Supported iOS policy settings on user-enrolled devices
MaaS360® supports some policy setting attributes on user-enrolled devices that are also supported in Apple policies for user-enrolled devices. The administrator can configure and apply those supported iOS policy settings on user-enrolled devices.
Configure this policy setting from and select iOS MDM policy. Use the toggle option Filter User Enrollment (UE) attributes to view the policy attributes that are specific to the user-enrolled device. Configure these settings and save the changes before you toggle again. When you save and publish the policy, the payloads are pushed to the user-enrolled device.
To view iOS MDM policy settings, see Configuring iOS MDM policy settings. Only the iOS policy settings with the UE tag in the portal apply to user-enrolled devices.
Note: If policy payloads that are not supported on user-enrolled devices are configured and pushed to devices, these policy settings are not applied on the device.
The following payloads are supported and are configured by an administrator on a user-enrolled device from the iOS MDM policy settings:
| iOS MDM policy settings | Policy payloads |
|---|---|
| Passcode | Configure passcode policy |
| Restrictions |
|
| ActiveSync | Configure ActiveSync Settings |
| Wi-Fi | Supports Wi-Fi profiles that are listed in the iOS MDM policy settings. |
| VPN | Supports VPN profiles that are listed in the iOS MDM policy settings. |
| AirPrint | Configure AirPrint Printers |
| Accounts | Configure Google Account |
| Advanced Settings | |
| IMAP and POP profiles | |
| Web Clips | Configure web clips for the Device Home Screen |
| Fonts | Configure font settings. |
| AirPlay Settings | Configure AirPlay Settings |
| CalDav | Configure CalDAV Profile for CalDAV Server Access |
| Calendar Subscriptions | Configure Calendar Subscriptions to a Device's Calendar App |
| CardDav | Configure CardDAV Profile for CardDAV Server Access |
| Certificate Credentials | Configure Credentials for Adding Certificates on the Device |
| LDAP | Configure LDAP Account |
| Single Sign-On | Enable Single Sign-On |
The following restrictions are supported on user-enrolled devices:
- Viewing corporate documents in unmanaged apps.
- Viewing non-corporate documents in corporate apps.
- Allowing unmanaged apps to read from the managed contacts accounts.
- Using AirDrop as an unmanaged destination.
- Requiring an encrypted backup.
- Synchronizing managed apps to the cloud.
- Accessing Control Center while the device is locked.
- Accessing the Notification Center while the device is locked.
- Viewing the Today screen while the device is locked.
- Blocking screenshots.
- Blocking Enterprise Book backup.
- Blocking the synchronization of Enterprise Book metadata.
- Requiring encrypted backup.
- Requiring watch wrist detection.
- Blocking Siri.
- Blocking Siri while the device is locked.
- Requiring Safari fraud warnings.
- Blocking diagnostics submission to Apple.
