Description Compatible OS
Disable Windows Store Prevent users from installing or updating applications through the Windows Store. WP8.1, WP10
Disable Store Application Automatic Update Disable automatic update of apps from Windows Store. WP10

Cellular Data and Roaming

Feature Control Option Description Compatible OS
Disable VPN Roaming Over Cellular Do not allow users to enable VPN while the device is roaming. WP8.1, WP10
Disable VPN Over Cellular Do not allow users to enable VPN while the device is on a cellular data network. WP8.1, WP10
Disable Cellular Data Roaming Prevent the user from using cellular data while the device is roaming. WP8.1, WP10

WiFi

Feature Control Option Description Compatible OS
Disable WiFi Prevent the device from connecting to a WiFi network, and disable WiFi. WP8.1, WP10
Disable Manual WiFi Configurations Prevent users from manually configuring WiFi configurations on their device. WP8.1, WP10
Disable WiFi Hotspot Reporting Disable WiFi hotspot information from being reported to Microsoft. WP8.1
Disable Auto Connect to WiFi Sense Hotspots Prevent the device from auto connecting to WiFi hotspots. WP8.1, WP10

Bluetooth

Feature Control Option Description Compatible OS
Disable Bluetooth Prevent the user from enabling Bluetooth. WP8.1, WP10

Data Protection

Feature Control Option Description Compatible OS
Telemetry Data Restriction Level Defines the level of telemetry information (such as SQM, Watson) the device can send.

Allow – all available data will be sent.

Disable – feature is disabled (no data will be sent).

Disable Secondary Requests – third-party applications will not be able to send this data.

 WP8.1, WP10
Disable Copy/Paste Disable copy/paste functionality on the device. WP8.1, WP10
Disable Manual Installation of Root Cert Prevent users from manually installing root certificates on the device. WP8.1, WP10
Disable Developer Unlock Prevent the device from undergoing a developer unlock. WP8.1, WP10
Disable Browser Disable the default browser on the device. WP8.1, WP10
Disable Screen Capture Disable screen capture functionality on the device. WP8.1, WP10
Enable Internal Storage Encryption Enable encryption on internal storage of the device.
Note: Once encryption is enabled, it cannot be disabled via policy. It can only be removed through a factory reset of the device.
 WP8.0, WP8.1, WP10
Disable SD Card Access Disable access to the SD card directory. ALL
Disable Internet Sharing Over WiFi Disables the device from being able to share Internet and becoming a WiFi hotspot. WP8.1, WP10
Disable Direct Memory Access Disable Direct Memory Access. WP10
Disable File Decryption by Users Disable user file decryption. WP10

Device Account

Feature Control Option Description Compatible OS
Disable Microsoft Account Connection Prevent users from connecting their devices to a Microsoft Account. WP8.1, WP10
Disable Adding Non-Microsoft Accounts Manually Prevent users from connecting their devices to a non-Microsoft Account manually. WP8.1, WP10

Search

Feature Control Option Description Compatible OS
Disable Search to Use Location Prevent the Bing search from using location services on the device. WP8.1
Safe Search Type Enable safe search on the device. This setting prevents adult content from appearing in search results.

User Controlled – Allow the user to select safe search restrictions.

Moderate – Moderate filtering against adult content (valid search results will not be filtered).

Strict – Highest filtering against adult content.

 WP8.1, WP10

Device Lock

Feature Control Option Description Compatible OS
Disable Idle Return without Password Require the user to input the password every time the device is returning from idle state. (Requires the device password to be enabled.) WP8.1, WP10
Disable Action Center Notifications Prevent Windows Action Center from displaying notifications on the device. WP8.1, WP10

Experience

Feature Control Option Description Compatible OS
Disable Voice Recording Disable access to the voice recorder on the phone. WP8.1, WP10
Disable Syncing of Settings Disable the syncing of settings between this device and other devices. WP8.1, WP10
Disable Cortana Disable Cortana (personal digital assistant) on the device. WP8.1, WP10
Allow Manual MDM Unenrollment Allow the user to unenroll the device. WP8.1, WP10
Disable Device Discovery on Lock Screen Disable the device discovery user interface on the lock screen. WP10

System

Feature Control Option Description Compatible OS
Disable Factory Reset Prevent the user from performing a hard reset (factory reset) on the device. WP8.1, WP10
Restrict Telemetry Data (WP 8.1) Determines the amount of diagnostic and usage telemetry data sent to Microsoft. Choose one of the following levels:
  • Allow: Allows telemetry
  • Disable: Does not allow telemetry
  • Disable Secondary Requests: Allows telemetry except from secondary data request
 WP 8.1
Restrict Telemetry Data Determines the amount of diagnostic and usage telemetry data sent to Microsoft. Choose one of the following levels:
  • Security: Sends only data required to keep Windows secure
  • Basic: Sends basic data such as device information, app compatibility and usage data and data from the Security level
  • Enhanced: Sends security and basic data plus additional insights such as how Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data
  • Full: Sends all data necessary to identify and solve issues plus data from the Security, Basic and Enhanced data levels.

Levels are listed in order of least to most data sent.

 WP 10
Disable Location Service Determines the status of Location Services on the device. Applications on the device will be blocked from using Location Services. Choose an option from the dropdown list:
  • User Controlled: Device user can switch location services on or off.
  • Enabled: Location services are enabled and device user cannot disable them.
  • Disabled: All location services are disabled and no applications can access location information. Device user cannot enable them.
 WP 8.1, WP 10
Disable SD Card Access Prevents device user from accessing data on SD card. WP 8.0, WP 8.1, WP 10
Disable Windows Preview Builds Prevents device user from downloading and installing Windows preview software. WP 10
Disable Embedded Mode Prevents device user from entering Embedded Mode. WP 10
Allow Microsoft Experimentation Allows Microsoft to conduct full experimentation to study user preferences or device behavior. WP 10 (version 1703 or later)
Disable Font Providers Prevents device user from downloading fonts and font catalog data from online font providers. WP 10 (version 1703 or later)
Disable Factory Reset Removes the ability to factory reset the device from the device user. WP 10
Telemetry Proxy Specifies a proxy server through which to forward Connected User Experiences and Telemetry requests. Enter the fully qualified domain name (FQDN) or IP address of a proxy server. The format for this setting is server:port. The connection is made over a Secure Sockets Layer (SSL) connection.

If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.

 WP 10

Settings

Feature Control Option Description Compatible OS
Disable Data Sense Settings Disallow the user to change Data Sense settings. WP10
Disable Date Time Settings Disallow the user to change date/time settings. WP10
Disable VPN Settings Disallow the user to change VPN settings. WP10
Disable Account Settings Disallow the user to change account settings. WP10

Update

Feature Control Option Description Compatible OS
Phone Update Restrictions Set the Windows Embedded Handheld Phone Update Restriction.
  • Never Check: updates are not checked
  • Automatic Install: installs updates automatically
  • Check updates: checks for updates but lets user choose when to download and install them
  • Download updates: downloads updates but lets user choose when to install them
 WP8.1
Auto Update Settings Allow the IT administrator to manage automatic update behavior to scan, download, and install updates.
  • Notify User: Notify the user before downloading the update. This policy is used by enterprises that want to enable end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
  • Install and Notify: Auto install the update and then notify the user to schedule a restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the computer is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart is forced. Enabling the end-user to control the restart time reduces the risk of accidental app data loss caused by apps that do not shutdown properly on restart.
  • Install and Restart: Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the computer is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental app data loss caused by apps that do not shutdown properly on restart.
  • Install and Restart at Specific Time: Auto install and restart at a specified time. The IT administrator specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
  • Install and Restart Without User Control: Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the computer is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. It sets the end-user control panel to read-only.
  • No Auto Updates: Turn off automatic updates.
 WP10
Disable Non-Microsoft Signed Update Disallow the IT administrator to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third-party software and patch distribution. Supported operations are Get and Replace. WP10
Disable Update Service Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Windows Store. Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store. Enabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.
Note: This policy applies only when the desktop or device is configured to connect to an intranet update service using the Custom Update WSUS server URL policy.
 WP10
Scheduled Install Time (0-23 hours) Enable the IT administrator to schedule the time of the update installation. WP10
Custom Update WSUS Server URL The URL of a custom update WSUS server. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. WP10
Scheduled Install Day Enable the IT administrator to schedule the day of the update installation. WP10

Security

Feature Control Option Description Compatible OS
Disable Adding Provisioning Package Specifies whether to allow the runtime configuration agent to install provisioning packages. WP10
Disable Removing Provisioning Package Specifies whether to allow the runtime configuration agent to remove provisioning packages. WP10
Disable Required Provisioning Package Signature Specifies whether provisioning packages must have a certificate signed by a device trusted authority. WP10