Based on the security level selected while creating the Mobile Device Control Policy, the settings that are predefined by ZENworks can be viewed or edited by performing the steps elaborated in this section. The Mobile Device Control policy settings can be configured for iOS, Android, and ActiveSync devices. However, these settings vary based on the platform. Also, you can configure these settings for a personal or a corporate owned device.
In ZENworks Control Center, navigate to the Policies section.
Click the Mobile Device Control policy for which the content needs to be configured.
Click the Details tab and edit the settings.
Corporate/Personal: The settings in the Corporate column are applied to devices whose ownership is defined as Corporate. The settings in the Personal column are applied to devices whose ownership is defined as Personal. The settings use the following values:
Yes: Enables the setting.
No: Disables the setting.
Inherit: Inherits the setting value from other Mobile Device Control policies assigned higher in the policy hierarchy. For example, if you assign this policy to a device, the setting value is inherited from any Mobile Device Control policy assigned to groups and folders of which the device is a member. If there is no value to inherit, then ZENworks does not set the restriction.
Not Set (--): Indicates that a value is not set by ZENworks.
Supervised Only: Indicates that a setting is applicable for iOS Supervised devices only. Supervised mode gives you additional control over the device.
NOTE:The settings that are applicable for supervised devices only, are subject to change.
Click Apply.
Click Publish to display the Publish Option page. In this page you can publish the modified policy as a new version of the same policy or as a new policy.
The settings that can be enabled or disabled for iOS devices are as follows:
|
Tab |
Settings |
Description |
Applicable from |
|---|---|---|---|
|
Device |
Allow camera |
Determines whether to enable or disable the device camera. If set to No, the camera icon is removed from the home screen on the device. |
|
|
Allow FaceTime |
Determines whether to enable or disable FaceTime. This setting is enabled if the Allow camera setting is configured as Yes or Inherit. |
|
|
Allow global background fetch while roaming |
Determines whether the latest app data should be fetched from the network for apps running in the background, while the device is roaming. |
|
|
Allow Handoff |
Determines whether a user is allowed to resume an existing task or is allowed to access content from any device which is logged into the same iCloud account. |
|
|
Allow Siri |
Determines whether Apple’s voice assistant should be enabled. |
|
|
Allow Siri while device is locked |
Determines whether the user can access Siri while the device is locked. This setting is enabled if the Allow Siri setting is set to Yes or Inherit. Also, this option is ignored if a passcode is not set on the device. |
iOS 5.1+ |
|
Enable Siri profanity filter |
Determines whether the Profanity Filter option in Siri should be enabled. Applicable for supervised devices only. This setting is enabled if the Allow Siri setting is set to Yes or Inherit. |
|
|
Show user-generated content in Siri |
Determines whether Siri can obtain content from sources that allow user-generated content, such as Wikipedia. This setting is enabled if the Allow Siri setting is set to Yes or Inherit. Applicable for supervised devices only. |
iOS 7.0+ |
|
|
Allow iMessage |
Determines whether the user can use the iMessage feature on devices. Applicable for supervised devices only. |
iOS 6.0+ |
|
Allow AirDrop |
Determines whether the user can share documents, media, and so on, using AirDrop. Applicable for supervised devices only. |
iOS 7.0+ |
|
Allow iBooks Store |
Determines whether the user can download content from iBooks Store. Applicable for supervised devices only. |
iOS 6.0+ |
|
Allow automatic updates to certificate trust settings |
Determines whether automatic updates to certificate trust settings should be enabled. |
|
|
Allow documents from managed sources in unmanaged destinations |
Determines whether a document can be opened in an unmanaged app or account if the document was created or downloaded from a managed app or account. |
iOS 7.0+ |
|
Allow documents from unmanaged sources in managed destinations |
Determines whether a document can be opened in a managed app or account if the document was created or downloaded from an unmanaged app or account. |
iOS 7.0+ |
|
Allow screenshots |
Determines whether the user can capture images of the device’s display screen. If disabled, this setting will prevent the classroom app from observing remote screens. |
iOS 9.0+ |
|
Allow screen observation by Classroom |
Determines whether remote screen observation by the Classroom app is enabled. This setting will be enabled, only if the Allow screenshots setting is enabled. |
iOS 9.3+ |
|
Allow account modification |
Determines whether the user is allowed to modify account settings, such as adding or removing mail account, modifying iCloud settings and so on. Applicable for supervised devices only. |
iOS 7.0+ |
|
Allow erase All content And settings |
Determines whether the user can erase all the content and settings on the device. Applicable for supervised devices only. |
|
|
Allow device name modification |
Determines whether the user can modify the name of the device. Applicable for supervised devices only. |
iOS 9.0+ |
|
Allow Bluetooth setting modification |
Determines whether the user can modify the bluetooth settings on the device. Applicable for supervised devices only. |
iOS 10+ |
|
Allow host pairing |
Determines whether an iOS device can pair with other devices. If No is selected, then these devices can only pair with their supervision host or with hosts having a Supervising Host Certificate. If a Supervision Host Certificate is not configured, all pairing is disabled. |
iOS 7.0+ |
|
Allow restrictions modification |
Determines whether the user can modify restrictions on the device. Applicable for supervised devices only. |
|
|
Allow Find My Friends setting modification |
Determines whether the user can modify the Find my Friend settings on the device. Applicable for supervised devices only. |
iOS 7+ |
|
Allow Wallpaper modification |
Determines whether the user can modify the wallpaper settings on the device. Applicable for supervised devices only. |
iOS 9.0+ |
|
Allow notifications modification |
Determines whether the user can modify the Notification settings on the device. Applicable for supervised devices only. |
iOS 9.3+ |
|
Allow sending diagnostic and usage data to Apple |
Determines whether automatic submission of diagnostic and usage reports to Apple should be enabled. |
iOS 6.0+ |
|
Allow diagnostics settings modification |
Determines whether the user can modify the Diagnostic settings and app analytics settings in the Diagnostic and Usage screen on the device. Applicable for supervised devices only. |
iOS 9.3.2+ |
|
Allow users to accept untrusted TLS certificate |
Determines whether the user can accept Transport Layer Security (TLS) certificates that cannot be verified. |
iOS 5.0+ |
|
Force encrypted backup |
Determines whether the device backup process should be encrypted. |
|
|
Force limited ad tracking |
Determines whether advertisers’ tracking of a user’s activities across apps should be limited. If set to Yes, then ad tracking is not eliminated but reduced to some extent. |
iOS 7.0+ |
|
Request passcode for incoming AirPlay requests |
Determines whether a pairing passcode restriction should be enforced for all incoming AirPlay requests coming from another device to a managed device. |
Apple TV 6.1 to tvOS 10.1 |
|
Request passcode for outgoing AirPlay requests |
Determines whether a pairing passcode restriction should be enforced for all outgoing AirPlay requests sent from a managed device to another device |
iOS 7.1+ |
|
Treat Airdrop as unmanaged destination |
Determines whether Airdrop should be considered as an unmanaged drop target. If set to Yes, then the user will be unable to share managed data through Airdrop. |
iOS 9.0+ |
|
Allow Spotlight Internet results |
Determines whether the users can use Spotlight Search to find content directly from the Internet. Applicable for supervised devices only. |
iOS and macOS 10.11+ |
|
Allow definition lookup |
Determines whether the user can lookup definitions using the in-built iOS dictionary. This feature is applicable on devices with iOS version 8.1.3 or newer and OS X 10.11.2 or newer. Applicable for supervised devices only. |
iOS 8.1.3+ and macOS 10.11.2+ |
|
|
Allow Dictation |
Determines whether or not the user can enable the dictation option present in the keyboard. This feature is applicable on devices with iOS versions 11.0 or newer versions. |
iOS 10.3+ |
|
Allow Wi-Fi whitelisting |
Determines whether or not the user can connect to the Wi-Fi service that is setup using the configuration profile. This feature is applicable on devices with iOS version 10.3 or newer. |
iOS 10.3+ |
|
Allow VPN creation |
Determines whether or not the user can configure a VPN connection using their devices. This feature is available with iOS version 11.0 or newer versions. |
iOS 11.0+ |
|
Apps |
Allow installation of apps |
Determines whether the user can install apps. |
|
|
Allow app installation from App Store |
Determines whether the user can install apps from the Apple App Store. This field is enabled if the Allow Installation of Apps field is enabled. Applicable for supervised devices only. If disabled, the App Store icon is removed from the Home screen. |
|
|
Allow automatic app downloads |
Determines whether the user can automatically download apps purchased on other devices. This field is enabled if the Allow Installation of Apps field is enabled. Applicable for supervised devices only. |
iOS 9.0+ |
|
Allow removing apps |
Determines whether the user can remove apps from the device. Applicable for supervised devices only. |
|
|
Allow in-app purchases |
Determines whether the user can make in-app purchases. |
|
|
Allow cellular data app settings modifications |
Determines whether the user can modify cellular data settings for specific apps. Applicable for supervised devices only. |
iOS 7.0+ |
|
Allow enterprise app trust |
Determines whether custom apps can be provisioned using universal provisioning profiles. If set to false removes the Trust Enterprise Developer button in Settings-> General-> Profiles & Device Management.This restriction applies to free developer accounts but it does not apply to enterprise app developers who are trusted because their apps were pushed via MDM, nor does it revoke previously granted trust. |
iOS 9.0+ |
|
Allow backup of enterprise books |
Determines whether the user can back up books distributed by the organization to iCloud or iTunes. |
|
|
Allow in-app purchase |
Determines whether the user can make in-app purchases. |
|
|
Allow managed apps to store data in iCloud |
Determines whether managed app data should sync with iCloud. |
|
|
Allow notes and highlights sync for enterprise books |
Determines whether metadata, which includes notes and highlights of books that are distributed by the user’s organization, should be synced with iCloud. |
|
|
Allow News |
Determines whether the user can access News apps. Applicable for supervised devices only. |
iOS 9.0+ |
|
|
Allow System App Removal |
Determines whether or not the user can remove system apps from the device. |
iOS 11.0+ |
|
Apple Watch |
Force Apple Watch wrist detection |
Determines whether an Apple Watch should display the time and the latest alerts when the user’s wrist is raised. |
iOS 8.2+ |
|
Allow pairing with Apple Watch |
Determines whether the user can pair with an Apple Watch. Applicable for supervised devices only. |
iOS 9.0+ |
|
iTunes |
Allow iTunes |
Determines whether the user can access the iTunes music store app.If disabled, the icon will be removed from the Home screen. |
|
|
Require iTunes Store password for each purchases |
Determines whether or not the user needs to enter the password for each purchase on the iTunes Store. |
iOS 5.0+ |
|
iCloud |
Allow My Photo Stream |
Determines whether a copy of any photo taken on the managed iOS device should be synced with the user’s other iOS devices. |
iOS 6.0+ |
|
Allow iCloud Keychain |
Determines whether Keychain data such as accounts, passwords, and credit card information, should be synced with iCloud. |
iOS 7.0+ and macOS 10.12+ |
|
Allow iCloud Photo Library |
Determines whether photos on iCloud can be accessed on the managed device. If disabled, any photos that are not fully downloaded from the Photo Library to the device, will be removed from local storage. |
iOS 9.0+ and macOS 10.12+ |
|
Allow iCloud Photo Sharing |
Determines whether the user can publish and share photos with other iOS users through the iCloud website. |
|
|
Allow iCloud backup |
Determines whether data can be backed up or restored on iCloud. |
iOS 5.0+ |
|
Allow iCloud document sync |
Determines whether the user can synchronize documents and key-values to the iCloud storage space. |
iOS 5.0+ and macOS 10.11+ |
|
Safari |
Allow use of Safari |
Determines whether the user is allowed to use the Safari web browser on the device. If set to No, then the Safari icon is removed from the Home screen of the device. |
|
|
Accept cookies |
Determines the cookie policy that should be enabled in the Safari web browser. The accepted values are:
The default value is to allow cookies from all websites, third parties, and advertisers. |
|
|
Allow pop-ups |
Determines whether pop-ups should be blocked in the Safari web browser. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
|
Enable autoFill |
Determines whether Safari should remember the data entered by users on web entry forms. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
|
|
Enable JavaScript |
Determines whether JavaScript should be enabled in the Safari web browser. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
|
Force fraud warning |
Determines whether Safari should warn users about refraining from visiting websites that are fraudulent. This setting is enabled, if Allow use of Safari is configured as Yes or Inherit. |
|
|
|
Lock Screen |
Allow passbook notifications in lock screen |
Determines whether notifications on the passbook app can be displayed on the lock screen. The passbook app allows users to store their coupons, tickets, and so on. |
iOS 6.0+ |
|
Allow voice dialing while device is locked |
Determines whether voice dialing should be enabled while the device is locked. |
|
|
|
Show Control Center in lock screen |
Determines whether Control Center can be accessed from the Lock screen. The Control Center gives the user quick access to the apps and controls on the device. |
iOS 7.0+ |
|
|
Show Notification Center in lock screen |
Determines whether users can view past notifications on the lock screen. If enabled, the users can still view notifications on the lock screen, when they arrive. |
iOS 7.0+ |
|
|
Show Today View in lock screen |
Determines whether the Today View in Notification Center should be displayed on Lock screen. |
iOS 7.0+ |
|
|
Media Content |
Allow bookstore erotica |
Determines the user is permitted to download media that is tagged as erotica from the iBooks store. |
iOS and tvOS 11.3+ |
|
Allow explicit content |
Determines whether the user can access explicit music or video content purchased from the iTunes Store. Explicit content is marked by the content providers when sold in the iTunes Store. Applicable for supervised devices only. |
iOS and tvOS 11.3+ |
|
Ratings region |
Determines the region that needs to be selected to populate the allowed ratings for media content defined for that region. |
iOS and tvOS 11.3+ |
|
Apps |
Determines the maximum allowed rating for apps. These values are populated based on the selected Ratings region. If a rating is enabled, items that do not conform to the rating restrictions cannot be downloaded or installed on the device. |
iOS 5.0+ and tvOS 11.3+ |
|
Movies |
Determines the maximum allowed rating for movies. The values in this field are populated based on the selected Ratings region. If a rating is enabled, items that do not conform to the rating restrictions cannot be downloaded on the device. |
iOS and tvOS 11.3+ |
|
TV Shows |
Determines the maximum allowed rating for TV shows. The values in this field are populated based on the selected Ratings region. If a rating is enabled, items that do not conform to the rating restrictions cannot be downloaded on the device. |
iOS and tvOS 11.3+ |
|
Security |
Allow Touch ID to unlock device |
Determines whether the user can unlock the device by using fingerprint. |
iOS 7+ and macOS 10.12.4+ |
|
Allow passcode modification |
Determines whether the user can modify the passcode on the device. If disabled, the user will not be able to add, change or remove the passcode. Applicable for supervised devices only. This restriction is ignored in shared iPads. |
iOS 9.0+ |
|
Allow Touch ID fingerprint modification |
Determines whether the user can modify the Touch ID fingerprints. This field will be enabled if the Allow passcode modification option is enabled. Applicable for supervised devices only. |
|
|
Gaming |
Allow Game Center |
Determines whether the user can access the Game Center. If disabled, the Game Center icon is removed from the Home screen. Applicable for supervised devices only. |
iOS 6.0+ |
|
Allow multiplayer Gaming |
Determines whether games with more than one player is enabled. This field will be enabled if the Allow Game Center option is enabled. |
|
|
Allow adding Game Center friends |
Determines whether game center friends can be added. This field will be enabled if the Allow Game Center option is enabled. |
|
|
Keyboard |
Allow predictive keyboard |
Determines whether the user can use predictive keyboard on the device. Applicable for supervised devices only. |
iOS 8.1.3+ |
|
Allow keyboard shortcuts |
Determines whether the user can use shortcuts from external keyboards. Applicable for supervised devices only. |
iOS 9.0+ |
|
Allow auto correction |
Determines whether users can use the auto correct option and select appropriate words. Applicable for supervised devices only. |
iOS 8.1.3+ |
|
Allow spell check |
Determines whether spell check is allowed on a user’s device. Applicable for supervised devices only. |
iOS 8.1.3+ |
|
Music |
Allow Music service |
Determines whether Music Service is enabled on the device. If No is selected, then the Music Service is disabled and set to the classic mode. Applicable for supervised devices only. |
iOS 9.3+ and macOS 10.12+ |
|
Allow Radio |
Determines whether the user can access iTunes Radio. Applicable for supervised devices only. |
iOS 9.0+ |
|
Allow Podcasts |
Determines whether the user can access iTunes Podcasts. Applicable for supervised devices only. |
iOS 8.0+ |
|
|
AirPrint |
Allow AirPrint |
Determines whether or not a user can connect to the AirPrint feature to print documents or pictures wirelessly using any AirPrint enabled printer. This feature is applicable on devices with iOS version 11.0 or newer. |
iOS 11.0+ |
|
Allow AirPrint Credentials Storage |
Determines whether or not AirPrint credentials can be stored in Keychain. This feature is applicable on devices with iOS version 11.0 or newer versions. |
iOS 11.0+ |
|
Force AirPrint Trusted TLS Requirement |
Determines whether or not devices can connect to AirPrint enabled devices only using the trusted TLS certificates. |
iOS 11.0+ |
|
Allow AirPrint iBeacon Discovery |
Determines whether or not devices can discover the printer beacons. Using these ibeacons, printers can broadcast connection information, and devices can discover it to reduce setup time. This feature is applicable on devices with iOS version 11.0 or newer versions. |
iOS 11.0+ |
NOTE:The settings that are applicable for only supervised devices are subject to change.
The settings that can be enabled or disabled for Android devices are as follows:
|
Settings |
Description |
Applicable from |
|---|---|---|
|
Allow camera |
Determines whether the device camera should be enabled. If disabled on devices enrolled in the work profile mode, the camera can still be accessed from the device’s personal space. |
Android 5.0+ |
These settings can be applied on devices that are enrolled as:
ActiveSync Only devices
Fully Managed devices, that is, iOS and ActiveSync (iOS MDM + ActiveSync) or Android and ActiveSync (Android App + ActiveSync).
If a setting is applicable for both Android and ActiveSync, or iOS and Activesync, then the stricter restriction of the two is applied. For example: the mode in which a device is enrolled is iOS MDM + ActiveSync. If Allow Camera is enabled as a part of the iOS settings and if Allow Camera is disabled as a part of the ActiveSync settings, then the camera icon is removed from the device, as disabling of the camera is a strict setting.
|
Settings |
Description |
|---|---|
|
Allow Bluetooth |
Determines whether bluetooth connections are allowed to and from the device. You also have the option of allowing only a hands free configuration on the device. |
|
Allow browser |
Determines whether the user is allowed to use the default web browser on the device. |
|
Allow camera |
Determines whether the device camera should be enabled. |
|
Allow infrared |
Determines whether infrared connections are allowed to and from the device. |
|
Allow text messaging |
Determines whether the user can send or receive text messages on the device. |
|
Allow storage card |
Determines whether the device can access a removable storage card. |