By: Admin -
On: Jul 16, 2021
Successful completion of largest project in Europe.
Managing restrictions and enabling full control of settings on iOS devices can be made possible by deploying Scalefusion MDM. By leveraging Apple’s DEP program, you can easily enroll iPhones and iPads into Scalefusion MDM, ensuring users don’t bypass or remove restrictions. Enforce powerful management settings and restrictions on iOS devices by enabling device supervision during enrolment.
iOS Restriction Policies on Scalefusion
Restrictions iOS Device Profile offers different settings that IT admins can configure to push and apply on a device. A restriction policy that is applied on an iOS device will block the specified device functionalities in one go, thereby protecting corporate data from any security attack. Scalefusion allows you to selectively restrict functionalities or apps on managed iOS devices from the web console.Prerequisites for iOS Restriction Policies
iOS devices fall into two categories:1. Unsupervised
IT admins will be able to manage unsupervised iOS devices, but they can only control a set of policies. Without supervision, iOS devices are only partially manageable, which makes the device vulnerable to theft and data breaches.If the IT team wants to apply policies and fully manage iOS devices, it is important to supervise the device.2. Supervised
A supervised iOS device allows the IT team to enforce stricter policies and have more control over the device features. With iOS supervision, IT admins can seamlessly push core MDM policies on managed Apple devices.Configuring iOS device restrictions via MDM policy
You can begin with logging into the Scalefusion dashboard and creating or editing an iOS Device Profile. After that, navigate to the Restrictions tab that looks like this.
Single App Mode & Autonomous Single App Mode
From the list of applications that you have allowed, choose one application to run always so that you can set up the device as a Kiosk. You can choose additional settings as well. You can also set certain applications to run autonomously on the single app mode. Please note, the autonomous single app mode is dependent on the application, i.e., only some applications offer this functionality.Network Settings
Over here, you can find a collection of network-related settings to control your iOS device network settings. These are:- Wifi Configuration
- Hotspot Setting
- Roaming Setting
Safari Settings
Control all the Safari-related settings for your iOS devices using the following options:- Enable Safari
- Allow AutoFill
- Allow Javascript
- Allow PopUps
iCloud & Siri Settings
Control general iCloud and Siri-related settings through the following options.General Settings
- Allow iCloud Backup
- Allow iCloud Keychain Sync
- Allow Siri
Supervised Settings
- Force Siri Profanity filter
- Allow iCloud Documents Sync
Lock Screen Settings
To push Lock Screen settings on iOS devices, it is mandatory to set passcodes. IT admins can select from the following General settings to drive user experience on the Lock Screen.- Allow Touch-ID for Unlock
- Allow Lock Screen Control Center
- Allow Lock Screen Notification View
- Allow Lock Screen Today View
- Allow Passbook Notifications
- Allow Assistant while Locked
- Allow Voice Dialing
App Settings
Here’s a collection of application-related settings that IT admins can enforce on iOS devices.General settings
- Allow trust for Enterprise Apps
Supervised
- Allow iMessage
- Allow App Installation
- Allow Interactive Apps Installation
- Allow App Removal
- Allow System App Removal
- Allow iTunes App
- Allow News
- Allow Podcasts
- Allow Music Service
- Allow Bookstore
- Allow AirDrop
Application Management Settings
Through app management, IT admins can configure settings that allow users to control how applications are published from the Scalefusion dashboard, and how they get installed on the managed devices.- Enable Application Catalog
OS Updates
You can delay any new iOS update by configuring settings under this section. Since iOS does not indefinitely allow blocking new OS updates, admins can delay/defer them for a minimum of 30 days to a maximum of 90 days.Email & Exchange Settings
In this section, you can select Email or Exchange configurations to publish on the iOS Device Profile(s). You have the option to select one or multiple configurations to push on the devices.Work Data Settings
You can control the exchange of data between work apps and personal apps. You can configure these settings on all iOS devices, irrespective of whether they are supervised or not; just ensure the minimum OS version is met. Secure corporate data by preventing the unmanaged (personal) applications from viewing/opening data with managed (work) apps. The settings offered are:- Allow Open From Managed to Unmanaged
- Allow Managed Apps to write contacts to Unmanaged contact accounts
- Allow UnManaged Apps to read contacts to Managed contact accounts
- Allow Work Documents to be Shared via Airdrop
- Allow Open From Managed to Unmanaged
Certificates
Certificate Management helps IT admins streamline the process of deploying Digital Certificates to end users’ devices by automatically provisioning digital identities onto devices without involving end-user. You can enable authentication on managed iOS devices with Scalefusion.Custom Settings
IT Admins can directly push Custom Payload to the iOS devices using a good XML editor. Hence, admins can now add desired features for Mac and iOS that at present not available with Scalefusion. Custom Payload lets you build your own policy using the Apple MDM Protocol. IT admins can quickly add settings that are not built in Scalefusion. Please refer to Apple Device Management to understand the various payloads and their support. You can also build your policies.General Settings
This section includes a collection of common settings that can be enforced on iOS devices. Here are the options:General
- Allow Camera
- Allow ScreenShot
- Force Encrypted Backups
Supervised
- Allow Enabling Restrictions
- Allow Erase Content and Settings
- Allow Account Modification
- Allow Device Name Modification
- Allow Wallpaper Modification
- Allow Connection with Apple Devices
- Allow VPN Creation
- Allow Explicit Content
- Allow Bluetooth Settings Modification
- Allow Open From Managed to Unmanaged
- Allow UI Configuration Profile Installation
- Allow Passcode Modification
Conclusion
With Scalefusion iOS MDM, configure different restrictions on the managed iOS devices as per company requirements. Allow or restrict users from accessing different iOS features like profile settings, application settings, iCloud settings, security and privacy settings.Credit : Scalefusion