Restrictions (iOS)
For security-conscious organizations and environments where privacy and information security concerns require controlling the unauthorized transfer of mobile data out of the mobile devices, SOTI MobiControl provides various on-device restrictions including the capability to block various device communications, similar to firewall functionality. The Restrictions configuration enables you to selectively disable device features. Applying the configuration at the individual or group level allows custom profiles for different users and locations in an organization. For example, disabling or enabling Bluetooth and infrared ports determines if device users can beam business cards, applications or documents to one another.
Device Functionality
| Disable Use of Camera | Prevents device users from using the Camera app by removing it from the Home Screen. Device users cannot take photos or videos using native or third-party apps, including FaceTime.
Supported on devices running iOS 4.0 or later. As of iOS 13.0, the device must also be supervised. |
| Disable FaceTime | Prevents the user from video conferencing, including making or receiving FaceTime video calls.
Supported on devices running iOS 4.0 or later. As of iOS 13.0, the device must also be supervised. |
| Disable Screen Capture | Control the ability of applications to capture the device screen. |
| Disable Photo Stream | Prevents the users from using the photo streaming function. |
| Disable Shared Photo Stream | Prevents users from viewing Shared Photo Streams on their device. |
| Disable Passbook Notifications While Locked | Prevents the ability to see Passbook notifications on the lock screen. |
| Disable Apple Music | Prevents users from accessing Apple Music. |
| Disable iMessage | Prevents users from sending or receiving messages through iMessage. |
| Disable Voice Dialing | Prevents users from dialing their phone using voice commands. |
| Disable Siri | Prevents user from using voice commands to control their device. |
| Show User Generated Content in Siri | Allows Siri to show user generated content. |
| Disable Siri While Device is Locked | Prevents the use of Siri while the device is locked. |
| Enable Siri Profanity Filter | Creates a filter for profane language. |
| Disable iBookstore | Prevents users from viewing and accessing the iBookstore through the iBooks App. |
| Disallow Erotica Content | Prevents users from purchasing books categorized as Erotica from the iBookstore. |
| Disable Installation of Apps | Prevents the device user from using the App Store by removing it from the Home Screen. Device users cannot install or update third-party applications.
Supported on devices running iOS 4.0 or later. As of iOS 13.0, the device must also be supervised. |
| Disable Installation of Apps from App Store Only | Prevents users from installing or updating their applications using the App Store. However, users are able to install or update applications using iTunes or Apple Configurator. |
| Disable Automatic App Download | Prevents users from automatically downloading applications purchased on other devices. |
| Disable Trusting New Enterprise App Authors | Prevents users from trusting enterprise applications. |
| Disable In-App Purchasing | Prevents the user from purchasing additional features of an application or an additional app from within an app. |
| Disable AirDrop | Prevents users from sharing files with other Apple devices using AirDrop. |
| Disable AirPrint | Prevents users from printing documents using AirPrint. |
| Disable Keychain Storage of AirPrint Credentials | Prevents users from being able to store the username and password for AirPrint in the keychain. |
| Require TLS for AirPrint | Requires trusted certificates for TLS communication when using AirPrint. |
| Disable iBeacon Discovery for AirPrint | Disables iBeacon discovery of AirPrint printers. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. |
| Hide Control Centre in Lock Screen | Prevents device users from accessing Control Centre while on the Lock Screen. |
| Hide Notification Centre in Lock Screen | Prevents users from accessing Notification Centre while on the Lock Screen. |
| Hide Today View in Lock Screen | Prevents users from accessing the Today View in the Lock Screen. |
| Disable App Removal | Prevents users from removing apps from their device. |
| Disable System App Removal | Prevents users from removing system apps from the device. |
| Disable Account Modification | Prevents users from making account additions or modification to iCloud, iTunes, Email, Contacts, and Calendars. |
| Disable App Cellular Data Usage Modifications | Prevents users from changing settings for cellular data usage for apps.
Supported on supervised devices running iOS 7.0 or later. |
| Allow Host Pairing | Allows the device to pair with any host computer. |
| Disable Managed to Unmanaged Data Sharing | Prevents managed apps from sharing data with unmanaged apps. |
| Disable Managed to Unmanaged Contacts Writing | Prevents managed apps from writing contacts to unmanaged contacts accounts. This option is only available if Disable Managed to Unmanaged Data Sharing is enabled.
Supported on supervised devices running iOS 12 or later. |
| Disable Unmanaged to Managed Contacts Reading | Prevents unmanaged apps from reading contacts from managed contacts accounts. This option is only available if Disable Managed to Unmanaged Data Sharing is enabled.
Supported on supervised devices running iOS 12 or later. |
| Disable Unmanaged to Managed Data Sharing | Prevents Unmanaged apps from sharing data with Managed apps. |
| Disable OTA (Over-the-Air) PKI Updates | Prevents device from obtaining public key infrastructure (PKI) updates OTA. |
| Limit Ad Tracking | Prevents apps from using the Advertising Identifier. |
| Disable Erase All Content and Settings | Prevents users' ability to use Erase All Content and Settings option in Reset UI. |
| Require iTunes Password for All Purchases | Users are required to enter their Apple ID password before every purchase from iTunes. Ignores the standard grace period between purchases. |
| Disable iCloud Keychain Sync | Prevents the synchronization of login credentials between iOS devices associated with an iCloud account.
Supported on devices running iOS 7.0 or later. As of iOS 13.0, the device must also be supervised. |
| Disable Storing Data in iCloud for Managed Apps | Prevents users from storing the data from Managed Applications in iCloud. |
| Disable iCloud Document Synching | Prevents users from storing documents in iCloud.
Supported on devices running iOS 5.0 or later. As of iOS 13.0, the device must also be supervised. |
| Disable iCloud Device Backup | Prevents the device from automatically backing up device data to iCloud. |
| Disable iCloud Photo Library | Prevents users from using iCloud Photo Library. |
| Disable Automatic sync while roaming | Control the ability to sync data (i.e. email) while in foreign coverage areas and prevent related expenses by disabling roaming syncing. |
| Force Encrypted Backups | Forces backups to iTunes to be encrypted, this is always selected. Note: This option should not be used with Supervised devices. |
| Automatically Reject Untrusted TLS Certificates | Users will not be prompted to trust certificates that cannot be verified. This setting applies to Safari and to Mail, Contacts and Calendar accounts. |
| Disable Interactive Configuration Profile Installation | Prevents users from installing additional configuration profiles and certificates manually. |
| Disable Submission of Diagnostic and Usage Data | Disables submission of iOS diagnostic and usage information to Apple. |
| Disable Modifying Diagnostic and Usage Data settings | Prevents users from being able to modify the option to submit diagnostic and usage information to Apple in Settings. |
| Disable Touch ID | Prevents users from using Touch ID. |
| Disable Passcode Modification | Prevents users from adding, changing, or removing a device's passcode. |
| Disable Touch ID fingerprints Modification | Prevents users from modifying Touch ID fingerprints. |
| Disable Apple Watch Pairing | Prevents users from pairing with an Apple Watch. |
| Force Apple Watch Wrist Detection | Paired Apple Watch is forced to use Wrist Detection. |
| Treat AirDrop as Unmanaged | Classifies AirDrop as an unmanaged drop target. |
| Disable Handoff | Prevents user from using Handoff. |
| Disable Internet Search Results in Spotlight | Prevents device from returning internet content in Spotlight search results. |
| Disable Creation of VPN Configurations | Prevents users from being able to create VPN configurations. |
| Disable Modifying Bluetooth Settings | Prevents users from being able to modify Bluetooth settings in Settings. |
| Disable Modifying Notifications Settings | Prevents users from being able to modify Notifications settings in Settings. |
| Disable Modifying Restrictions | Prevents users' ability to turn on Enable Restrictions option in the Restrictions UI in Settings. |
| Disable Modifying Device Name | Prevents users from changing the device name. |
| Disable Modifying Device Wallpaper | Prevents users from changing the device wallpaper. |
| Force Passcode on First Airplay Pairing | Forces all devices receiving AirPlay requests from this device to use a pairing password. |
| Disable Dictation Input | Prevents users from being able to use dictation when using the device's keyboard. |
| Disable Continuous Path Keyboard | Prevents users from using continuous or Quick Path keyboards.
Supported on supervised devices running iOS 13.0 or later. |
| Disable Predictive Keyboard | Prevents users from using predictive keyboards. |
| Disable Auto Correction | Prevents users from using keyboard auto-correction. |
| Disable Spell Check | Prevents users from using keyboard spell-check. |
| Disable Define Lookup | Prevents users from using definition lookup. |
| Disable Remote View by Classroom App | Disables remote screen observation by the Classroom app. |
| Restrict Joining Wi-Fi Networks | If enabled, the device can only join WiFi networks that were set up through a configuration profile pushed by MDM or carrier. |
| Disable WiFi Modification | If enabled, the device user is prevented from modifying the WiFi state.
Supported on supervised devices running iOS 13.0 or later. |
| Disable USB Restricted Mode | Disables USB restricted mode.
Supported on supervised devices running iOS 11.4.1 or later. |
| Force Date & Time to be set automatically | Enables the Date & Time 'Set Automatically' feature and prevents the user from disabling it.
Supported on supervised devices running iOS 12.0 or later. |
| Disable password proximity requests | Prevents the device from requesting passwords from nearby devices.
Supported on supervised devices running iOS 12.0 or later. |
| Disable password sharing | Prevents users from sharing their passwords with the Airdrop Passwords feature.
Supported on supervised devices running iOS 12.0 or later. |
| Disable password AutoFill | Prevents users from using the AutoFill Passwords feature on iOS. Users will not be prompted to use a saved password in Safari or in apps.
Supported on supervised devices running iOS 12.0 or later. |
| Disable modifying eSIM plans | Prevents device users from adding or removing a cellular plan to the eSIM on the device.
Supported on supervised devices running iOS 12.1 or later. |
Applications
| Disable YouTube | Prevents user from accessing YouTube (iOS 5 only) |
| Disable iTunes Music Store | Prevents user from accessing iTunes Music Store by removing it from the Home Screen. Device users cannot preview, purchase, or download music, movies, TV shows, or ringtones.
Supported on devices running iOS 4.0 or later. As of iOS 13.0, the device must also be supervised. |
| Disable Find My Device | Prevents user from Find My Device in the Find My app
Supported on supervised devices running iOS 13.0 or later. |
| Disable Find My Friends | Prevents user from Find My Friends in the Find My app
Supported on supervised devices running iOS 13.0 or later. |
| Disable Find My Friends App Modification | Prevents user from making changes within the Find My Friends app
Supported on supervised devices running iOS 7.0 or later. In iOS 13.0 and later, this option prevents the device user from making changes within the Find My app. |
| Disable Game Center | Removes Game Center app from the device Home Screen |
| Disable Addition of Game Center Friends | Prevents users from adding friends to Game Center
Supported on devices running iOS 4.2.1 or later. As of iOS 13.0, the device must also be supervised. |
| Disable Multiplayer Gaming | Prevents users from playing multiplayer games in Game Center
Supported on devices running iOS 4.1 or later. As of iOS 13.0, the device must also be supervised. |
| Disable Safari | Prevents user from accessing Safari by removing it from the Home Screen. Device users cannot use the Safari app to browse the web or open web clips.
Supported on devices running iOS 4.0 or later. As of iOS 13.0, the device must also be supervised. |
| Disable Autofill | Prevents the browser from using autofill to complete forms displayed on websites.
Supported on devices running iOS 4.0 or later. As of iOS 13.0, the device must also be supervised. |
| Force Fraud Warning | Force Safari fraud warning. |
| Disable JavaScript | Prevents the browser from running JavaScript |
| Prevent Pop-ups | Prevents the browser from opening pop-ups |
| Accept All Cookies | Forces the browser to accept all cookies |
| Accept Cookies from Visited Sites Only | Forces the browser to accept cookies from visited sites only |
| Disable News | Disables news |
| Disable Podcast | Prevents users from using podcasts |
| Number of days to delay software and OS update availability | Specify (in days) the interval between when a software or OS update becomes available and when it appears to the device user.
Note: This setting is only supported on supervised devices running iOS 11.3 or later.
|
| Single App Mode | Allows an app to lock itself to the device screen until conditions specified on the app are met. Note that administrators must configure Single App mode behavior for the app outside of SOTI MobiControl. This restriction only allows the single app mode to occur, it does not implement it.
Click the List button to add applications to the Single App Mode Whitelist. Next, click Add to enter the bundle identifier of the app. Visit SOTI Central: How to enable autonomous single app mode for guidance on how to whitelist apps in SOTI MobiControl and Apple Developer Documentation: UIAccessibilityRequestGuidedAccessSession for information on how to set up Single App mode. Note: The Single App Mode configuration supersedes the Restriction setting if both are assigned to the same device.
|
Media Content
| Movies | Sets the maximum rating for movies to:
|
| TV Shows | Sets the maximum rating for TV shows to:
|
| Apps | Sets the maximum rating for apps to:
|
| Disallow Explicit Music & Podcasts | Prevents user from downloading music or podcasts containing explicit content |
Note: Certain processes and applications are critical and necessary for stable device operation and normal execution of the SOTI MobiControl device agent. These processes are automatically protected through a built-in "permanent whitelist" and cannot be put on a blacklist. Applications that are included in a lockdown program menu are automatically on a whitelist and cannot be put on a blacklist.