Restrictions are intended to prevent certain functions on managed computers and mobile devices. Jamf Service Provide Plan Managed instances employ restrictions settings grouped together as "sets". Each set focuses on a specific area of similarly related restrictions based on a computer or device's use case.
Restrictions are applied by default and can be removed from individual computers and devices using Insights as required.
Restriction sets for Computers
Baseline (deployed to all computers)
Restriction | Description |
Modify device name | Users cannot change the name of the device as shown in Settings > General > About. |
Modify account settings | Users cannot create new accounts or change their username, password, or other settings associated with their account. |
Erase All Content and Settings | Users can’t erase their device and reset it to factory defaults. |
Content caching | Content caching is not permitted. |
Allow App Store app adoption |
iLife and iWork apps that shipped with macOS cannot be adopted by the App Store. |
Shared (deployed to all shared computers)
Restriction | Description |
Remote Desktop management modification | Prevents the user from modifying Remote Desktop management settings. |
File Sharing modification | Prevents the user from modifying file sharing settings. |
Allow Bluetooth modification | Prevents the user from modifying Bluetooth® settings. |
Printer sharing modification | Prevents the user from modifying printer sharing settings. |
Allow Internet sharing modification | Prevents the user from modifying Internet sharing settings. |
Remote Apple events modification | Prevents the user from modifying remote Apple events settings. |
Local user account creation | Prevents a user with the role of administrator from creating new users in Users & Groups. |
Startup Disk modification | Prevents the user from selecting a different startup disk. |
Time Machine backups | Prevents the user from setting up and using a Time Machine backup. |
Universal Control | Prevents the user from using Universal Control. |
Install a configuration profile | Users cannot manually install configuration profiles in System Settings. |
AirPlay security | Users cannot use AirPlay to stream content to the Mac. |
Modify diagnostic settings | Modifying diagnostic data settings is not permitted. |
Proximity AutoFill | Users’ devices will not advertise themselves to nearby devices for passwords by use of Proximity AutoFill. In iOS, iPadOS and macOS this feature restricts only Wi-Fi Password requests. |
Share passwords over AirDrop | Users cannot share their passwords over AirDrop. |
Game Center | The Game Center app and its icon are removed. |
Add Game Center friends | Users cannot find or add friends in Game Center. |
Multiplayer gaming | Users cannot play multiplayer games in Game Center. |
Modify Wallpaper | Users cannot modify the wallpaper for the desktop. |
Restrict app installations to software updates only | Prevents App Store from launching. |
Disable software update notifications | Disables software update notifications for macOS. |
Restriction sets for Mobile Devices
Baseline (deployed to all mobile devices)
Restriction | Description |
Modify device name | Users cannot change the name of the device as shown in Settings > General > About. |
Erase All Content and Settings | Users cannot erase their device and reset it to factory defaults. |
Shared (deployed to all shared mobile devices)
Restriction | Description |
Force Wi-Fi on | Users cannot turn off Wi-Fi in:
|
Modify Personal Hotspot settings | Users cannot modify personal Hotspot settings. |
“Set Automatically” in Date and Time settings | Set Automatically is turned on, and users cannot turn it off. |
Modify restrictions or Screen Time settings | Users cannot set their own restrictions on their device. Users can’t set their own Screen Time settings on their device. |
Set up a nearby Apple device (New devices setup proximity prompt) | Users cannot use their Apple devices to set up and configure other Apple devices. |
Modify Bluetooth settings | Users cannot modify the Bluetooth® setting. |
Modify data plan settings | Users cannot change any settings for the data plan. |
Remove system apps | Users cannot remove iOS and iPadOS-native apps. |
Add VPN configurations | Users and third-party apps cannot create and add VPN configurations. |
Apple Music | Users cannot use Apple Music. |
Radio | Users cannot listen to the radio with Apple Music. |
Hiding apps | Users cannot hide apps on the Home Screen. |
Locking apps | Users cannot lock apps to require biometric or passcodes to open. |
Install apps using App Store | App Store is disabled and its icon is removed from the Home Screen. Users can’t install or update apps. |
News | Users cannot use the News app. |
Trust new proprietary in-house apps developers | Users cannot allow new proprietary in-house app developers to be trusted, which prohibits apps from those developers from launching. |
Modify Wallpaper | Users cannot modify the wallpaper for the Lock Screen or Home Screen. |
Force Apple Watch wrist detection | Apple Watch locks automatically when it’s removed from the user’s wrist. It can be unlocked with its passcode or the paired iPhone. |
Automatic updates to certificate trust settings | Automatic updates to certificate trust settings can’t occur. |
Modify account settings | Users cannot create new accounts or change their username, password, or other settings associated with their account. |
Game Center | The Game Center app and its icon are removed. |
Install a configuration profile | Users cannot manually install configuration profiles in Settings. |
Users accept untrusted TLS certificates | Users are not asked if they want to trust certificates that cannot be verified. This setting applies to Safari, Mail, Contacts and Calendar accounts. When this option is on, only certificates with trusted root certificates are accepted without a prompt. To view the root CAs accepted by iOS and iPadOS, see the Apple Support article List of available trusted root certificates in iOS 17, iPadOS 17, macOS 14, tvOS 17 and watchOS 10. |
In-app purchase | Users cannot make in-app purchases. |
Remove apps | Users cannot remove installed apps. |
Add Game Center friends | Users cannot find or add friends in Game Center. |
Multiplayer gaming | Users cannot play multiplayer games in Game Center. |