Use iOS and iPadOS restriction policies to control how users interact with managed Apple devices. By applying these policies, you can manage general usage, network settings, app installations, and cloud access to ensure all devices remain secure and compliant with your organization's standards.
You can apply restrictions across multiple categories, including:
General: Core system and feature access
Security: Authentication and data protection controls
Network: Connectivity and pairing management
Apps: App installation, browsing, and media usage
iCloud & Apple ID: Cloud sync and Apple Intelligence controls
These restrictions work together to help you protect company data, prevent unauthorized access, and ensure devices operate according to your organization’s policies.
How to Configure iOS and iPadOS Restrictions
Navigate to Settings and select Policy Management from the Asset Management section. You will see a list of available hierarchical policies.
Click on Apple iOS Device policies from the list to open the configuration page.
Note: You can filter configurations based on Supervised and Unsupervised devices. Unsupervised devices offer limited configuration options, as restricted by Apple.
General Settings
Control access to key system features and functions. Admins can restrict account modifications, disable features like AirDrop, Camera, FaceTime, Handoff, or Siri, and limit personalization options such as device name changes, keyboard features, and screen time controls. You can also manage content filters, Apple Watch pairing, and Bluetooth access to maintain consistent device usage across your fleet.
In the General restrictions tab, click Add General Configuration. You can now toggle settings for features like Account Modification, Handoff, and AirDrop.
Security
Enforce authentication and data protection measures. You can restrict Touch ID/Face ID, passcode changes, and password autofill, require encrypted backups, and control Wi-Fi password sharing. These settings help prevent unauthorized access and data exposure while ensuring compliance with your organization’s security policies.
Select the Security category from the left menu, and click Add Security Configuration to manage policies such as Auto Unlock and Touch ID / Face ID requirements.
Network
Control connectivity and pairing behavior. Restrict cellular plan changes, limit devices to approved Wi-Fi networks, block untrusted certificates, and disable host pairing or external drives. Admins can also enforce managed VPN use and prevent users from disabling Wi-Fi to maintain secure network access.
Navigate to the Network category and click Add Network Configuration. This section allows you to control settings like Cellular Plan Modification and restrict connections to approved Wi-Fi networks.
Apps
Manage how users install, remove, and interact with applications. Admins can disable the App Store, App installation or uninstallation, alternative marketplace apps, and in-app purchases. You can restrict or customize Safari features, including private browsing, JavaScript, pop-ups, and password autofill, or disable services like iMessage, iTunes, Apple Music, and Podcasts. These restrictions ensure only approved and secure apps are used on corporate devices.
Select the Apps category and click Add Apps Configuration to manage application-related policies, including disabling app installation or in-app purchases.
iCloud & Apple ID Settings
Protect organizational data from syncing to personal accounts. You can disable iCloud Backup, Document Sync, Keychain, and Photo Library to keep sensitive data on managed devices. Admins can also restrict Managed Apps from using iCloud, Apple Intelligence features (like summarization, visual intelligence, or generative tools), and prevent users from signing in to external AI or intelligence services.
Finally, select the iCloud & Apple ID Settings category and click Add iCloud & Apple ID Settings Configuration. Here, you can restrict iCloud services like Cloud Backup and Cloud Document Sync to protect organizational data.