Restrictions Policy

The restrictions policy enables the administrator to modify the profile to enable or disable selected device features. With restriction profile, you can control (enable or disable) the capabilities of corporate devices and prevent from potential security threats. This prevents the users from using certain device features, such as using the camera. This is supported on MacOS and Windows.

About this task

To create restrictions policy, complete the following steps.


  1. In the MDM Policy Types page, click Restrictions Policy.
  2. In the Create Restrictions Policy page, click Settings.
  3. In the Generic Settings section, do the following:
    1. Enter name and description of the policy.
    2. Select operating system.
    3. In the Assign Policy to Site drop down, select Master action site.
    4. Optionally configure Policy Removal Settings.
    5. MacOS and Windows have different set of restrictions policies. From the left pane, click MacOS Restrictions to configure MacOS restriction settings.

      From the left pane, click Windows 10 Restrictions to configure Windows 10 restriction settings.
      Note: Some of the restrictions settings on Windows may not apply correctly depending on the edition and service pack level of the Windows 10 endpoints. If one of those settings is edited, users receive a warning. To find more about what specific editions and versions of Windows 10 are required, check Microsoft documentation at

      The following settings are affected:

      • configureAdditionalSearchEngines
      • enterpriseModeSiteList
      • configureTaskbarCalendar
      • letAppsAccessCalendar
      • letAppsAccessCalendar_ForceAllowTheseApps
      • letAppsAccessCalendar_ForceDenyTheseApps
      • letAppsAccessCalendar_UserInControlOfTheseApps
      • allowTailoredExperiencesWithDiagnosticData
      • allowThirdPartySuggestionsInWindowsSpotlight
      • disablePrintingOverHTTP
      • allowWindowsSpotlightOnSettings
      • turnOffFileHistory
      • showLockOnUserTile
      • allowWindowsSpotlight
      • allowWindowsSpotlightOnActionCenter
      • allowWindowsSpotlightWindowsWelcomeExperience
      • configureWindowsSpotlightOnLockScreen
      • winsetMinimumEncryptionKeySize
      • letAppsAccessBackgroundSpatialPerception
      • letAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps
      • letAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps
      • letAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps
  4. Click Save. The restriction policy is created.

    You can verify your policy and can click Deploy Policy to deploy it to selected devices.