More

    MDM Restrictions for iOS Devices with Scalefusion

    Share On

    Managing restrictions and enabling full control of settings on iOS devices can be made possible by deploying Scalefusion MDM. By leveraging the Apple DEP program, you can easily enroll iPhones and iPads into Scalefusion MDM, ensuring users don’t bypass or remove restrictions. Enforce powerful management settings and restrictions on iOS devices by enabling device supervision during enrolment.

    MDM Restrictions for iOS Devices with Scalefusion
    Manage your Apple Devices with Scalefusion MDM

    iOS Restriction Policies on Scalefusion 

    Restrictions iOS Device Profile offers different settings that IT admins can configure to push and apply on a device. A restriction policy that is applied on an iOS device will block the specified device functionalities in one go, thereby protecting corporate data from any security attack. Scalefusion allows you to selectively restrict functionalities or apps on managed iOS devices from the web console.

    Prerequisites for iOS Restriction Policies

    iOS devices fall into two categories:

    1. Unsupervised

    IT admins will be able to manage unsupervised iOS devices, but they can only control a set of policies. Without supervision, iOS devices are only partially manageable, which makes the device vulnerable to theft and data breaches.If the IT team wants to apply policies and fully manage iOS devices, it is important to supervise the device.

    2. Supervised

     A supervised iOS device allows the IT team to enforce stricter policies and have more control over the device features. With iOS supervision, IT admins can seamlessly push core MDM policies on managed Apple devices. 

    Also read: Industry Use Cases of iOS Device Management

    Configuring iOS device restrictions via MDM policy

    You can begin with logging into the Scalefusion dashboard and creating or editing an iOS Device Profile. After that, navigate to the Restrictions tab that looks like this.

    configuring single app mode with Scalefusion

    You have the following options to choose iOS restrictions from:

    Single App Mode & Autonomous Single App Mode

    From the list of applications that you have allowed, choose one application to run always so that you can set up the device as a Kiosk. You can choose additional settings as well. 

    You can also set certain applications to run autonomously on the single app mode. Please note, the autonomous single app mode is dependent on the application, i.e., only some applications offer this functionality.

    Network Settings

    Over here, you can find a collection of network-related settings to control your iOS device network settings. These are:

    • Wifi Configuration 
    • Hotspot Setting 
    • Roaming Setting 

    Safari Settings

    Control all the Safari-related settings for your iOS devices using the following options:

    • Enable Safari 
    • Allow AutoFill
    • Allow Javascript
    • Allow PopUps

    iCloud & Siri Settings

    Control general iCloud and Siri-related settings through the following options. 

    General Settings

    • Allow iCloud Backup
    • Allow iCloud Keychain Sync
    • Allow Siri

    Please note that these settings will work on all devices.

    Supervised Settings

    • Force Siri Profanity filter
    • Allow iCloud Documents Sync

    Please note that these settings will work on supervised devices only. 

    Lock Screen Settings

    To push Lock Screen settings on iOS devices, it is mandatory to set passcodes. IT admins can select from the following General settings to drive user experience on the Lock Screen. 

    • Allow Touch-ID for Unlock
    • Allow Lock Screen Control Center
    • Allow Lock Screen Notification View
    • Allow Lock Screen Today View
    • Allow Passbook Notifications
    • Allow Assistant while Locked
    • Allow Voice Dialing

    App Settings

    Here’s a collection of application-related settings that IT admins can enforce on iOS devices.

    General settings

    • Allow trust for Enterprise Apps

    Please note this setting will work on all devices.

    Supervised 

    • Allow iMessage
    • Allow App Installation
    • Allow Interactive Apps Installation
    • Allow App Removal
    • Allow System App Removal
    • Allow iTunes App
    • Allow News
    • Allow Podcasts
    • Allow Music Service
    • Allow Bookstore
    • Allow AirDrop

    Please note that these settings will work on supervised devices only. 

    Application Management Settings

    Through app management, IT admins can configure settings that allow users to control how applications are published from the Scalefusion dashboard, and how they get installed on the managed devices. 

    • Enable Application Catalog

    Enable this to show a Web-clip on the device home screen that lets users see the applications published and install them

    Please note, this feature can only reflect once you enable the application catalog. To know more about the app catalog, click here.

    OS Updates

    You can delay any new iOS update by configuring settings under this section. Since iOS does not indefinitely allow blocking new OS updates, admins can delay/defer them for a minimum of 30 days to a maximum of 90 days. 

    Email & Exchange Settings

    In this section, you can select Email or Exchange configurations to publish on the iOS Device Profile(s). You have the option to select one or multiple configurations to push on the devices. 

    Work Data Settings

    You can control the exchange of data between work apps and personal apps. You can configure these settings on all iOS devices, irrespective of whether they are supervised or not; just ensure the minimum OS version is met. Secure corporate data by preventing the unmanaged (personal) applications from viewing/opening data with managed (work) apps. 

    The settings offered are:

    • Allow Open From Managed to Unmanaged
    • Allow Managed Apps to write contacts to Unmanaged contact accounts
    • Allow UnManaged Apps to read contacts to Managed contact accounts
    • Allow Work Documents to be Shared via Airdrop
    • Allow Open From Managed to Unmanaged

    Certificates

    Certificate Management helps IT admins streamline the process of deploying Digital Certificates to end users’ devices by automatically provisioning digital identities onto devices without involving end-user. You can enable authentication on managed iOS devices with Scalefusion.

    Custom Settings

    IT Admins can directly push Custom Payload to the iOS devices using a good XML editor. Hence, admins can now add desired features for Mac and iOS that at present not available with Scalefusion. 

    Custom Payload lets you build your own policy using the Apple MDM Protocol. IT admins can quickly add settings that are not built in Scalefusion. Please refer to Apple Device Management to understand the various payloads and their support. You can also build your policies.

    General Settings

    This section includes a collection of common settings that can be enforced on iOS devices. Here are the options:

    General 

    • Allow Camera
    • Allow ScreenShot
    • Force Encrypted Backups

    Please note that these settings will work on all devices.

    Supervised

    • Allow Enabling Restrictions
    • Allow Erase Content and Settings
    • Allow Account Modification
    • Allow Device Name Modification
    • Allow Wallpaper Modification
    • Allow Connection with Apple Devices
    • Allow VPN Creation
    • Allow Explicit Content
    • Allow Bluetooth Settings Modification
    • Allow Open From Managed to Unmanaged
    • Allow UI Configuration Profile Installation
    • Allow Passcode Modification

    Please note that these settings will work on supervised devices only. 

    Conclusion

    With Scalefusion iOS MDM, configure different restrictions on the managed iOS devices as per company requirements. Allow or restrict users from accessing different iOS features like profile settings, application settings, iCloud settings, security and privacy settings.

    Yesha Gangani
    Yesha Gangani
    Yesha is a professional writer with a hidden talent of promoting persona tactics to catch the attention of a nerd enthusiast. She has a high caliber of attracting, engaging and educating any tech-savvy individual with latest trends and insights in the industry.

    Latest Articles

    What is macOS Patch Management: A Comprehensive Guide

    Many of us might be tempted to think that the powerful macOS devices that are usually high on security aren’t vulnerable. Well, there’s room...

    Understanding Unattended Remote Access for Windows

    Whether your organization is fully back on-site, hybrid, fully remote, or on-site but globally dispersed, the ability to manage devices remotely is not just...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications. This feature is designed to...

    Latest From Author

    What is Application Whitelisting: Complete Guide

    The year 2018 reported 16,517 application-related security issues worldwide. With such an alarming number of instances, if your IT team is still dependent on...

    A Quick Guide to Enable a Mobile Workforce in 2022

    Working patterns have significantly transformed over the last 20 years. How businesses function today is completely different from what anyone would have expected. This...

    Understanding Remote Endpoint Management

    Remote Endpoint Management has become the IT team’s top priority right now.  Due to the worldwide coronavirus pandemic, the sudden work transition has drastically evolved...

    More from the blog

    Understanding Unattended Remote Access for Windows

    Whether your organization is fully back on-site, hybrid, fully remote, or on-site but globally dispersed, the ability to manage...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications....

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist, having an extra pair of eyes never hurts, especially when...