- Kaspersky Secure Mobility Management help
- What's new
- Working in Kaspersky Security Center Web Console
- About Kaspersky Secure Mobility Management
- Getting started
- Solution architecture
- Deployment scenarios
- Deploying a mobile device management solution in Kaspersky Security Center Web Console
- Deploying Kaspersky Security Center Linux and Kaspersky Security Center Web Console
- Deploying mobile management plug-ins
- Configuring Administration Server settings for connecting mobile devices
- Scenario: Configuring a connection gateway to connect mobile devices to Kaspersky Security Center Web Console
- Adding installation packages to Administration Server repository
- Adding a license key to the Administration Server repository
- Installing Network Agent Linux
- Configuring Kaspersky Security Center Linux Web Server settings
- Deploying an iOS device management system
- About iOS device operating modes
- About device management profiles
- Deploying Kaspersky Security for iOS
- Deploying a management system using the iOS MDM protocol
- Deploying iOS MDM Server
- Configuring an iOS MDM Server installation package
- Installing iOS MDM Server using a remote installation task
- Local installation of iOS MDM Server on a device via an installation package
- Updating iOS MDM Server using a remote installation task or locally
- Deleting iOS MDM Server using a remote uninstallation task
- Viewing the list of installed iOS MDM Servers and configuring their settings
- Configuring an iOS MDM Server certificate
- Configuring a reserve iOS MDM Server certificate
- Receiving or renewing an APNs certificate
- Installing an APNs certificate on iOS MDM Server
- Configuring access to Apple Push Notification service
- iOS MDM Server events
- Obtaining iOS MDM Server diagnostic data
- Deploying iOS MDM Server
- Deploying an Android device management system
- About Android device operating modes
- Using Firebase Cloud Messaging
- Deploying Kaspersky Endpoint Security for Android
- Permissions for Kaspersky Endpoint Security for Android
- Starting and stopping Kaspersky Endpoint Security for Android
- Activating Kaspersky Endpoint Security for Android
- Updating Kaspersky Endpoint Security for Android
- Removing Kaspersky Endpoint Security for Android
- Managing mobile devices in Kaspersky Security Center Web Console
- Creating administration groups
- Configuring policies
- Creating a policy
- Modifying a policy
- Copying a policy
- Moving a policy to another administration group
- Viewing the list of policies
- Viewing the policy distribution results
- Managing revisions to policies
- Restricting permissions to configure policies
- Configuring role-based access control
- Configuring policy profiles
- Deleting a policy
- Connecting mobile devices to Kaspersky Security Center Web Console
- Configuring synchronization settings
- Managing certificates of mobile devices
- Configuration and management
- Control
- Protection
- Configuring anti-malware protection on Android devices
- Protecting Android devices on the internet
- Protection of data on a stolen or lost device
- Configuring the device unlock password strength
- Configuring a virtual private network (VPN)
- Configuring Firewall on Android devices (only Samsung)
- Protecting Kaspersky Endpoint Security for Android against removal
- Detecting hacked devices
- Configuring a global HTTP proxy on iOS MDM devices
- Adding security certificates to iOS MDM devices
- Adding a SCEP profile to iOS MDM devices
- Restricting SD card usage (only Samsung)
- Management of mobile devices
- Managing Android devices
- Managing iOS MDM devices
- Adding a configuration profile
- Installing a configuration profile on a device
- Removing a configuration profile from a device
- Configuring managed apps
- Installing an app on a mobile device
- Removing an app from a device
- Configuring roaming on an iOS MDM mobile device
- Viewing information about an iOS MDM device
- Disconnecting an iOS MDM device from management
- Configuring kiosk mode for iOS MDM devices
- Management of mobile device settings
- Configuring connection to a Wi-Fi network
- Configuring email
- Configuring protection levels in Kaspersky Security Center
- Managing app configurations
- Managing app permissions
- Creating a report on installed mobile apps
- Installing root certificates on Android devices
- Configuring notifications for Kaspersky Endpoint Security for Android
- Connecting iOS MDM devices to AirPlay
- Connecting iOS MDM devices to AirPrint
- Configuring the Access Point Name (APN)
- Corporate container
- Adding an LDAP account
- Adding a contacts account
- Adding a calendar account
- Configuring a calendar subscription
- Configuring SSO
- Managing Web Clips
- Setting a wallpaper
- Adding fonts
- Working with commands for mobile devices
- Managing the app by using third-party EMM systems (Android only)
- Participating in Kaspersky Security Network
- Samsung Knox
- Using the Kaspersky Endpoint Security for Android app
- App features
- Main window at a glance
- Status bar icon
- Device scan
- Running a scheduled scan
- Changing the Protection mode
- Anti-malware database updates
- Scheduled database update
- Things to do if your device gets lost or stolen
- Web Protection
- Get Certificate
- Synchronizing with Kaspersky Security Center
- Activating the Kaspersky Endpoint Security for Android app without Kaspersky Security Center
- Installing the app on corporate devices
- Installing root certificates on the device
- Installing and using mail and VPN certificates on the device
- Enabling accessibility on Android 13 or later
- Updating the app
- Removing the app
- Applications with a briefcase icon
- Knox app
- Using the Kaspersky Security for iOS app
- Application licensing
- Comparison of solution features by management tool
- Contact Technical Support
- Sources of information about the application
- Glossary
- Activating the application
- Activation code
- Administration group
- Administration Server
- Administrator's workstation
- Anti-malware databases
- Apple Push Notification service (APNs) certificate
- Application management plug-in
- Basic control
- Basic protection
- Certificate Signing Request
- Compliance Control
- Corporate container
- Corporate device
- Device administrator
- Device management profile
- End User License Agreement
- Group task
- IMAP
- Installation package
- iOS MDM device
- iOS MDM profile
- iOS MDM Server
- Kaspersky categories
- Kaspersky Private Security Network (KPSN)
- Kaspersky Security Center Administrator
- Kaspersky Security Center Web Server
- Kaspersky Security Network (KSN)
- Kaspersky update servers
- Key file
- License
- License term
- Malware
- Manifest file
- Network Agent
- Personal device
- Phishing
- Policy
- POP3
- Proxy server
- Quarantine
- SSL
- Standalone installation package
- Subscription
- Supervised device
- Unlock code
- Virtual Administration Server
- Information about third-party code
- Trademark notices
Configuring iOS MDM device restrictions
To ensure compliance with corporate security requirements, configure restrictions on the operation of iOS MDM devices.
Configuring feature restrictions
To configure iOS MDM device feature restrictions:
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select iOS and go to the Restrictions section.
- On the Device feature restrictions card, click Settings.
The Device feature restrictions window opens.
- Enable the settings using the Device feature restrictions toggle switch.
- Enable iOS MDM device feature restrictions using toggle switches on corresponding tabs and select the required restrictions.
List of device feature restrictions
- Restrictions on the General tab:
- In the Device settings section:
- Prohibit voice dial on a locked device
Use of the voice dialing function on a locked mobile device.
If the check box is cleared, the user can use voice commands to dial phone numbers on a locked mobile device.
If the check box is selected, the user cannot use voice commands to dial phone numbers on a locked mobile device.
This check box is cleared by default.
- Limit ad tracking
Use of IFA (Identifier for advertisers) technology for keeping track of websites visited and apps launched on the iOS MDM device. IFA makes it possible to configure ad tracking on the mobile device according to the user's interests.
If the check box is selected, IFA technology is disabled on the user's mobile device.
If the check box is cleared, IFA technology is enabled on the mobile device and keeps track of visited websites and started apps in order to show targeted ads.
This check box is cleared by default.
- Prohibit Handoff
Use of the Handoff function on the user's mobile device. Handoff enables you to start working with data on one Apple device and then switch to another Apple device and continue working with that data.
If the check box is cleared, Handoff is available to the user.
If the check box is selected, Handoff is not available.
This check box is cleared by default.
- Prohibit editing device name
Ability to modify the name of the mobile device.
If the check box is cleared, the user can edit the mobile device name.
If the check box is selected, the device name cannot be edited.
This check box is cleared by default.
- Prohibit modifying restrictions
Ability to configure the settings for restrictions on the mobile device. Restrictions may be utilized by the user to perform parental control functions on the mobile device. The user can restrict device functions (for example, block use of the camera), access to media content (for example, set age restrictions on viewing films), use of apps (for example, block the use of iTunes Store), and configure other restrictions.
If the check box is cleared, the user can configure the settings for restrictions on the mobile device.
If the check box is selected, restrictions cannot be configured on the mobile device.
This check box is cleared by default.
- Prohibit Spotlight suggestions
Use of Spotlight internet search results in Siri Suggestions. When using Spotlight suggestions, search queries and their associated user data are sent to Apple.
If the check box is cleared, the user can allow displaying Spotlight internet search results in Siri Suggestions.
If the check box is selected, Spotlight internet search results are not available in Siri Suggestions. User data is not sent to Apple.
The user may be able to enable Spotlight internet search results in Siri Suggestions even if the check box is selected. This is due to an issue known to Apple.
This check box is cleared by default.
- Prohibit voice dial on a locked device
- In the Data loss protection section:
- Prohibit screenshots and screen recording
Ability to take a screenshot or video from the screen of the iOS MDM device.
If the check box is cleared, the user can take and save screenshots and videos from the screen of the mobile device.
If the check box is selected, the user cannot take and save screenshots and videos from the screen of the mobile device.
This check box is cleared by default.
- Prohibit non-managed apps from using documents from managed apps
Ability to use non-managed (personal) apps on the iOS MDM device to open documents created using managed (corporate) apps and accounts. Non-managed apps are apps installed, configured, and managed by the mobile device user.
If the check box is cleared, the user can use non-managed apps to open documents created in managed corporate apps.
If the check box is selected, the user is not allowed to use non-managed apps to open documents created using managed apps. For example, this setting prevents a confidential email attachment from a managed email account from being opened in the user's personal apps.
This check box is cleared by default.
- Prohibit managed apps from using documents from non-managed apps
Ability to use managed (corporate) apps on the iOS MDM device to open documents created using non-managed (personal) apps and accounts of the user. Non-managed apps are apps installed, configured, and managed by the mobile device user.
If the check box is cleared, the user can use managed apps to open documents created using non-managed apps.
If the check box is selected, the user is not allowed to use managed apps to open documents created using non-managed apps. For example, this setting prevents a document from a personal iCloud account from being opened in a corporate app.
This check box is cleared by default.
- Disable encryption of backup copies
Encryption of backup copies of iOS MDM device data in the iTunes app on the user's computer.
If the check box is cleared, when a backup copy of mobile device data is created in the iTunes app, data is encrypted automatically and protected with a password. In this case, the user cannot encrypt backup copies of device data in the iTunes app.
If the check box is selected, the user can choose whether to encrypt backup copies of data in the iTunes app.
This check box is cleared by default.
- Prohibit reset to factory settings
Ability to wipe all data from the device and reset the device to its factory settings.
If the check box is cleared, the user can wipe all data from the device and reset it to factory settings.
If the check box is selected, full reset to factory settings is not available.
This check box is cleared by default.
- Prohibit modifying account settings
Option that lets the user add new accounts (such as email accounts) and edit account settings on the iOS MDM device.
If the check box is cleared, the mobile device user can add new accounts and edit the settings of existing accounts.
If the check box is selected, the mobile device user is not allowed to add new accounts and edit the settings of existing accounts.
This check box is cleared by default.
- Prohibit screenshots and screen recording
- In the Security and privacy section:
- Prohibit sending diagnostic and personal data to Apple
Automatic receiving of diagnostic data and information on iOS MDM device usage and transmission of a report with this data to Apple for analysis.
If the check box is cleared, after being shown a warning the user may allow transmission of reports with diagnostic data and information on mobile device usage to Apple.
If the check box is selected, transmission of reports with diagnostic data and information on mobile device usage to Apple is blocked.
This check box is cleared by default.
- Prohibit changing password
Ability to set, change, or delete the mobile device unlock password.
If the check box is cleared, the user can set, change, or delete the password used for unlocking the mobile device.
If the check box is selected, management of the device unlock password is not available.
This check box is cleared by default.
- Prohibit modifying Touch ID and Face ID settings
Ability to add and remove Touch ID fingerprints or Face ID data.
If the check box is cleared, the user can add and remove Touch ID fingerprints or Face ID data.
If the check box is selected, management of Touch ID fingerprint or Face ID data is not available.
This check box is cleared by default.
- Prohibit device unlock using Touch ID and Face ID
Touch ID and Face ID make it possible to use a fingerprint or facial recognition as a password for unlocking the iOS MDM device. Touch ID and Face ID can also be used for authentication of purchases by means of Apple Pay, iTunes Store, App Store, and Book Store, and to sign in to apps.
If the check box is cleared, the user can use a fingerprint or facial recognition instead of entering a password to unlock the mobile device.
If the check box is selected, the user cannot use Touch ID or Face ID for unlocking the mobile device.
This check box is cleared by default.
- Prompt for password for each purchase on iTunes Store
Use of the restriction password for purchasing media content in iTunes Store.
If the check box is selected, prior to making the first purchase via iTunes Store the user has to specify a restriction password in the purchase restriction settings and subsequently use it for preventing accidental or unauthorized purchases. After the account has been verified when the user is making purchases, the restriction password does not have to be re-entered for 15 minutes.
If the check box is cleared, the user is not required to enter the restriction password before making purchases in iTunes Store.
This check box is cleared by default.
- Prompt for password on first connection via AirPlay
Use of a password upon connection of the iOS MDM device to devices compatible with AirPlay. The password is used for safe transmission of media content.
If the check box is selected, before the first connection of the mobile device to devices compatible with AirPlay, the user must specify a password in the AirPlay security settings and subsequently enter it.
If the check box is cleared, the user can decide whether to use a password when connecting the mobile device to devices compatible with AirPlay.
This check box is cleared by default.
- Prohibit installing configuration profiles
Use of additional configuration profiles on the iOS MDM device.
If the check box is cleared, the user can install additional configuration profiles on the mobile device.
If the check box is selected, the user cannot install additional configuration profiles on the mobile device.
This check box is cleared by default.
- Prohibit non-Configurator hosts
Protection of the iOS MDM device against third-party connections. A third-party connection is a connection to other devices or synchronization with Apple services, such as iTunes.
If the check box is cleared, the user can synchronize the iOS MDM device with other devices and Apple services.
If the check box is selected, non-Configurator hosts on the user's mobile device are blocked.
This check box is cleared by default.
- Prohibit modifying settings for sending diagnostic data
Automatic receiving of diagnostic data and information on iOS MDM device usage and transmission of a report with this data to Apple for analysis.
If the check box is cleared, the user can configure the submission of reports containing diagnostic information and mobile device usage data to Apple.
If the check box is selected, the settings for submission of reports containing diagnostic information are not available.
This check box is cleared by default.
- Prohibit sending diagnostic and personal data to Apple
- In the iCloud section:
- Prohibit backup in iCloud
Automatic backup of data from the iOS MDM device to iCloud. Copies of data already stored in iCloud are not created during the backup process. Copies of media content that was received by synchronizing the device with a computer and not purchased from iTunes Store are not created either.
If the check box is cleared, the user can save backup copies of mobile device data in iCloud. Backup copies of data are saved in iCloud on a daily basis when the device is enabled, locked, and connected to a power source.
If the check box is selected, the user cannot save backup copies of mobile device data in iCloud.
This check box is cleared by default.
- Prohibit storing documents and data in iCloud
Automatic backup of documents in iCloud. iCloud documents can be opened and edited on other devices on which the iCloud service is configured.
If the check box is cleared, the user can save documents in iCloud, open and edit them on other devices in applications that support iCloud (such as TextEdit).
If the check box is selected, the user is not allowed to save documents in iCloud.
This check box is cleared by default.
- Prohibit iCloud keychain
Automatic synchronization of the account credentials of an iOS MDM device user with the user's other Apple devices. The synchronized data is stored in iCloud Keychain. Data in iCloud Keychain is encrypted. iCloud Keychain makes it possible to save the following data in iCloud:
- Website accounts
- Bank card numbers and expiration dates
- Wireless network passwords
If the check box is cleared, the user can synchronize data of accounts with the user's other Apple devices.
If the check box is selected, the user is not allowed to use iCloud Keychain on the mobile device.
This check box is cleared by default.
- Prohibit managed apps from storing data in iCloud
Creation of a backup copy of the data of managed apps in iCloud.
If the check box is cleared, the user can store the data of managed apps in iCloud.
If the check box is selected, the user cannot store corporate data in iCloud.
This check box is cleared by default.
- Prohibit backup of enterprise books
Backup of enterprise books using iCloud or iTunes. You can provide access to enterprise books by placing them on the corporate web server.
If the check box is cleared, backup of enterprise books using iCloud or iTunes is available to the user.
If the check box is selected, backup of enterprise books is not available.
This check box is cleared by default.
- Prohibit synchronizing notes and highlights in enterprise books
Ability to synchronize notes, bookmarks, and highlighted text in enterprise books using iCloud.
If the check box is cleared, the user can synchronize notes, bookmarks, and highlights in enterprise books. Changes will be available on all the user's Apple devices using iCloud.
If the check box is selected, notes, bookmarks and highlighted text will be available only on this mobile device.
This check box is cleared by default.
- Prohibit iCloud photo sharing
Use of iCloud photo sharing on the iOS MDM device to grant other users access to photos and videos on the iCloud server. The other users need to have the iCloud photo sharing feature configured.
If the check box is cleared, the iCloud photo sharing feature is available to the user. Users of other devices can view the user's photos and videos, leave comments, and add their own photos and videos. The user can also access the data of other users on the iCloud server.
If the check box is selected, the iCloud photo sharing feature is not available to the user. The user cannot grant other users access to the user's photos and videos on the iCloud server or access the data of other users on the iCloud server.
This check box is cleared by default.
- Prohibit iCloud Media Library
Use of the iCloud Media Library function for automatic uploading of photos and videos from the iOS MDM device to the user's other Apple devices.
If the check box is cleared, the iCloud Media Library function is available to the user when working with the Photos app.
If the check box is selected, the iCloud Media Library function is not available to the user. The user's photos and videos saved in the iCloud Media Library are removed from the iCloud server.
This check box is cleared by default.
- Prohibit backup in iCloud
- In the Certificates section:
- Prohibit users from accepting untrusted TLS certificates
Use of untrusted TLS certificates for providing an encrypted communication channel between apps on the iOS MDM device (Mail, Contacts, Calendar, Safari) and corporate resources.
If the check box is cleared, the user may allow the use of an untrusted TLS certificate after being shown a warning.
If the check box is selected, the use of untrusted TLS certificates is blocked.
This check box is cleared by default.
- Prohibit automatic updates of trusted certificates
Automatic updates of trusted certificates on the iOS MDM device.
If the check box is cleared, changes made to the trust settings of a certificate are applied automatically.
If the check box is selected, changes to trust settings of a certificate are not applied automatically. After being shown a warning, the user may choose to apply changes to trust settings of the certificate.
This check box is cleared by default.
- Prohibit users from accepting untrusted TLS certificates
- In the Device settings section:
- Restrictions on the Apps tab:
- In the General section:
- Prohibit use of camera
Use of the camera on the user's mobile device.
If the check box is cleared, the user is allowed to use the device camera.
If the check box is selected, use of the device camera is disabled. The user cannot take photos, record videos, or use the FaceTime app. The camera icon on the device home screen is hidden.
This check box is cleared by default.
- Prohibit FaceTime
Use of the FaceTime app on the user's mobile device. This check box is available if the use of the device camera is allowed. This setting is available if the Prohibit use of camera check box is cleared.
If the check box is cleared, the user can make and receive calls using FaceTime.
If the check box is selected, the FaceTime app is disabled on the user device. The user cannot make or receive video calls.
This check box is cleared by default.
- Prohibit iMessage
Use of the iMessage service on the user's mobile device.
If the check box is cleared, the user can send and receive messages using the iMessage service.
If the check box is selected, the iMessage is not available on the mobile device. The user cannot send or receive messages via iMessage.
This check box is cleared by default.
- Prohibit Book Store
Access to Book Store from the Apple Books app on the user's mobile device.
If the check box is cleared, the user can visit Book Store from the Apple Books app installed on the device.
If the check box is selected, the user cannot visit Book Store from the Apple Books app.
This check box is cleared by default.
- Prohibit installation of apps from Apple Configurator and iTunes
The user can independently install apps on an iOS MDM device.
If the check box is cleared, the user can independently install or update apps on a mobile device from App Store using iTunes or Apple Configurator.
If the check box is selected, the user cannot install or update apps from App Store using iTunes or Apple Configurator on a mobile device. Installation and updates are available only for corporate apps. The App Store icon is hidden on the home screen of the iOS MDM device.
This check box is cleared by default.
- Prohibit installation of apps from the App Store
Ability to independently install apps on a mobile device from the App Store. The check box is available if the Prohibit installation of apps from Apple Configurator and iTunes check box is cleared.
If the check box is cleared, the user can independently install or update apps from the App Store.
If the check box is selected, the user cannot install or update apps from the App Store on the mobile device. The App Store icon is hidden on the home screen of the iOS MDM device.
This check box is cleared by default.
- Prohibit automatic app downloads
Use of automatic app downloads on the user's mobile device. The check box is available if the Prohibit installation of apps from Apple Configurator and iTunes check box is cleared.
If the check box is cleared, automatic app downloads are available to the user. After this function is enabled, the apps that the user downloaded from the App Store are automatically downloaded to the user's other Apple devices.
If the check box is selected, automatic app downloads are disabled and unavailable.
This check box is cleared by default.
- Prohibit in-app purchases
Use of the in-app purchase system on the mobile device.
If the check box is cleared, the user can make purchases in apps installed on the mobile device.
If the check box is selected, the user cannot make purchases in apps installed on the mobile device.
This check box is cleared by default.
- Prohibit trusting new enterprise developers
Ability to configure trusting of corporate apps on a mobile device. You can develop corporate apps and distribute them among employees for internal use. To work with a corporate app, the mobile device user must make it a trusted app.
If the check box is cleared, the user can configure trusting of corporate apps.
If the check box is selected, the user cannot set the trust level for corporate apps when installing an app manually.
This check box is cleared by default.
- Prohibit removing apps
This option allows removing apps from the mobile device.
If the check box is cleared, the user can remove apps installed via the App Store or iTunes from the device.
If the check box is selected, the user cannot remove apps installed via the App Store or iTunes from the mobile device.
This check box is cleared by default.
- Prohibit use of camera
- In the AirPrint section:
- Prohibit AirPrint
Selecting or clearing this check box specifies whether the device user can use AirPrint.
The check box is cleared by default.
- Prohibit storing AirPrint credentials
Selecting or clearing this check box specifies whether the device user can store a keychain of user name and password for AirPrint.
The restriction is supported on devices with iOS 11 and later.
The check box is cleared by default.
- Prohibit iBeacon discovery of AirPrint printers
Selecting or clearing this check box specifies whether iBeacon discovery of AirPrint printers is enabled. Disabling iBeacon discovery of AirPrint printers prevents spurious AirPrint Bluetooth beacons from getting information about network traffic.
The restriction is supported on devices with iOS 11 and later.
The check box is cleared by default.
- Force AirPrint to use a trusted TLS certificate
Selecting or clearing this check box specifies whether a trusted certificate is required for TLS printing communication.
The restriction is supported on devices with iOS 11 and later.
The check box is cleared by default.
- Prohibit AirPrint
- In the AirDrop section:
- Prohibit AirDrop
Use of the AirDrop feature for transmitting user data from the iOS MDM device to other Apple devices.
If the check box is cleared, the user can use AirDrop to transmit data to other Apple devices.
If the check box is selected, the user cannot transmit data to other Apple devices using AirDrop.
This check box is cleared by default.
- Treat AirDrop as a managed app
Use of AirDrop as a managed app for transferring data from the mobile device to other Apple devices. This restriction requires that you select the Prohibit non-managed apps from using documents from managed apps check box. Non-managed apps are apps installed, configured, and managed by the mobile device user.
If the check box is cleared, AirDrop is treated as a non-managed app.
If the check box is selected, AirDrop is treated as a managed app.
This check box is cleared by default.
- Prohibit AirDrop
- In the Apple Music section:
- Prohibit Apple Music
Listening to music on the user's mobile device using the Apple Music service.
If the check box is cleared, the user can listen to music on the mobile device in the Music app.
If the check box is selected, the Apple Music service is not available to the user.
This check box is cleared by default.
- Prohibit Radio in Apple Music
Listening to the radio using the Apple Music service on the user's mobile device.
If the check box is cleared, the user can listen to the radio in the Music app on the mobile device.
If the check box is selected, the user cannot listen to the radio.
This check box is cleared by default.
- Prohibit Apple Music
- In the Apple Watch section:
- Disable Apple Watch wrist detection
Automatic locking of Apple Watch when the user removes the watch from their hand.
If the check box is cleared, Apple Watch is locked when the user removes a watch from their hand. To unlock it, the user must enter a password on the mobile device.
If the check box is selected, Apple Watch cannot be locked after a watch is removed.
This check box is cleared by default.
- Prohibit pairing with Apple Watch
Pairing of Apple Watch with a supervised mobile device.
If the check box is cleared, the user of the supervised mobile device can pair it with Apple Watch.
If the check box is selected, pairing with Apple Watch is not available.
This check box is cleared by default.
- Disable Apple Watch wrist detection
- In the Siri section:
- Prohibit Siri
Usage of the Siri app on the user's mobile device.
If the check box is cleared, the user can use Siri voice commands on the mobile device.
If the check box is selected, the user cannot use Siri voice commands on the mobile device.
This check box is cleared by default.
- Prohibit when device is locked
Use of Siri voice commands when the user's mobile device is locked. The user's mobile device has to be password-protected.
If the check box is cleared, the user can use Siri voice commands on a locked mobile device.
If the check box is selected, the user cannot use Siri voice commands on a locked device.
This check box is cleared by default.
- Prohibit use of profanity filter
This option disables the filtering of profanity while using the Siri app on the mobile device.
If the check box is cleared, profanity is filtered while the user uses the Siri app.
If the check box is selected, profanity is not filtered while the user uses the Siri app.
This check box is cleared by default.
- Prohibit Siri from using internet search
This option prohibits Siri from using internet search for voice commands on the iOS MDM device.
If the check box is cleared, Siri can search the internet for answers to the user's questions.
If the check box is selected, Siri cannot search the internet for information.
This check box is cleared by default.
- Prohibit Siri
- In the Find My section:
- Prohibit locating devices in Find My
Selecting or clearing this check box specifies whether the device user can find devices in the Find My app.
The restriction is supported on devices with iOS 13 and later.
The check box is cleared by default.
- Prohibit locating friends in Find My
Selecting or clearing this check box specifies whether the device user can find friends in the Find My app.
The restriction is supported on devices with iOS 13 and later.
The check box is cleared by default.
- Prohibit locating devices in Find My
- In the Classroom section:
- Prohibit screen viewing via Classroom
Ability for an instructor to view students' iPad screens using the Classroom application.
If the check box is cleared, the instructor can view students' iPad screens in the Classroom application.
If the check box is selected, the instructor cannot view students' iPad screens in the Classroom application.
This check box is cleared by default.
- Prohibit screen viewing via Classroom
- In the General section:
- Restrictions on the Storage tab:
- In the General section:
- Prohibit access to USB devices in Files
If the check box is cleared, the user can access connected USB devices in the Files app.
If the check box is selected, access to connected USB devices in the Files app is blocked.
The setting is available for mobile devices running iOS 13.1 or later.
This check box is cleared by default.
- Disable access to USB devices when the device is locked
Specifies whether USB Restricted Mode is enabled when the device is locked.
If the check box is selected, then when the device is locked, connections to USB drives are limited by USB Restricted Mode.
If the check box is cleared, the device is allowed to connect to USB drives when locked.
The setting is available for mobile devices running iOS 11.4.1 or later.
This check box is cleared by default.
- Prohibit access to USB devices in Files
- In the General section:
- Restrictions on the Network tab:
- In the General section:
- Prohibit use of NFC
If the check box is cleared, the use of NFC is allowed.
If the check box is selected, the use of NFC is disabled.
The setting is available for mobile devices running iOS version 14.2 or later.
This check box is cleared by default.
- Prohibit creating VPN configurations
If the check box is cleared, the user can create a VPN configuration on the managed device.
If the check box is selected, the user can't create a VPN configuration on the managed device.
The setting is available for mobile devices running iOS version 11 or later.
This check box is cleared by default.
- Prohibit modifying eSIM settings
Selecting or clearing this check box specifies whether the device user can change settings related to the carrier plan.
The restriction is supported on devices with iOS 11 and later.
The check box is cleared by default.
- Prohibit use of NFC
- In the Wi-Fi section:
- Force Wi-Fi on
Specifies whether Wi-Fi on the managed device should be always on. The device can connect to any Wi-Fi network.
If the check box is selected, Wi-Fi on the device is always on, even in flight mode. The user cannot disable Wi-Fi in the device settings.
If the check box is cleared, the user can disable Wi-Fi in the device settings.
The setting is available for mobile devices running iOS version 13 or later.
This check box is cleared by default.
- Force connection to allowed Wi-Fi networks only
Specifies whether the device can connect to allowed Wi-Fi networks only. This option is available if you add at least one Wi-Fi network to the list of Wi-Fi networks in the Wi-Fi section.
If the check box is selected, the device connects to allowed Wi-Fi networks only. The user cannot disable Wi-Fi in the device settings.
If the check box is cleared, the user can connect to any Wi-Fi network.
The setting is available for mobile devices running iOS version 14.5 or later.
This check box is cleared by default.
- Prohibit modifying Personal Hotspot settings
If the check box is cleared, the device user can modify Personal Hotspot settings.
If the check box is selected, the device user cannot modify Personal Hotspot settings.
The setting is available for mobile devices running iOS 12.2 or later.
This check box is cleared by default.
- Force Wi-Fi on
- In the Bluetooth section:
- Prohibit modifying Bluetooth settings
If the check box is cleared, the user can modify Bluetooth settings on the mobile device.
If the check box is selected, Bluetooth settings cannot be modified on the mobile device.
The setting is available for mobile devices running iOS 11 or later.
This check box is cleared by default.
- Prohibit modifying Bluetooth settings
- In the Cellular section:
- Prohibit automatic sync while roaming
Prohibit automatic synchronization of user data when the iOS MDM device is roaming.
If the check box is cleared, the user can enable automatic data synchronization when the device is roaming. Enabling automatic synchronization in roaming can result in unexpected mobile service costs.
If the check box is selected, the user is not allowed to use automatic data synchronization when the device is roaming.
This check box is cleared by default.
- Prohibit modifying cellular settings
Ability to configure cellular network data transfer by apps installed on a mobile device.
If the check box is cleared, the user can configure the settings for data transfer over a cellular network.
If the check box is selected, the settings for cellular network data transfer by apps cannot be modified.
This check box is cleared by default.
- Prohibit automatic sync while roaming
- In the General section:
- Restrictions on the Additional settings tab:
- In the Display section:
- Prohibit changing wallpaper
Ability to select the image that will be displayed on the lock screen or Home screen.
If the check box is cleared, the user can select the wallpaper for the mobile device.
If the check box is selected, wallpaper selection is not available.
This check box is cleared by default.
- Prohibit changing wallpaper
- In the Text section:
- Prohibit spellcheck
Use of spellcheck when entering text on a mobile device. The spellcheck function underlines incorrectly spelled words and suggests corrections.
If the check box is cleared, the user can enable and use the spellcheck function.
If the check box is selected, spellcheck is not available when entering text.
This check box is cleared by default.
- Prohibit auto-correction
Use of the auto-correct function when entering text.
If the check box is cleared, the user can enable and use the auto-correct function.
If the check box is selected, auto-correct is not available when entering text.
This check box is cleared by default.
- Prohibit dictionary search
Use of a dictionary to get the definitions of words on the mobile device. Only a software keyboard has a dictionary function.
If the check box is cleared, the user can highlight any word on the screen of the mobile device and get the definition of that word.
If the check box is selected, dictionary search is not available.
This check box is cleared by default.
- Prohibit spellcheck
- In the Keyboard section:
- Prohibit predictive text
Use of the predictive text input function. The predictive text input function shows options for completing words and suggestions based on available dictionaries.
If the check box is cleared, the user can enable and use the predictive text input function.
If the check box is selected, the predictive text function is not available. In this case, suggestions are not displayed when entering text.
This check box is cleared by default.
- Prohibit keyboard shortcuts
Use of keyboard shortcuts for quick access to mobile device functions.
If the check box is cleared, the user can enable the keyboard shortcut function and use it when working with the mobile device.
If the check box is selected, the keyboard shortcut function is not available.
This check box is cleared by default.
- Prohibit predictive text
- In the Notifications section:
- Prohibit Wallet on-screen notifications when screen is locked
Use of Wallet notifications on the lock screen of the iOS MDM device.
If the check box is cleared, Wallet notifications are displayed on the lock screen of the mobile device.
If the check box is selected, Wallet notifications are not displayed on the lock screen of the mobile device. To work with Wallet, the user must unlock the device.
This check box is cleared by default.
- Hide Control Center when screen is locked
Ability to go to the Control Center of the iOS MDM device when the device is locked.
If the check box is cleared, the user can go to the Control Center when the device is locked.
If the check box is selected, the user cannot go to the Control Center when the device is locked.
This check box is cleared by default.
- Hide Notification Center when screen is locked
Ability to go to the Notification Center of the iOS MDM device when the device is locked.
If the check box is cleared, the user can go to the Notification Center by swiping the lock screen down.
If the check box is selected, the user cannot go to the Notification Center when the device is locked.
This check box is cleared by default.
- Hide Today View when screen is locked
Display of information from the Today View on the screen of a locked iOS MDM device. The Today section of the Notification View shows the following information:
- Calendar events
- Reminders
- Stock prices
- Weather
If the check box is cleared, the user can view notifications from the Today View on a locked mobile device.
If the check box is selected, the Today View is not displayed on the locked mobile device.
This check box is cleared by default.
- Prohibit modifying notification settings
Ability to configure the display of notifications on the mobile device.
If the check box is cleared, the user can configure the settings for displaying notifications on the mobile device.
If the check box is selected, the display of notifications cannot be configured.
This check box is cleared by default.
- Prohibit Wallet on-screen notifications when screen is locked
- In the Display section:
- Restrictions on the OS update tab:
- In the General section:
- Delay software updates (days)
Allows delaying operating system updates on the device.
If the check box is selected, the user cannot access updates for the specified period. The default delay is 30 days. You can specify another period in the Number of days from 1 to 90 field.
If the check box is cleared, the user can update the software as soon as updates are available.
The setting is available for mobile devices running iOS version 11.3 or later.
This check box is cleared by default.
- Delay software updates (days)
- In the General section:
- Restrictions on the General tab:
- Click OK.
- Click Save to save the changes you have made.
As a result, feature restrictions will be configured on the user's mobile device after the policy is applied.
Configuring app restrictions
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select iOS and go to the Restrictions section.
- On the App restrictions card, click Settings.
The App restrictions window opens.
- Enable the settings using the App restrictions toggle switch.
- Configure iOS MDM device app restrictions.
Restrictions in the Safari section:
- Allow use of Safari
Use of the Safari browser on the iOS MDM device.
If the check box is selected, the user is allowed to use the Safari browser.
If the check box is cleared, the user is not allowed to use the Safari browser. The Safari icon is hidden on the home screen of the iOS MDM device.
This check box is selected by default.
- Allow AutoFill
Saving and autofilling of data entered by the user in web forms in the Safari browser.
If this check box is selected, user data entered in web forms is saved. Later it is automatically inserted in web forms.
If this check box is cleared, user data is not inserted in web forms.
This check box is selected by default.
- Warn the user when visiting a dangerous website
Option that enables a user warning prior to a visit to a website that Kaspersky Mobile Devices Protection and Management has found to be dangerous.
If the check box is selected, Kaspersky Mobile Devices Protection and Management warns a user attempting to visit a dangerous website.
If the check box is cleared, Kaspersky Mobile Devices Protection and Management does not warn a user attempting to visit a dangerous website.
This check box is cleared by default.
- Allow JavaScript
Use of JavaScript by the Safari browser.
If the check box is selected, the Safari browser uses JavaScript when opening web pages.
If the check box is cleared, the Safari browser does not use JavaScript when opening web pages.
This check box is selected by default.
- Block pop-up windows
Blocking of pop-up windows in the Safari browser.
If this check box is selected, Kaspersky Mobile Devices Protection and Management blocks pop-up windows in the Safari browser.
If this check box is cleared, Kaspersky Mobile Devices Protection and Management does not block pop-up windows in the Safari browser.
This check box is cleared by default.
- Cookie settings
Select the condition for accepting cookies:
- Allow cookies and website tracking. The Safari browser accepts cookies and allows tracking user activity.
- Allow cookies and block website tracking. The Safari browser accepts cookies and blocks tracking user activity.
- Block cookies and website tracking. The Safari browser blocks cookies and tracking user activity.
The default value is Allow cookies and website tracking.
Restrictions in the Game Center section:
- Allow use of Game Center
Access to the Game Center gaming service from the Game Center app on an iOS MDM device.
If the check box is selected, the user can visit the Game Center gaming service from the Game Center app on the mobile device.
If the check box is cleared, the user cannot visit the Game Center gaming service from the Game Center app on the mobile device. The Game Center icon is hidden on the home screen of the iOS MDM device.
This check box is selected by default.
- Allow adding friends in Game Center
An option that allows adding users in the Game Center gaming service on the iOS MDM device.
If the check box is selected, the user can add other users in the Game Center gaming service on the mobile device.
If the check box is cleared, the user is not allowed to add other users in the Game Center gaming service on the mobile device.
This check box is selected by default.
- Allow multiplayer games in Game Center
Use of the Game Center gaming service in multiplayer mode on the iOS MDM device.
If the check box is selected, the user can participate in multiplayer games in the Game Center gaming service on the mobile device.
If the check box is cleared, the user is not allowed to participate in multiplayer games in the Game Center gaming service on the mobile device.
If the check box is cleared, users can still play games together via SharePlay or a third-party service.
This check box is selected by default.
Restrictions in the Additional settings section:
- Allow use of iTunes Store
Access to the iTunes Store media service from the iTunes app on an iOS MDM device.
If the check box is selected, the user can view, buy, and download media content from the iTunes Store using the iTunes app on the mobile device.
If the check box is cleared, the user cannot view, buy, and download media content from the iTunes Store using the iTunes app on the mobile device. The iTunes icon is hidden on the home screen of the iOS MDM device.
This check box is selected by default.
- Allow use of News
Viewing of news on the user's mobile device using the News app.
If the check box is selected, the user can view news using the News app.
If the check box is cleared, the News app is not available to the user.
This check box is selected by default.
- Allow use of Podcasts
Listening to podcasts on the user's mobile device using the Podcasts app.
If the check box is selected, the user can search, play, and download podcasts using the Podcasts app.
If the check box is cleared, podcasts cannot be downloaded to the mobile device.
This check box is selected by default.
- Allow use of Safari
- Click OK.
- Click Save to save the changes you have made.
As a result, app restrictions will be configured on the user's mobile device after the policy is applied.
Configuring content restrictions
Categories used for content restrictions are determined by Apple. In some cases, when content restrictions are configured, actual results may differ from expected results.
- In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
- In the policy properties window, select Application settings.
- Select iOS and go to the Restrictions section.
- On the Content restrictions card, click Settings.
The Content restrictions window opens.
- Enable the settings using the Content restrictions toggle switch.
- Configure iOS MDM device content restrictions.
Selection of the country whose rating system is automatically applied to media content on the iOS MDM device.
The default value is United States.
Settings in the Age rating section:
- Videos
Selection of the restriction rating for access to movies on the iOS MDM device.
The list of ratings depends on the region selected.
If the Allow all option is selected, the user can view any movies on the mobile device.
The Allow all option is selected by default.
- TV shows
Selection of the restriction rating for access to TV shows on the iOS MDM device.
The list of ratings depends on the region selected.
If the Allow all option is selected, the user can view any TV shows on the mobile device.
The Allow all option is selected by default.
- Apps
Selection of the restriction rating for access to third-party apps on the iOS MDM device.
The list of ratings depends on the rating system selected.
If the Allow all option is selected, the user can use any third-party apps on the mobile device.
The Allow all option is selected by default.
App restrictions may be enforced even if the Allow all option is selected. This is due to an issue known to Apple.
- Allow downloading erotica in Apple Books
Access to adult content in Book Store on the user's mobile device.
If the check box is selected, the user can download adult content from the Apple Books app to the iOS MDM device.
If the check box is cleared, the user cannot download adult content from the Apple Books app to the iOS MDM device.
This check box is selected by default.
- Allow explicit content
Access to explicit media content from the iTunes Store on the iOS MDM device. Restrictions are applied by iTunes Store providers.
If the check box is selected, explicit media content purchased via iTunes Store is available to the mobile device user.
If the check box is cleared, explicit media content purchased via iTunes Store is hidden from the mobile device user.
This check box is selected by default.
- Videos
- Click OK.
- Click Save to save the changes you have made.
As a result, content restrictions will be configured on the user's mobile device after the policy is applied.