Restrictions

Template

A Restrictions payload allows the administrator to restrict the user from doing certain things with the device, such as using the camera.

The Restrictions payload is supported in iOS; some keys are also supported in macOS, as noted below.

Contents

• Restrictions
  • Summary
  • Keys
    • allowAppInstallation
    • allowUIAppInstallation
    • allowAutomaticAppDownloads
    • allowAppRemoval
    • allowEnterpriseAppTrust
    • allowCamera
    • allowExplicitContent
    • allowScreenShot
    • allowRemoteScreenObservation
    • allowChat
    • allowBookstore
    • allowBookstoreErotica
    • allowMusicService
    • allowRadioService
    • allowSharedStream
    • allowPassbookWhileLocked
    • allowUIConfigurationProfileInstallation
    • allowiTunes
    • allowNews
    • allowSafari
    • allowGameCenter
    • allowAddingGameCenterFriends
    • allowBluetoothModification
    • allowAppCellularDataModification
    • allowDeviceNameModification
    • allowPasscodeModification
    • allowWallpaperModification
    • allowEnablingRestrictions
    • allowGlobalBackgroundFetchWhenRoaming
    • allowManagedAppsCloudSync
    • allowEnterpriseBookBackup
    • allowEnterpriseBookMetadataSync
    • allowInAppPurchases
    • allowMultiplayerGaming
    • allowVideoConferencing
    • allowVoiceDialing
    • forceEncryptedBackup
    • forceWatchWristDetection
    • allowPairedWatch
    • allowEraseContentAndSettings
    • allowSpotlightInternetResults
    • allowCloudDocumentSync
    • allowUntrustedTLSPrompt
    • allowDiagnosticSubmission
    • allowDiagnosticSubmissionModification
    • allowPhotoStream
    • allowCloudPhotoLibrary
    • allowCloudBackup
    • forceITunesStorePasswordEntry
    • ratingApps
    • ratingMovies
    • ratingTVShows
    • ratingRegion
    • safariAcceptCookies
    • safariAllowAutoFill
    • safariAllowJavaScript
    • safariAllowPopups
    • safariForceFraudWarning
    • allowAssistant
    • allowAssistantWhileLocked
    • forceAssistantProfanityFilter
    • allowPredictiveKeyboard
    • allowKeyboardShortcuts
    • allowAutoCorrection
    • allowSpellCheck
    • allowDefinitionLookup
    • allowOpenFromUnmanagedToManaged
    • allowOpenFromManagedToUnmanaged
    • forceAirDropUnmanaged
    • allowActivityContinuation
    • allowFingerprintForUnlock
    • allowFingerprintModification
    • allowNotificationsModification
    • blacklistedAppBundleIDs
    • whitelistedAppBundleIDs
    • allowAutoUnlock
    • allowCloudDesktopAndDocuments
  • Links

Summary

PayloadType:com.apple.applicationaccess Supervised Only:  N/A macOS:N/A macOS Deprecated:  N/A iOS:N/A iOS Deprecated:N/A Highlander:N/A

Keys

allowAppInstallation

Allow App Installation from Apple Configurator and iTunes

Allow only a connected Mac host to install applications

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowUIAppInstallation

Allow App Installation from App Store

When false, the App Store is disabled and its icon is removed from the Home screen. However, users may continue to use Host apps (iTunes, Configurator) to install or update their apps.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	True

allowAutomaticAppDownloads

Allow Automatic App Downloads

If set to false, prevents automatic downloading of apps purchased on other devices. Does not affect updates to existing apps. Defaults to true

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	True

allowAppRemoval

Allow App Removal

Allow the user to remove apps (Supervised only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowEnterpriseAppTrust

Allow Trusting Enterprise Apps

If set to false removes the Trust Enterprise Developer button in Settings->General->Profiles Device Management, preventing apps from being provisioned by universal provisioning profiles. This restriction applies to free developer accounts but it does not apply to enterprise app developers who are trusted because their apps were pushed via MDM, nor does it revoke previously granted trust. Defaults to true.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	N/A

allowCamera

Allow Camera Use

Allow the user to use the camera

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	0.0	10.11	N/A

allowExplicitContent

Allow Explicit Content

Allow user access of explicit content

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowScreenShot

Allow Screenshots and Screen Recording

Allow the user to take screenshots or screen recordings

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowRemoteScreenObservation

Allow Remote Screen Observation

Allow Classroom or similar to observe the screen. This key should be nested beneath allowScreenShot as a sub-restriction. If allowScreenShot is set to false, it also prevents the Classroom app from observing remote screens.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.3	N/A	True

allowChat

Allow use of iMessage

Allow use of iMessage (Supervised only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	6.0	N/A	True

allowBookstore

Allow Bookstore

Supervised only. If set to false, iBookstore will be disabled.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	6.0	N/A	True

allowBookstoreErotica

Allow Bookstore Erotica

Supervised only. If set to false, the user will not be able to download media from the iBookstore that is tagged as erotica.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	6.0	N/A	N/A

allowMusicService

Allow Apple Music

If set to false, Apple Music will be disabled in the Music app.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.3	10.12	True

allowRadioService

Allow iTunes Radio

If set to false, Apple Music Radio is disabled.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.3	N/A	True

allowSharedStream

Allow Shared Stream

If set to false, disabled Shared Stream.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	6.0	N/A	N/A

allowPassbookWhileLocked

Allow Wallet While Locked

If set to false, Wallet notifications will not be shown on the lock screen.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	6.0	N/A	N/A

allowUIConfigurationProfileInstallation

Allow UI Configuration Profile Installation

Supervised only. If set to false, the user is prohibited from installing configuration profiles and certificates interactively.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	6.0	N/A	True

allowiTunes

Allow use of iTunes

When false, the iTunes Music Store is disabled and its icon is removed from the Home screen. Users cannot preview, purchase, or download content.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowNews

Allow use of News

Allow the user to access and use News

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	True

allowSafari

Allow use of Safari

Allow the user to use Safari

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowGameCenter

Allow Game Center

Allow Game Center (Supervised only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	6.0	N/A	N/A

allowAddingGameCenterFriends

Allow Adding Game Center Friends

Allow the user to add Friends on Game Center

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowBluetoothModification

Allow modifying Bluetooth settings

Allow modifying Bluetooth settings

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	10.0	N/A	True

allowAppCellularDataModification

Allow Modifying Cellular Data Usage for Apps Settings

Allow modifying cellular data usage for apps settings

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	7.0	N/A	True

allowDeviceNameModification

Allow Modifying Device Name

Allow modifying device name

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	True

allowPasscodeModification

Allow Modifying Passcode

If set to false, prevents the device passcode from being added, changed, or removed. Defaults to true. This restriction is ignored by shared iPads.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	True

allowWallpaperModification

Allow Modifying Wallpaper

Allow modifying Wallpaper (Supervised only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	True

allowEnablingRestrictions

Allow Configuring Restrictions

Allow configuring restrictions (Supervised only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowGlobalBackgroundFetchWhenRoaming

Allow Automatic Sync While Roaming

Allow automatic sync while roaming

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowManagedAppsCloudSync

Allow iCloud Sync for Managed Apps

Allow iCloud sync for managed apps

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowEnterpriseBookBackup

Allow Enterprise Books Backup

Allow enterprise books to be backed up

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowEnterpriseBookMetadataSync

Allow Enterprise Books Notes and Highlights Sync

Allow enterprise books notes and highlights to be synced

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowInAppPurchases

Allow In App Purchases

Allow the user to make purchases within applications

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowMultiplayerGaming

Allow Multiplayer Gaming

Allow multiplayer gaming

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowVideoConferencing

Allow Video Conferencing

Allow video conferencing

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowVoiceDialing

Allow Voice Dialing While Device is Locked

Allow voice dialing while device is locked

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

forceEncryptedBackup

Force Encrypted Backups

Force encrypted backups

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	False	N/A	N/A	N/A	N/A	N/A

forceWatchWristDetection

Force Apple Watch Wrist Detection

Force Apple Watch wrist detection

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	False	N/A	N/A	8.2	N/A	N/A

allowPairedWatch

Allow Pairing With Apple Watch

If set to false, disables pairing with an Apple Watch. Any currently paired Apple Watch is unpaired and erased. Defaults to true.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	N/A

allowEraseContentAndSettings

Allow Erase All Content and Settings

Supervised only. If set to false, the user cannot choose the option “Erase All Content and Settings” in Settings > General > Reset

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	True

allowSpotlightInternetResults

Allow Internet results in Spotlight

If set to false, search results from the web will not be shown in Spotlight.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	0.0	10.11	True

allowCloudDocumentSync

Allow iCloud Document Sync

Allow document syncing with iCloud. When false, disables document and key-value syncing to iCloud.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	5.0	10.11	True

allowUntrustedTLSPrompt

Allow user to accept untrusted TLS certificates

Allow user to accept untrusted TLS certificates

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	5.0	N/A	N/A

allowDiagnosticSubmission

Allow diagnostic submission

Send diagnostic and usage reports to Apple

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	N/A	N/A	N/A	6.0	N/A	N/A

allowDiagnosticSubmissionModification

Allow modifying diagnostics settings

If set to false, the diagnostic submission and app analytics settings in the Diagnostics & Usage pane in Settings cannot be modified

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.3.2	N/A	N/A

allowPhotoStream

Allow Photo Stream

Allow Photo Stream to be used on the device

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	5.0	N/A	N/A

allowCloudPhotoLibrary

Allow iCloud Photo Library

Allow iCloud Photo Library to be used on the device

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	10.12	N/A

allowCloudBackup

Allow iCloud Backup

Allow backup using iCloud

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	5.0	N/A	N/A

forceITunesStorePasswordEntry

Require iTunes password for all purchases

Require the user’s iTunes password to be entered for every purchase

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	False	N/A	N/A	5.0	N/A	N/A

ratingApps

Apps Ranking Number

Ranking number for apps

Type	Default	Required	Regex	iOS	macOS	Supervised
integer	1000	N/A	N/A	N/A	N/A	N/A

ratingMovies

Movies Ranking Number

Ranking number for movies

Type	Default	Required	Regex	iOS	macOS	Supervised
integer	1000	N/A	N/A	N/A	N/A	N/A

ratingTVShows

TV Shows Ranking Number

Ranking number for TV Shows

Type	Default	Required	Regex	iOS	macOS	Supervised
integer	1000	N/A	N/A	N/A	N/A	N/A

ratingRegion

Region Code

Two-character code for the region used to specify ratings

Type	Default	Required	Regex	iOS	macOS	Supervised
string	N/A	N/A	N/A	N/A	N/A	N/A

Valid Choices

• us
• au
• ca
• de
• fr
• ie
• jp
• nz
• gb

safariAcceptCookies

Accept Cookies in Safari

Accept cookies: 0 - Never, 1 - From current website only (iOS 8) or visited sites (pre-iOS 8), 1.5 - From websites I visit, 2 - Always

Type	Default	Required	Regex	iOS	macOS	Supervised
real	2	N/A	N/A	N/A	N/A	N/A

Valid Choices

• 0
• 1
• 1.5
• 2

safariAllowAutoFill

Allow AutoFill in Safari

Allow AutoFill in Safari

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

safariAllowJavaScript

Allow JavaScript

Allow JavaScript in Safari

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

safariAllowPopups

Allow Pop-ups

Allow Pop-ups in Safari

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

safariForceFraudWarning

Enable Fraud Warning

Enable fraud warning in Safari

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	False	N/A	N/A	N/A	N/A	N/A

allowAssistant

Allow Siri

Allow Siri

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowAssistantWhileLocked

Allow Siri While Locked

Allow Siri while device is locked

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	5.1	N/A	N/A

forceAssistantProfanityFilter

Enable Siri Profanity Filter

Enable Siri Profanity Filter (Supervised devices only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	False	N/A	N/A	N/A	N/A	True

allowPredictiveKeyboard

Allow Predictive Keyboard

Allow Predictive Keyboard (Supervised devices only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	8.1.3	N/A	True

allowKeyboardShortcuts

Allow Keyboard Shortcuts

Allow Keyboard Shortcuts (Supervised devices only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.0	N/A	True

allowAutoCorrection

Allow Auto Correction

Allow Auto Correction (Supervised devices only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	8.1.3	N/A	True

allowSpellCheck

Allow Spell Check

Allow Spell Check (Supervised devices only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	8.1.3	N/A	True

allowDefinitionLookup

Allow Define

Allow Define (Supervised devices only)

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	8.1.3	10.11.2	N/A

allowOpenFromUnmanagedToManaged

Enable allow open from unmanaged to managed

Enable allow open from unmanaged to managed

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	7.0	N/A	N/A

allowOpenFromManagedToUnmanaged

Enable allow open from managed to unmanaged

Enable allow open from managed to unmanaged

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	7.0	N/A	N/A

forceAirDropUnmanaged

Treat AirDrop as Unmanaged Destination

Treat AirDrop as Unmanaged Destination

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	False	N/A	N/A	9.0	N/A	N/A

allowActivityContinuation

Allow Handoff

If set to false, Handoff will be disabled.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowFingerprintForUnlock

Allow Touch ID to Unlock Device

Allow Touch ID to Unlock Device

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	7.0	10.12.4	N/A

allowFingerprintModification

Allow Modifying Touch ID Fingerprints

Allow modifying Touch ID fingerprints

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	N/A	N/A

allowNotificationsModification

Allow Modifying Notifications Settings

Allow Modifying Notifications Settings

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	9.3	N/A	True

blacklistedAppBundleIDs

Blacklisted Apps

If present, prevents bundle IDs listed in the array from being shown or launchable.

Type	Default	Required	Regex	iOS	macOS	Supervised
array	N/A	N/A	N/A	9.3	N/A	True

whitelistedAppBundleIDs

Whitelisted Apps

If present, allows only bundle IDs listed in the array from being shown or launchable.

Type	Default	Required	Regex	iOS	macOS	Supervised
array	N/A	N/A	N/A	9.3	N/A	True

allowAutoUnlock

Allow macOS auto unlock

If set to false, disallows macOS auto unlock. Defaults to true.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	10.12	N/A

allowCloudDesktopAndDocuments

Allow cloud desktop and documents

If set to false, disallows macOS cloud desktop and document services. Defaults to true.

Type	Default	Required	Regex	iOS	macOS	Supervised
boolean	True	N/A	N/A	N/A	10.12.4	N/A

Links

• Official Documentation.