Restrictions Policy

With restriction profiles, you can control (enable or disable) many device capabilities of corporate devices and prevent many potential security threats. This prevents end users from using certain device features, such as using the camera. This is supported on MacOS, iOS, iPadOS, Android, and Windows.

About this task

To create a restrictions policy, complete the following steps.

Procedure

  1. From the WebUI main page, select Apps > MCM.
  2. On the Modern Client Management page, on the right side corner, click the Create Policy button.
  3. From the list of policy types, select Restrictions. The following page appears.

  4. In the Generic Settings section, do the following:
    1. Enter name and description of the policy.
    2. Select operating system.
    3. All operating systems have specific set of restrictions policies. Navigate to the specific settings for each of the operating systems selected on the left side navigation panel. Once there, you can adjust the operating system specific settings for your restrictions policy.
      Note: Some of the restrictions settings on Windows may not apply correctly depending on the edition and service pack level of the Windows 10 endpoints. If one of those settings is edited, users receive a warning. To find more about what specific editions and versions of Windows 10 are required, visit Microsoft documentation at

      https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider.

      The following settings are affected:

      • configureAdditionalSearchEngines
      • enterpriseModeSiteList
      • configureTaskbarCalendar
      • letAppsAccessCalendar
      • letAppsAccessCalendar_ForceAllowTheseApps
      • letAppsAccessCalendar_ForceDenyTheseApps
      • letAppsAccessCalendar_UserInControlOfTheseApps
      • allowTailoredExperiencesWithDiagnosticData
      • allowThirdPartySuggestionsInWindowsSpotlight
      • disablePrintingOverHTTP
      • allowWindowsSpotlightOnSettings
      • turnOffFileHistory
      • showLockOnUserTile
      • allowWindowsSpotlight
      • allowWindowsSpotlightOnActionCenter
      • allowWindowsSpotlightWindowsWelcomeExperience
      • configureWindowsSpotlightOnLockScreen
      • winsetMinimumEncryptionKeySize
      • letAppsAccessBackgroundSpatialPerception
      • letAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps
      • letAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps
      • letAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps
    4. In the Assign Policy to Site dropdown, select Master action site.
  5. Click Save. The restriction policy is created.

    You can verify your policy and can click Deploy Policy to deploy it to selected devices.