Knowledge base
Safetica Mobile - Restrictions
Posted by Libor Pazdera, Last modified by Michael Skoupý on 31 August 2020 08:36 AM

Restrictions allow the administrator to disable some of the device apps or features. As in previous policies, you can create combinations of restrictions and permissions and apply them to user tree nodes selected by you.

Policies are divided into three groups. In the Common section, you can apply restrictions to all types of device modes. The Android section contains restrictions only for Android devices with an implemented work profile. In the iOS section, you can see restrictions for both iOS modes, and there is also a part only for devices with iOS supervised mode.

Common:

  1. Disable camera (Disable camera in all apps)
  2. Disable default web browser (Users can't execute default internet browser)
  3. Disable screenshots (Users are unable to save a screenshot of the display)
  4. Disable App Store (Disable app install via App Store)


Android (work profile):

  1. Disable parent profile links (Apps in the parent profile are not allowed to handle web links from the managed profile)
  2. Disable cross profile copy and paste (Users are not allowed to paste clipboard data into other profiles or users. This restriction doesn't prevent import, so other profiles and users can still paste clipboard data into this one)
  3. Disable unified password (Users are not allowed to have the same screen unlock for their primary and managed profiles. Works only on Android 9 and higher)
  4. Disable sharing into managed profiles (Users are not allowed to share files/pictures/data from their primary profile into a managed profile. Works only on Android 8 and higher)
  5. Disable app management (Users are not allowed to modify apps in Settings or launchers)
  6. Disable credentials configuration (Users are not allowed to configure user credentials)
  7. Disable VPN configuration (Users are not allowed to configure a VPN)
  8. Disable debugging features (Users are not allowed to enable or access debugging features)
  9. Disable app install (Users are not allowed to install apps)
  10. Disable install from unknown sources (Users are not allowed to enable the "Unknown Sources" setting, that allows installation of apps from unknown sources)
  11. Disable install from unknown sources globally (Users are not allowed to enable the "Unknown Sources" setting, that allows installation of apps from unknown sources. Works only on Android 10 and higher)
  12. Disable account modification (Users are not allowed to add or remove accounts, unless they confirm the action via Authenticator)
  13. Disable outgoing Android Beam (Users are not allowed to send data via NFC)
  14. Disable setting the user icon (Users are not allowed to change their icon)
  15. Disable location sharing (Users are not allowed to turn on location sharing)
  16. Disable app uninstall (Users are not allowed to uninstall apps)
  17. Force app verification (Users are not allowed to disable app verification)
  18. Disable autofill (Users are not allowed to use autofill services. Works only on Android 8 and higher)
  19. Disable Bluetooth sharing (Users are not allowed to send files via Bluetooth. Works only on Android 8 and higher)
  20. Disable location configuration (Users are not allowed to enable or disable location providers. Works only on Android 9 and higher)
  21. Disable printing (Users are not allowed to print. Works only on Android 7 and higher)

Note: After installation, restrictions Disable debugging features and Disable install from unknown sources are enforced by default.


iOS (for both modes)

  1. Protect managed apps data (Prevent to share data from managed to unmanaged apps)
  2. Disable unencrypted backups (Users are not allowed to create unencrypted iOS backups)
  3. Disable other enterprise apps (Removes the Trust Enterprise Developer button in Settings - General - Profiles and Device Management and prevents apps from being provided by universal provisioning profiles)
  4. Disable untrusted TLS connections (All untrusted HTTPS certificates will be automatically rejected)
  5. Disable iCloud sync for managed app data (Users are not allowed to sync managed app data with iCloud)
  6. Disable iCloud backup (Users are not allowed to back up devices to iCloud)
  7. Disable shared Photo Stream (Users are not allowed to share Photo Stream)
  8. Disable Touch ID for unlocking (Users are not allowed to unlock their screen with fingerprint and face recognition)

iOS (supervised mode)

  1. Disable AirDrop (Users are not allowed to use the AirDrop feature)
  2. Disable app install (Users are not allowed to use App Store and its icon is removed from the Home screen. Users won't be able to install or update their apps)
  3. Disable UIConfiguration profile installation (Users are not allowed to interactively install configuration profiles and certificates)
  4. Disable Bluetooth modification (Users are not allowed to change Bluetooth settings)
  5. Disable AirPrint (Users are not allowed to use the AirPrint feature)
  6. Disable proximity setup (Users are not shown the prompt to set up new nearby devices)
  7. Disable system app removal (Users are not allowed to remove system apps from the device)
  8. Disable VPN configuration (Users are not allowed to configure VPN)
  9. Disable password sharing (Users are not allowed to share passwords via the AirDrop Passwords feature)
(0 vote(s))
Helpful
Not helpful