Restrictions configuration (iOS user policy)
The Restrictions configuration lets you configure restrictions for Apple User Enrollment devices.
Device
| Setting | Description |
|---|---|
| Allow screen capture | Users can take a screenshot of the display. |
| Allow Siri | If the check box is cleared, users cannot use Siri, voice commands, or dictation. |
| Allow Siri while device is locked | If the check box is cleared, users must unlock their devices by entering their password before they use Siri. |
| Force local translation | Don’t connect to Siri servers for translations. |
| Force Wrist Detection | A paired Apple Watch must use Wrist Detection. |
| Force pairing password for outgoing AirPlay requests | Other devices receiving an AirPlay request from this device must use a pairing password. |
| Allow Control Center on lock screen | If the check box is cleared, the Control Center is unavailable when the device screen is locked. |
| Allow Notification Center on lock screen | If the check box is cleared, the Notification Center is unavailable when the device screen is locked. |
| Allow Today view on lock screen | If the check box is cleared, the Today view is unavailable when the device screen is locked. |
Company data
| Setting | Description |
|---|---|
| Allow documents to be shared only within managed apps/accounts | This restricts the opening of documents with apps or accounts managed by Sophos Mobile, for example a corporate email account. If users have an email account managed by Sophos Mobile and apps managed by Sophos Mobile on their devices, attachments from the managed email account can only be opened with managed apps. In this way you can prevent corporate documents from being opened in unmanaged apps. If you turn this setting off, the next two settings are disabled. Contacts from managed accounts can be shared with unmanaged apps. |
| Allow unmanaged apps to read contacts from managed accounts | Unmanaged apps can read contacts from managed accounts. |
| Allow documents to be shared only within unmanaged apps/accounts | This restricts the opening of documents with apps/accounts not managed by Sophos Mobile, for example a private email account. If users have an email account and apps not managed by Sophos Mobile on their devices, attachments from the unmanaged email account can only be opened with unmanaged apps. In this way you can prevent personal documents from being opened in managed apps. |
| Clipboard respects document sharing restrictions | This setting restricts sharing of clipboard content between managed and unmanaged apps and accounts, based on what you configured for sharing documents with the Allow documents to be shared only within managed apps/accounts and Allow documents to be shared only within unmanaged apps/accounts settings. For example, when you turn on Allow documents to be shared only within managed apps/accounts, turning on this setting prevents users from pasting clipboard content from managed into unmanaged apps. When you turn off both of the Allow documents ... settings, this setting has no effect. |
| Force AirDrop documents to be used as unmanaged documents | AirDrop is considered an unmanaged drop target. |
| Allow managed apps to sync with iCloud | Managed apps can use iCloud synchronization. |
| Allow backup for enterprise books | Enterprise books are backed up. |
| Allow enterprise books notes and highlights sync | Enterprise books notes and highlights are synchronized. |
Applications
| Setting | Description |
|---|---|
| Force fraud warning | The Safari security setting to warn the user when they visit a suspected phishing website is always turned on. |
Security and privacy
| Setting | Description |
|---|---|
| Allow diagnostic data to be sent to Apple | If the check box is cleared, diagnostic information is not sent to Apple. |
| Force encrypted backups | Users must encrypt backups in iTunes. |