The restrictions policy enables the administrator to modify the profile to enable or
disable selected device features. With restriction profile, you can control (enable or
disable) the capabilities of corporate devices and prevent from potential security threats.
This prevents the users from using certain device features, such as using the camera. This
is supported on MacOS and Windows.
About this task
To create restrictions policy, complete the following steps.
Procedure
-
In the MDM Policy Types page, click Restrictions
Policy.
-
In the Create Restrictions Policy page, click
Settings.
-
In the Generic Settings section, do the following:
-
Enter name and description of the policy.
-
Select operating system.
-
In the Assign Policy to Site drop down, select
Master action site.
-
Optionally configure Policy Removal
Settings.
-
MacOS and Windows have different set of restrictions policies. From the
left pane, click MacOS Restrictions to configure
MacOS restriction settings.

From the left pane, click
Windows 10 Restrictions to configure Windows
10 restriction settings.
Note: Some of the restrictions settings on Windows may not
apply correctly depending on the edition and service pack level of the
Windows 10 endpoints. If one of those settings is edited, users receive
a warning. To find more about what specific editions and versions of
Windows 10 are required, check Microsoft documentation at
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider.
The
following settings are affected:
- configureAdditionalSearchEngines
- enterpriseModeSiteList
- configureTaskbarCalendar
- letAppsAccessCalendar
- letAppsAccessCalendar_ForceAllowTheseApps
- letAppsAccessCalendar_ForceDenyTheseApps
- letAppsAccessCalendar_UserInControlOfTheseApps
- allowTailoredExperiencesWithDiagnosticData
- allowThirdPartySuggestionsInWindowsSpotlight
- disablePrintingOverHTTP
- allowWindowsSpotlightOnSettings
- turnOffFileHistory
- showLockOnUserTile
- allowWindowsSpotlight
- allowWindowsSpotlightOnActionCenter
- allowWindowsSpotlightWindowsWelcomeExperience
- configureWindowsSpotlightOnLockScreen
- winsetMinimumEncryptionKeySize
- letAppsAccessBackgroundSpatialPerception
- letAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps
- letAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps
- letAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps
-
Click Save. The restriction policy is created.
You can verify your policy and can click Deploy Policy
to deploy it to selected devices.