Apply settings for iOS devices

Supported editions for these features (except as noted): Business Starter, Standard, and Plus; Enterprise; Education and Enterprise for Education; G Suite Basic and Business; Essentials.  Compare your edition

As an administrator, you can decide how people use their work account on managed iPhones and iPads. For example, you can prevent data from being copied from a managed app to an unmanaged app (Data protection), turn off certain apps, and control what work data syncs to built-in iOS apps.

Find the settings

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. On the left, click Settingsand theniOS settings.
  4. Click a settings category and setting. Learn about the settings in the following section.
  5. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  6. Turn on or off the setting.
  7. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.

Changes typically take effect in minutes, but can take up to 24 hours. For details, see How changes propagate to Google services.  

iOS settings index

Basic mobile management

Data protection applies to devices under basic and advanced mobile management.

Advanced mobile management

This feature is available with Cloud Identity Premium edition. Compare editions 

To use these settings, set up advanced mobile management for iOS devices.

Some settings apply only to supervised company-owned devices:

All iOS devices under advanced management Supervised company-owned iOS devices only
  • Apple certificates—Set up the integration between Google endpoint management and Apple services.
  • Account Configurations—Allow users Google Workspace or Cloud Identity data to sync to built-in iOS apps
  • Lock Screen—Control what information is shown on the screen when the device is locked
  • Data sharing—Control how files and content can be shared between apps.
  • Backup and iCloud Sync—Restrict how users can use iCloud for data synchronization and backup.
  • Photos—Restrict photo syncing and storage in iCloud.
  • Advanced Security—Restrict screen capture, Siri, Apple Watch sync, and Handoff.
  • Safari—Control access to Safari features.
  • Device features—Control diagnostics reporting.
  • Company-owned iOS device setup—Control how company-owned iOS devices are enrolled and which setup screens are shown.
  • Device features—Restrict how users can personalize their device and use certain features such as AirDrop, ScreenTime, and factory reset.
  • Networks—Restrict the cellular, Bluetooth, eSIM, Personal Hotspot, VPN, and Wi-Fi settings users can change.
  • Apps and services—Restrict app installation, removal, and changes to settings.
  • Apple apps—Restrict use of iOS apps, including FaceTime, iMessage, Game Center, and Podcasts, and restrict access to explicit content in iTunes and Apple Books.
  • Authentication—Control what authentication methods users can edit and control password sharing and autofill.
  • Connections—Restrict pairing and printing.
  • Keyboard and dictionary—Restrict use of spellcheck, autocorrect, QuickPath, and Look Up.

 

Open all   |   Close all

Apple certificates

Apple Push Notification Service

Create and manage your organization's Apple push certificates. When you first set up Google endpoint management, you set up a push certificate. When the certificate approaches its expiration date, you can renew an existing certificate.

Renew certificates early so that your iOS users aren't required to enroll their devices again. You can't renew a certificate that already expired.

Apple Device Enrollment

Connect to your organization's Apple Business Manager or Apple School Manager account so you can manage your company-owned iOS devices. Learn how to set up company-owned iOS device management. When the MDM Server token approaches its expiration date, you can renew the token.

Account Configurations (Google Workspace only)

Open all   |   Close all   |   Back to index

Google Account—Auto push configuration

This setting isn't available when you turn on a custom push configuration.

Automatically syncs users’ Google Workspace email, calendars, and contacts with the corresponding built-in iOS apps that are on their device. Check the Push Google Account configuration box to:

  • Sync Google Workspace emails with the Apple Mail app.
  • Sync Google Workspace calendar events with the Apple Calendar app.
  • Sync Google Workspace contacts with the Apple Contacts app.
  • Allow users to search your organization’s Directory in the iOS Contacts app.

Users can view email and calendar events in Google mobile apps (recommended) or in iOS apps. For details, see Enroll my iOS device.

If you don't want users to access their mail in the Apple Mail app, turn off IMAP access. Calendar events and contacts will still sync to iOS apps. For details, see Turn POP and IMAP access on and off. If you turn off IMAP, let users know that they're no longer syncing Google Workspace mail to the Apple Mail app because they might not get a notification on their device. Additionally, if users try to sign in to the Apple Mail app with their Google Account when IMAP is off, the sign-in fails silently.

When you turn on the Google Account setting, users with devices that are already enrolled for management get a notification asking them to add a password for their Google Workspace account. Users can enroll new devices by signing in to their Google Workspace account with a Google mobile app, such as the Google Device Policy app.

Google Workspace email, calendars, and contacts are all managed on the device. Therefore, if you block the device or remove the account, the user’s Google Workspace email, calendar events, and contacts are removed from the device. And, they all stop syncing.

Custom push configuration—CalDAV

This setting isn't available when you select Auto push configuration.

When turned on, Google Calendar is automatically synced to the iOS Calendar app on a user’s device.

If you decide to use this setting, Google Workspace calendar events are not fully managed on the device. If you remotely wipe the device or account, Google Workspace calendar events stop syncing and all existing events are removed from the device. However, if you block the device or if the device is pending approval, calendar events still sync to the device and existing events stay on the device too.

When you turn on this setting, users are asked to enter their Google Workspace password. If you use 2-Step Verification or set up SSO with a third-party identity provider, the user needs to generate and enter an App password instead of using their Google Workspace password. Then, Google Workspace events sync to the iOS Calendar app. The user can turn off this syncing. For details, see Enroll my iOS device.

When you turn off CalDAV, users can still add their calendars manually.

Custom push configuration—CardDAV

This setting is not available when the Google Account setting is on.

When turned on, Google Contacts is automatically synced to the iOS Contacts app on a user’s device. This setting also allows users to search your organization’s Directory in the iOS Contacts app.

If you decide to use this setting, Google Workspace contacts are not fully managed on the device. If you remotely wipe the device or account, the user’s contacts stop syncing and existing contacts are removed from the device. However, if you block the device or if it’s pending approval, contacts still sync to the device.

When you turn on CardDAV, users are asked to enter their Google Workspace password. If you use 2-Step Verification, or set up SSO with a third-party identity provider, the user needs to generate and enter an App password instead of using their Google Workspace password. Then, Google Workspace contacts sync to the iOS Contacts app. Users can turn off this syncing. For details, see Enroll my iOS device.

If you share only Directory data that’s already visible to the public with apps and APIs, users won’t be able to search your organization’s Directory. For details, see Let third-party apps access Directory data.

When you turn off CardDAV, users can still add their contacts manually.

Lock Screen

Open all   |   Close all   |   Back to index

Control Center

Allows users to access and change settings in the Control Center when their device is locked. The Control Center lets users access settings and apps, such as Wi-Fi, Apple AirDrop, and their camera by swiping the screen.

To block access to Control Center on the lock screen, uncheck the Allow Control Center on lock screen box.

Notifications view

Allows users to open the Notification Center on locked devices. The Notification Center lets users see recent alerts, like a calendar event or a missed call by swiping down from the top of the screen.

To prevent users from opening the Notification Center on locked devices, uncheck the Allow Notifications view on lock screen box. Users can still see new notifications when they arrive.

Today View

Allows users to see Today View when their device is locked. Today View shows summary information for that day when a user swipes right from the left side of the screen. The information could include sensitive calendar event names and email subject lines.

To block Today View on the lock screen, uncheck the  Allow Today view on lock screen box.

Data sharing

To use most of these settings, you need to set up advanced mobile management for iOS devices. Advanced mobile management isn't required to use the Data protection setting.

Open all   |   Close all   |   Back to index

Data protection

Allows users to copy content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their corporate account to a Google app in their personal account or a third-party app. Also allows users to drag content between Google apps, for any account.

To prevent users from copying or dragging information from their corporate account, or using the All inboxes feature (which combines messages from multiple Gmail accounts into one inbox), uncheck the box.

Note: When you uncheck the box, users can't copy content from a Google Workspace service that supports data protection (Gmail, Drive, Docs, Sheets, and Slides) to an unsupported Google Workspace service, such as Calendar or Sites.

Trust app authors

Allows users to trust enterprise apps they install from outside the Apple App Store or Google Device Policy app.

When users are allowed to trust apps from unknown sources (box is checked) and they first open an app from an unknown source, they see a notification that the author of the app isn't trusted on the device. They can establish trust for the app author in their device settings. If the user trusts an author, they can install other apps from the same author and open them immediately.

To prevent users from trusting app authors, uncheck Allow users to trust new enterprise app authors. When you uncheck the box, any app authors a user trusts before this setting is applied to their device remain trusted. The user can install more apps from the same author and open them.

Open docs in unmanaged apps

Allows users to open work files and links in unmanaged apps with unmanaged accounts and share them using Apple AirDrop.

To require that work files, attachments, and links open only in managed apps with managed accounts, uncheck the Allow items created with managed apps to open in unmanaged apps box. For example, you can prevent a user from opening a confidential email attachment from their work account in a personal app.

If you don't allow work files and links to open in unmanaged apps, you can still allow users to share these items using Apple AirDrop. To prevent users from sharing files with AirDrop, uncheck the Allow items created with managed apps to be shared using AirDrop box.

iCloud storage

Allows managed apps to use Apple iCloud to store data. Data stored in iCloud stays there until the device user removes it.

To prevent work app data from being stored in iCloud, uncheck the Allow managed apps to store data in iCloud box. Users can still use iCloud for their personal data.

Open docs in managed apps

Allows users to open personal documents, attachments, and links in managed apps with their managed accounts.

To prevent managed apps from opening personal documents or links, uncheck the Allow items created in unmanaged apps to open in managed apps box. In this case, users can open personal documents and links only in unmanaged apps in their personal accounts.

Sync with mobile data

Allows managed apps to use mobile data to go online. If you allow managed apps to sync using mobile data, you can also decide whether to allow them to sync when roaming. To turn off sync for managed apps while roaming, uncheck Allow managed apps to sync while roaming.

To prevent managed apps from using mobile data at any time, uncheck the Allow managed apps to sync using mobile data box.

Backup and iCloud Sync

Note: iOS device users need to give permission for automatic backup and sync using these settings.

Open all   |   Close all   |   Back to index

Document sync

Allows users to turn document and data syncing of their iOS devices to iCloud on or off. When allowed, data from the user’s various iOS apps is stored in iCloud and synchronized between the user’s supported iOS devices.

To block device sync with iCloud, uncheck the Allow users to sync documents and data with iCloud box.

For iOS 13 and later devices, applies only to supervised company-owned devices. For iOS 12 and earlier, the setting applies to all devices under advanced management.

Encrypted backup

When checked, forces encryption for all backups to Apple iTunes. When users back up their iOS devices to iTunes, they can see the Encrypt local backup or Encrypt iPhone backup box checked in the iTunes Device Summary screen but they can't uncheck it.

When backup encryption is first turned on, iTunes asks the user to enter a password. An encrypted backup is stored on the user’s computer and they need to enter this password to restore their iOS device.

To allow users to back up their devices unencrypted, uncheck the Require encryption for backups box.

iCloud backup

Allows users to automatically back up their iOS devices to iCloud over Wi-Fi every day. The iOS device must be turned on, locked, and connected to a power source during an iCloud backup.

To block device backup to iCloud, uncheck the Allow user to backup device with iCloud box.

Keychain sync

Allows users to use iCloud Keychain. With iCloud Keychain, the user's username, password, and credit card number is stored behind 256-bit Advanced Encryption Standard (AES) on iCloud. That data is synchronized between the user’s supported iOS devices.

To prevent users from using iCloud Keychain, uncheck the Allow users to sync keychains with iCloud.

Photos

Open all   |   Close all   |   Back to index

My Photo Stream

Allows the photos in a user’s Camera roll to sync to My Photo Stream in iCloud. Uncheck the box to:

  • Erase photos in My Photo Stream from the device.
  • Stop Camera roll photos syncing to My Photo Stream.
  • Prevent photos and videos in shared streams from being seen on the device.

Note: If there are no other copies of these photos and videos, they might be permanently deleted.

iCloud Photo Library

Allows users to keep their photos and videos in iCloud so they can access them from any device.

To block access to iCloud Photo Library, uncheck the Allow iCloud Photo Library box. Any photos not fully downloaded from iCloud Photo Library to the device will be removed from the device.

iCloud Photo Sharing

Allows users to add photos and videos to a shared album in iCloud. It also allows users to invite others to add their own photos, videos, and comments to the album.

To prevent users from subscribing to or publishing shared albums, uncheck the Allow iCloud Photo Sharing box.

Advanced Security

Open all   |   Close all   |   Back to index

Screen capture

Allows users to save a screenshot or recording of their screen.

To block screen captures, uncheck the Allow screenshots and screen recording box.

Siri

Allows users to use Siri. To block Siri, uncheck Allow Siri.

If you allow users to use Siri, you can also decide if it responds to users when the device is locked. To block Siri on locked devices, uncheck the Allow Siri on lock screen box.

Apple Watch

Allows a user to use an Apple Watch device after they take it off their wrist without unlocking it.

To lock the watch automatically when it’s removed from the user’s wrist, uncheck the Allow use of Apple Watch without wrist detection box. The user can still unlock an Apple Watch that's not on their wrist with its passcode or the paired iPhone.

Handoff

Allows users to use Apple Handoff to send an app's data between devices so they can start work on one device and continue on another. For example, a user can start reading a document in Safari on their iPad and continue reading it in Safari on their iPhone.

To block Handoff, uncheck the Allow Handoff box.

Safari

Open all   |   Close all   |   Back to index

Allow Safari (supervised, company-owned only)
Allows users to access Safari on the device.
To block Safari, uncheck the Allow Safari box. For iOS 13 and later, the setting applies only to supervised company-owned devices.
Autofill

Allows users to complete online forms in Safari with autofill. When the box is checked, Apple Safari remembers information that users enter in forms, such as name, address, phone number, or email address. That information is automatically completed in online forms later.

To block autofill in Safari, uncheck the Allow autofill in Safari box.

For iOS 13 and later, the setting applies only to supervised company-owned devices. For iOS 12 and earlier, the setting applies to all devices under advanced management.

Secure browsing

Warns users when they use Safari to visit a website that’s suspected to be fraudulent.

To turn off the fraudulent website warning, uncheck the Enforce the Safari fraudulent website warning box.

JavaScript

Allows JavaScript in Safari, which websites use for buttons, forms, and other content.

To block JavaScript in Safari, uncheck the Allow JavaScript in Safari box. Some websites can’t work properly if you turn off JavaScript.

Pop-ups

Allows pop-up windows to open when users visit or close a webpage in Safari. Pop-ups are often used to display ads. However, some websites use pop-up windows for essential content.

To block pop-ups, uncheck the Allow pop-ups in Safari box.

Cookies

Lets all websites, third parties, and advertisers accessed by Safari to store cookies and other data on the device.

To block cookies and other data from being stored on the device, uncheck the Accept cookies in Safari box. If you turn off cookies, some websites might not work properly.

Company-owned iOS device setup

Company-owned devices only

Open all   |   Close all   |   Back to index

Device enrollment settings—Allow pairing
Allow devices to pair with other Apple devices during device setup. To block pairing during setup, uncheck the Allow pairing box. Deprecated as of iOS 13.
To restrict pairing after setup, see the Connections settings.
Device enrollment settings—Require MDM profile

Require users on devices with iOS 12 and earlier install the MDM profile. The MDM profile is always required on devices with iOS 13 and later.

To allow users with iOS 12 and earlier devices to skip profile installation, uncheck the Require MDM profile box. In this case, the device isn't subject to the settings that apply to supervised company-owned devices, only the other advanced management settings.

Support contacts
Enter an email address and phone number that your users can contact if they have trouble with their company-owned devices. The contact info is provided in the setup screen when the user accepts your organization's management.
Setup Assistant
You can control which setup screens users see in the Setup Assistant when they first setup their devices. Uncheck any screen that you want users to skip. For example, if you don't allow users to access Siri, you can skip the Siri setup screen.
Note: We recommend that you don't skip the Apple ID setup screen. Device users need an Apple ID to download the Google Device Policy app and complete device setup.

Device features

Supervised company-owned devices only except for Diagnostics

Open all   |   Close all   |   Back to index

AirDrop
Allows users to use Apple AirDrop to share content and passwords. To turn off AirDrop, uncheck the Allow AirDrop box.
If you don't want to turn off AirDrop completely, you can use other settings to restrict certain uses:
  • To turn off password sharing with AirDrop, go to Authenticationand thenPassword sharing and uncheck .
  • To prevent users from sharing files created in managed apps with AirDrop, go to Data sharingand thenOpen docs in unmanaged apps and uncheck Allow items created with managed apps to be shared using AirDrop.
Account Settings
Allows users to change account settings. To block changes to accounts, uncheck the Allow users to change account settings box.
Configuration profiles
Allows users to interactively install configuration profiles and certificates.
To have configuration profiles and certificates install without user interaction, uncheck the Allow users to interactively install configuration profiles box.
Date and time
Prevents users from turning off the Set Automatically feature in the Date & Time system preferences. To have Set Automatically always on, check the Force automatic date and time box.
Applies to iOS 12 and later.
Device name
Allows users to change the device name. To block users from changing the device name, uncheck the Allow users to change device name box.
Diagnostics
Allows devices to send diagnostic data to Apple. To block devices from sending diagnostic reports, uncheck the Allow sending diagnostic and usage data to Apple box.
If you allow devices to send diagnostic data, you can block users from changing diagnostics settings. Uncheck the Allow users to change diagnostics settings box.
Erase all content and settings
Allows users to reset their device to factory settings. To block users from resetting their devices, uncheck the Allow users to reset with Erase all Content And Settings option box.
ScreenTime
For iOS 12 and later, allows users to use the ScreenTime feature. For iOS 11 and earlier, allows users to use Restrictions to control access to apps.
To block users from using ScreenTime or Restrictions, uncheck the Allow ScreenTime box.
Software updates
Hides software updates from users for a set number of days. To allow users to see software updates immediately, uncheck the Defer software updates for box.
Wallpaper
Allows users to change the background image on their device. To block users from changing the image, uncheck the Allow users to change wallpaper box.

Networks

Supervised company-owned devices only

Open all   |   Close all   |   Back to index

App cellular data
Allows users to change cellular data settings for apps. To block changes to cellular settings, uncheck the Allow users to change cellular data settings for apps box. Applies only to iOS 11 and later.
Bluetooth
Allows users to change Bluetooth settings. To block changes to Bluetooth settings, uncheck the Allow users to change Bluetooth settings box. Applies only to iOS 11 and later.
Cellular plan
Allows users to change settings related to the device cellular plan. To block changes to the cellular plan, uncheck the Allow users to change cellular plan settings box. Applies only to iOS 11 and later.
eSIM
Allows users to change the eSIM setting. To block changes to the eSIM setting, uncheck the Allow users to change eSIM settings box. Applies only to iOS 12.1 and later.
Personal Hotspot
Allows users to change Personal Hotspot settings. To block changes to Personal Hotspot settings, uncheck the Allow users to change Personal Hotspot settings box. Applies only to iOS 12.2 and later.
VPN
Allows users to add VPN configurations. To block new VPN configurations, uncheck the Allow users to add VPN configurations box. Applies only to iOS 11 and later.
Wi-Fi—Force Wi-Fi on
Allows users to turn off Wi-Fi. To force Wi-Fi on, even in Airplane Mode, check the Force Wi-Fi on box. Applies only to iOS 13 and later
Wi-Fi—Join only Wi-Fi networks installed by a Wi-Fi payload
Allows users to join any Wi-Fi network. To restrict access to only Wi-Fi networks set up by the configuration profile, check the Join only Wi-Fi networks installed by a Wi-Fi payload box.
For information on how to set up networks that are available to devices through the configuration profile, see Set up networks for managed devices (Wi-Fi, Ethernet, VPN).

Apps and services

Supervised company-owned devices only

Open all   |   Close all   |   Back to index

App installation
Allows users to install apps from the App Store.
To block users from installing apps or accessing the App Store on iOS 13 devices, uncheck the Allow users to install apps box. When unchecked, users can't access the App Store and apps purchased on other devices can't download automatically. Users can still download allowed apps through the Google Device Policy app.
If you allow users to install apps, you can still restrict where they can get apps from:
  • To block access to the App Store, uncheck the Allow users to install apps from the App Store box. Users can still download allowed apps through the Google Device Policy app.
  • To prevent apps purchased on other devices from automatically downloading, uncheck the Allow apps purchased on other devices to download automatically box.
App removal
Allows users to remove apps from their devices. To prevent users from removing apps, uncheck the Allow users to remove apps box. When a user's profile is removed from the device, work apps are also removed.
Files app
Allows users to connect to any USB and network drives in the Apple Files app. To block users from accessing USB or network drives in Files on their iOS 13.1 and later devices, uncheck the corresponding box.
This setting doesn't affect devices with iOS 13.0 and earlier. Users with these devices are always allowed to access USB and network drives in Files.
Find My Device
Allows users to use Find My Device in the Find My app. To block users from using this feature on iOS 13 and later devices, uncheck the Allow Find My Device box.
This setting doesn't affect devices with iOS 12 and earlier. Users with these devices are always allowed to use Find My Device.
Find My Friends
Allows users to use Find My Friends in the Find My app. To block users from using this feature on iOS 13 and later devices, uncheck the Allow Find My Friends box.
This setting doesn't affect devices with iOS 12 and earlier. Users with these devices are always allowed to use Find My Friends.
Modify Find My Friends
Allows users to change Find My Friends settings in the Find My app. To block users from changing settings, uncheck the Modify Find My Friends box.
Notifications
Allows users to use change notification settings in the Find My app. To block users from changing settings, uncheck the Allow users to change notification settings box.
System app removal
Allows users to remove system apps from the device. To block users from removing apps from iOS 11 and later devices, uncheck the Allow users to remove system apps box.

Apple apps

Supervised company-owned devices only

Open all   |   Close all   |   Back to index

FaceTime
Allows users to use the Apple FaceTime app. To block access to FaceTime, uncheck the Allow FaceTime box.
Apple Books—Allow Apple Books tagged as Erotica
Allows users to access books in Apple Books that are tagged as Erotica. To block access to these books, uncheck the Allow Apple Books tagged as Erotica box.
Apple Books—Allow Apple Books
Allows users to access Book Store in the Apple Books app. To block access to Book Store, uncheck the Allow user to access Books Store in Apple Books box.
Explicit content
Allows users to access explicit music or videos in the iTunes Store. To block access to explicit content in the iTunes Store, uncheck the Allow explicit content (music or video) from the iTunes Store box.
Game Center
Allows users to access the Apple Game Center app. To block access to Game Center, uncheck the Allow Game Center box.
iMessage
Allows users to use iMessage. To block access to iMessage, uncheck the Allow iMessage box.
iTunes Store
Allows users to access the iTunes Store. To block access to iTunes Store, uncheck the Allow iTunes Store box.
Applies only to iOS 13 and later.
Apple Music Radio
Allows users to access the Apple Music Radio app. To block access to Apple Music Radio, uncheck the Allow Apple Music Radio box.
Music service
Allows users to use the Music service in the Apple Music app. To block access to the Music service and revert the Music app to classic mode, uncheck the Allow Music service box.
News
Allows users to access the Apple News app. To block access to News, uncheck the Allow News box.
Podcasts
Allows users to use the Apple Podcasts app. To block access to Podcasts, uncheck the Allow Podcasts box.

Authentication

Supervised company-owned devices only

Open all   |   Close all   |   Back to index

Authenticate for AutoFill
To require Touch ID or Face ID authentication to autofill passwords and credit card information in Safari and other Apple apps, check the Require Touch ID or Face ID authentication to use AutoFill box.
Applies only to iOS 11 and later devices that support Touch ID or Face ID.
Passcode
Allows users to change (add, edit, and remove) the device passcode.
To prevent users from modifying the device passcode, uncheck the Allow users to change the device passcode box. This restriction doesn't apply to Shared iPads.
Password AutoFill
Allows passwords to autofill from Keychain or third-party password managers, and users get strong password suggestions and prompts to use saved passwords in Safari and other apps.
To block password autofill and strong password suggestions, uncheck the Allow password AutoFill box. Applies only to iOS 12 and later devices.
Password proximity requests
Allows nearby devices to request passwords. When Password sharing is allowed, the device answers the request by sharing the requested password.
To block password requests on iOS 12 and later devices, uncheck the Allow password requests to nearby devices box. Applies only to iOS 12 and later devices.
Password sharing
Allows the AirDrop passwords feature to share passwords with other devices.
To block password sharing, uncheck the Allow password sharing with AirDrop Passwords box. Applies only to iOS 12 and later devices.
Touch ID/Face ID
Allows users to change Touch ID and Face ID settings. When checked, users can add more fingerprints or an alternate appearance.
To block changes in Touch ID and Face ID, uncheck the Allow users to change Touch ID or Face ID box.

Connections

Supervised company-owned devices only

Open all   |   Close all   |   Back to index

Host pairing
Allows devices to pair with a host computer without a supervision host certificate.
To block pairing with any device except the supervision host, uncheck the Allow devices to pair with a host computer without a supervision host certificate box. If no supervision host certificate is configured, no pairing is allowed.
Setup nearby devices
Allows devices to prompt to set up new nearby devices.
To block the prompt, uncheck the Allow devices to set up nearby devices box. Available only for iOS 11 and later.
Apple Watch pairing
Allows devices to pair with an Apple Watch.
To block pairing, uncheck the Allow devices to pair with Apple Watches box. If the device was paired with an Apple Watch, the Apple Watch is unpaired and content is erased from the watch.
Print settings
Allows devices to print with AirPrint. When you allow AirPrint, you can control AirPrint features and connections:
  • Allow iBeacons to find AirPrint printers—Uncheck to prevent phishing attacks through AirPrint Bluetooth beacons. Devices can still detect AirPrint printers on the same Wi-Fi network when iBeacons are blocked.
  • Allow Keychain to store AirPrint credentials—Uncheck to prevent Keychain from storing the username and password for AirPrint.
  • Allow AirPrint connections with untrusted certificates—Uncheck to require a trusted certificate for TLS printing.
To block user access to AirPrint, uncheck the Allow AirPrint box. Applies only to iOS 11 and later.
USB
Allows locked devices to connect to USB accessories.
To block USB connections when the device is locked, uncheck the Allow locked devices to connect to USB accessories box. Applies only to iOS 11.4.1 and later.

Keyboard and dictionary

Supervised company-owned devices only

Open all   |   Close all   |   Back to index

Keyboard autocorrection
Allows users to use the automatic spelling correction feature when typing on the keyboard. To turn off autocorrection, uncheck the Allow keyboard autocorrection box.
Continuous path keyboard
Allows users to use QuickPath when typing on the keyboard. To turn off QuickPath, uncheck the Allow QuickPath keyboard box. Available only in iOS 13 and later.
Definition Look Up
Allows users to select words and tap Look Up to get definitions. To turn off Look Up, uncheck the Allow definition lookup box.
Dictation
Allows devices to take dictation input. To block dictation, uncheck the Allow dictation box.
Keyboard shortcuts
Allows users to use keyboard shortcuts. To turn off keyboard shortcuts, uncheck the Allow keyboard shortcuts box.
Keyboard spellcheck
Allows users to use the automatic spelling checker when typing on the keyboard. To turn off spellcheck, uncheck the Allow keyboard spellcheck box.
Predictive keyboard
Allows users to use predictive text when typing on the keyboard. To turn off predictive text, uncheck the Allow predictive keyboard box.

Want more mobile device settings?


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?