Successful completion of largest project in Europe.

Managing restrictions and enabling full control of settings on iOS devices can be made possible by deploying Scalefusion MDM. By leveraging Apple’s DEP program, you can easily enroll iPhones and iPads into Scalefusion MDM, ensuring users don’t bypass or remove restrictions. Enforce powerful management settings and restrictions on iOS devices by enabling device supervision during enrolment.

iOS Restriction Policies on Scalefusion 

Restrictions iOS Device Profile offers different settings that IT admins can configure to push and apply on a device. A restriction policy that is applied on an iOS device will block the specified device functionalities in one go, thereby protecting corporate data from any security attack. Scalefusion allows you to selectively restrict functionalities or apps on managed iOS devices from the web console.

Prerequisites for iOS Restriction Policies

iOS devices fall into two categories:

1. Unsupervised

IT admins will be able to manage unsupervised iOS devices, but they can only control a set of policies. Without supervision, iOS devices are only partially manageable, which makes the device vulnerable to theft and data breaches.If the IT team wants to apply policies and fully manage iOS devices, it is important to supervise the device.

2. Supervised

 A supervised iOS device allows the IT team to enforce stricter policies and have more control over the device features. With iOS supervision, IT admins can seamlessly push core MDM policies on managed Apple devices. 

Configuring iOS device restrictions via MDM policy

You can begin with logging into the Scalefusion dashboard and creating or editing an iOS Device Profile. After that, navigate to the Restrictions tab that looks like this.

You have the following options to choose iOS restrictions from:

Single App Mode & Autonomous Single App Mode

From the list of applications that you have allowed, choose one application to run always so that you can set up the device as a Kiosk. You can choose additional settings as well. 

You can also set certain applications to run autonomously on the single app mode. Please note, the autonomous single app mode is dependent on the application, i.e., only some applications offer this functionality.

Network Settings

Over here, you can find a collection of network-related settings to control your iOS device network settings. These are:

• Wifi Configuration 
• Hotspot Setting 
• Roaming Setting 

Safari Settings

Control all the Safari-related settings for your iOS devices using the following options:

• Enable Safari 
• Allow AutoFill
• Allow Javascript
• Allow PopUps

iCloud & Siri Settings

Control general iCloud and Siri-related settings through the following options. 

General Settings

• Allow iCloud Backup
• Allow iCloud Keychain Sync
• Allow Siri

Please note that these settings will work on all devices.

Supervised Settings

• Force Siri Profanity filter
• Allow iCloud Documents Sync

Please note that these settings will work on supervised devices only. 

Lock Screen Settings

To push Lock Screen settings on iOS devices, it is mandatory to set passcodes. IT admins can select from the following General settings to drive user experience on the Lock Screen. 

• Allow Touch-ID for Unlock
• Allow Lock Screen Control Center
• Allow Lock Screen Notification View
• Allow Lock Screen Today View
• Allow Passbook Notifications
• Allow Assistant while Locked
• Allow Voice Dialing

App Settings

Here’s a collection of application-related settings that IT admins can enforce on iOS devices.

General settings

• Allow trust for Enterprise Apps

Please note this setting will work on all devices.

Supervised 

• Allow iMessage
• Allow App Installation
• Allow Interactive Apps Installation
• Allow App Removal
• Allow System App Removal
• Allow iTunes App
• Allow News
• Allow Podcasts
• Allow Music Service
• Allow Bookstore
• Allow AirDrop

Please note that these settings will work on supervised devices only. 

Application Management Settings

Through app management, IT admins can configure settings that allow users to control how applications are published from the Scalefusion dashboard, and how they get installed on the managed devices. 

• Enable Application Catalog

Enable this to show a Web-clip on the device home screen that lets users see the applications published and install them

Please note, this feature can only reflect once you enable the application catalog. To know more about the app catalog, click here.

OS Updates

You can delay any new iOS update by configuring settings under this section. Since iOS does not indefinitely allow blocking new OS updates, admins can delay/defer them for a minimum of 30 days to a maximum of 90 days. 

Email & Exchange Settings

In this section, you can select Email or Exchange configurations to publish on the iOS Device Profile(s). You have the option to select one or multiple configurations to push on the devices. 

Work Data Settings

You can control the exchange of data between work apps and personal apps. You can configure these settings on all iOS devices, irrespective of whether they are supervised or not; just ensure the minimum OS version is met. Secure corporate data by preventing the unmanaged (personal) applications from viewing/opening data with managed (work) apps. 

The settings offered are:

• Allow Open From Managed to Unmanaged
• Allow Managed Apps to write contacts to Unmanaged contact accounts
• Allow UnManaged Apps to read contacts to Managed contact accounts
• Allow Work Documents to be Shared via Airdrop
• Allow Open From Managed to Unmanaged

Certificates

Certificate Management helps IT admins streamline the process of deploying Digital Certificates to end users’ devices by automatically provisioning digital identities onto devices without involving end-user. You can enable authentication on managed iOS devices with Scalefusion.

Custom Settings

IT Admins can directly push Custom Payload to the iOS devices using a good XML editor. Hence, admins can now add desired features for Mac and iOS that at present not available with Scalefusion. 

Custom Payload lets you build your own policy using the Apple MDM Protocol. IT admins can quickly add settings that are not built in Scalefusion. Please refer to Apple Device Management to understand the various payloads and their support. You can also build your policies.

General Settings

This section includes a collection of common settings that can be enforced on iOS devices. Here are the options:

General 

• Allow Camera
• Allow ScreenShot
• Force Encrypted Backups

Please note that these settings will work on all devices.

Supervised

• Allow Enabling Restrictions
• Allow Erase Content and Settings
• Allow Account Modification
• Allow Device Name Modification
• Allow Wallpaper Modification
• Allow Connection with Apple Devices
• Allow VPN Creation
• Allow Explicit Content
• Allow Bluetooth Settings Modification
• Allow Open From Managed to Unmanaged
• Allow UI Configuration Profile Installation
• Allow Passcode Modification

Please note that these settings will work on supervised devices only. 

Conclusion

With Scalefusion iOS MDM, configure different restrictions on the managed iOS devices as per company requirements. Allow or restrict users from accessing different iOS features like profile settings, application settings, iCloud settings, security and privacy settings.

Credit : Scalefusion