Common Education iPad device restrictions

This article summarizes the configurations that are most commonly used for student and teacher iPads in educational organizations.

To learn more, see:

• Use the settings catalog to configure settings on Windows, iOS/iPadOS, and macOS devices
• Configure and secure devices with Microsoft Intune
• Review MDM payloads for Apple devices
• MDM payload list for iPhone and iPad devices

Tip

When creating a settings catalog profile in the Microsoft Intune admin center, you can copy a policy name from this article and paste it into the settings picker search field to find the desired policy.

General restrictions

Settings

Category	Property	Value	Notes	Payload property
Restrictions	Allow Activity Continuation	False		allowActivityContinuation
Restrictions	Allow Adding Game Center Friends	False		allowAddingGameCenterFriends
Restrictions	Allow AirDrop	False		allowAirDrop
Restrictions	Allow App Cellular Data Modification	False		allowAppCellularDataModification
Restrictions	Allow App Installation	False	Disables the App Store, and the system removes its icon from the Home screen. Users are unable to install or update their apps. In iOS 10 and later, MDM commands can override this restriction.	allowAppInstallation
Restrictions	Allow Apple Personalized Advertising	False		allowApplePersonalizedAdvertising
Restrictions	Allow Assistant	False	Disables Siri.	allowAssistant
Restrictions	Allow Assistant User Generated Content	False		allowAssistantUserGeneratedContent
Restrictions	Allow Assistant While Locked	False		allowAssistantWhileLocked
Restrictions	Allow Auto Unlock	False		allowAutoUnlock
Restrictions	Allow Bookstore Erotica	False		allowBookstoreErotica
Restrictions	Allow Cellular Plan Modification	False		allowCellularPlanModification
Restrictions	Allow Chat	False	Disables the use of iMessage with supervised devices. If the device supports text messaging, the user can still send and receive text messages.	allowChat
Restrictions	Allow Cloud Backup	False	Disables backing up the device to iCloud as it can't be restricted to Managed Apple ID only.	allowCloudBackup
Restrictions	Allow Cloud Document Sync	False	Disables document and key-value syncing to iCloud.	allowCloudDocumentSync
Restrictions	Allow Cloud Keychain Sync	False	Disables iCloud keychain synchronization.	allowCloudKeychainSync
Restrictions	Allow Cloud Photo Library	False	Disables iCloud Photo Library. The system removes any photos from local storage that aren't fully downloaded from iCloud Photo Library to the device.	allowCloudPhotoLibrary
Restrictions	Allow Cloud Private Relay	False	Disables iCloud Private Relay.	allowCloudPrivateRelay
Restrictions	Allow Device Name Modification	False	Prevents the user from changing the device name. Intune Remote Action can override this restriction.	allowDeviceNameModification
Restrictions	Allow Enabling Restrictions	False	Disables the Enable Restrictions option in the Restrictions UI in Settings.	allowEnablingRestrictions
Restrictions	Allow Enterprise App Trust	False	Removes the Trust Enterprise Developer button in Settings > General > Profiles & Device Management, which prevents provisioning apps by universal provisioning profiles.	allowEnterpriseAppTrust
Restrictions	Allow ESIM Modification	False		allowESIMModification
Restrictions	Allow Explicit Content	False		allowExplicitContent
Restrictions	Allow Files Network Drive Access	False		allowFilesNetworkDriveAccess
Restrictions	Allow Files USB Drive Access	False		allowFilesUSBDriveAccess
Restrictions	Allow Find My Friends	False		allowFindMyFriends
Restrictions	Allow Find My Friends Modification	False		allowFindMyFriendsModification
Restrictions	Allow Game Center	False		allowGameCenter
Restrictions	Allow In App Purchases	False		allowInAppPurchases
Restrictions	Allow iPhone Widgets On Mac	False		allowiPhoneWidgetsOnMac
Restrictions	Allow iTunes	False		allowiTunes
Restrictions	Allow Lock Screen Control Center	False		allowLockScreenControlCenter
Restrictions	Allow Lock Screen Notifications View	False		allowLockScreenNotificationsView
Restrictions	Allow Lock Screen Today View	False		allowLockScreenTodayView
Restrictions	Allow Managed Apps Cloud Sync	False	Prevents managed apps from using iCloud sync.	allowManagedAppsCloudSync
Restrictions	Allow Marketplace App Installation	False	Prevents installation of alternative marketplace apps from the web and prevents any installed alternative marketplace apps from installing apps. Note: For select markets.	allowMarketplaceAppInstallation
Restrictions	Allow Multiplayer Gaming	False		allowMultiplayerGaming
Restrictions	Allow Music Service	False		allowMusicService
Restrictions	Allow News	False		allowNews
Restrictions	Allow Notifications Modification	False		allowNotificationsModification
Restrictions	Allow Paired Watch	False		allowPairedWatch
Restrictions	Allow Passbook While Locked	False	Hides Passbook notifications from the lock screen.	allowPassbookWhileLocked
Restrictions	Allow Password Proximity Requests	False	Disables requesting passwords from nearby devices.	allowPasswordProximityRequests
Restrictions	Allow Password Sharing	False		allowPasswordSharing
Restrictions	Allow Personal Hotspot Modification	False		allowPersonalHotspotModification
Restrictions	Allow Podcasts	False		allowPodcasts
Restrictions	Allow Proximity Setup To New Device	False		allowProximitySetupToNewDevice
Restrictions	Allow Radio Service	False		allowRadioService
Restrictions	Allow Shared Stream	False	Disables Shared Photo Stream.	allowSharedStream
Restrictions	Allow Spotlight Internet Results	False	Disables Spotlight Internet search results in Siri Suggestions.	allowSpotlightInternetResults
Restrictions	Allow System App Removal	False		allowSystemAppRemoval
Restrictions	Allow UI App Installation	False	Disables the App Store, and the systems removes its icon from the Home screen. However, users can continue to use host apps such as iTunes or Configurator to install or update their apps.	allowUIAppInstallation
Restrictions	Allow UI Configuration Profile Installation	False	Prohibits the user from installing configuration profiles and certificates interactively.	allowUIConfigurationProfileInstallation
Restrictions	Allow VPN Creation	False		allowVPNCreation
Restrictions	Allow Wallpaper Modification	False		allowWallpaperModification
Restrictions	Allow Web Distribution App Installation	False	Prevents installation of apps directly from the web. Note: For select markets.	allowWebDistributionAppInstallation
Restrictions	Force Assistant Profanity Filter	True	Forces the use of the profanity filter assistant.	forceAssistantProfanityFilter
Restrictions	Force Limit Ad Tracking	True	Disables app tracking and the Allow Apps to Request to Track setting.	forceLimitAdTracking
Restrictions	Force WiFi Power On	True		forceWiFiPowerOn
Restrictions	Safari Force Fraud Warning	True		safariForceFraudWarning
Web Content Filter	Auto Filter Enabled	True	Enables automatic filtering. Note: iPadOS's built-in filter checks for adult content and doesn't cover categories that are educationally inappropriate. A separate filtering solution is recommended.	AutoFilterEnabled

Create policy using Graph Explorer

Use Graph to create the settings catalog policy in your tenant without assignments or scope tags.

This will create a policy in your tenant with the name _MSLearn_Example_CommonEDU - iPads - Device restrictions.

POST https://graph.microsoft.com/beta/deviceManagement/configurationPolicies
Content-Type: application/json

{"name":"_MSLearn_Example_CommonEDU - iPads - Device restrictions","description":"","platforms":"iOS","technologies":"mdm,appleRemoteManagement","roleScopeTagIds":["0"],"settings":[{"@odata.type":"#microsoft.graph.deviceManagementConfigurationSetting","settingInstance":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","settingDefinitionId":"com.apple.applicationaccess_com.apple.applicationaccess","groupSettingCollectionValue":[{"children":[{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowactivitycontinuation","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowactivitycontinuation_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowaddinggamecenterfriends","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowaddinggamecenterfriends_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowairdrop","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowairdrop_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowappcellulardatamodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowappcellulardatamodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowappinstallation","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowappinstallation_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowapplepersonalizedadvertising","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowapplepersonalizedadvertising_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowassistant","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowassistant_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowassistantusergeneratedcontent","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowassistantusergeneratedcontent_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowassistantwhilelocked","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowassistantwhilelocked_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowautounlock","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowautounlock_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowbookstoreerotica","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowbookstoreerotica_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowcellularplanmodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowcellularplanmodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowchat","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowchat_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowcloudbackup","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowcloudbackup_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowclouddocumentsync","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowclouddocumentsync_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowcloudkeychainsync","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowcloudkeychainsync_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowcloudphotolibrary","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowcloudphotolibrary_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowcloudprivaterelay","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowcloudprivaterelay_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowdevicenamemodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowdevicenamemodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowenablingrestrictions","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowenablingrestrictions_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowenterpriseapptrust","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowenterpriseapptrust_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowesimmodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowesimmodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowexplicitcontent","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowexplicitcontent_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowfilesnetworkdriveaccess","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowfilesnetworkdriveaccess_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowfilesusbdriveaccess","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowfilesusbdriveaccess_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowfindmydevice","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowfindmydevice_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowfindmyfriends","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowfindmyfriends_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowfindmyfriendsmodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowfindmyfriendsmodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowgamecenter","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowgamecenter_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowinapppurchases","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowinapppurchases_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowiphonewidgetsonmac","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowiphonewidgetsonmac_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowitunes","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowitunes_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowlockscreencontrolcenter","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowlockscreencontrolcenter_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowlockscreennotificationsview","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowlockscreennotificationsview_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowlockscreentodayview","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowlockscreentodayview_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowmanagedappscloudsync","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowmanagedappscloudsync_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowmarketplaceappinstallation","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowmarketplaceappinstallation_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowmultiplayergaming","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowmultiplayergaming_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowmusicservice","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowmusicservice_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allownews","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allownews_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allownotificationsmodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allownotificationsmodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowpairedwatch","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowpairedwatch_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowpassbookwhilelocked","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowpassbookwhilelocked_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowpasswordproximityrequests","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowpasswordproximityrequests_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowpasswordsharing","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowpasswordsharing_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowpersonalhotspotmodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowpersonalhotspotmodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowpodcasts","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowpodcasts_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowproximitysetuptonewdevice","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowproximitysetuptonewdevice_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowradioservice","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowradioservice_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowsharedstream","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowsharedstream_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowspotlightinternetresults","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowspotlightinternetresults_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowsystemappremoval","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowsystemappremoval_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowuiappinstallation","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowuiappinstallation_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowuiconfigurationprofileinstallation","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowuiconfigurationprofileinstallation_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowvpncreation","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowvpncreation_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowwallpapermodification","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowwallpapermodification_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowwebdistributionappinstallation","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowwebdistributionappinstallation_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_forceassistantprofanityfilter","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_forceassistantprofanityfilter_true","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_forcelimitadtracking","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_forcelimitadtracking_true","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_forcewifipoweron","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_forcewifipoweron_true","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_safariforcefraudwarning","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_safariforcefraudwarning_true","children":[]}}]}]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationSetting","settingInstance":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","settingDefinitionId":"com.apple.webcontent-filter_com.apple.webcontent-filter","groupSettingCollectionValue":[{"children":[{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.webcontent-filter_autofilterenabled","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.webcontent-filter_autofilterenabled_true","children":[]}}]}]}}]}

1. Click Try it to open Graph Explorer.
2. Once Graph Explorer is open, select the user icon in the top right to sign-in and sign in with your Intune administrator organizational account.
3. Click Run query to create the policy in your tenant.

   Tip

   If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires DeviceManagementConfiguration.ReadWrite.All permissions. You can grant the required permissions by selecting modify permissions and then selecting Consent.

4. The policy is created in your tenant and can be edited to meet your requirements before assigning to groups.

Settings that require additional consideration

Caution

Enable these settings with caution after carefully evaluating their effect on your environment.

Settings

Category	Property	Value	Notes	Payload property
Managed Settings > MDM Options	Activation Lock Allowed While Supervised	False	Does not register a supervised device with Activation Lock.	activationLockAllowedWhileSupervised
Restrictions	Allow App Removal	False	Disables removal of apps from an iOS device. Note: Could result in devices running out of disk space.	allowAppRemoval
Restrictions	Allow Erase Content And Settings	False	Without an ability to locally reset the device it complicates device recovery.	allowEraseContentAndSettings
Restrictions	Allow Unpaired External Boot To Recovery	False	Does not allow devices to be booted into recovery by an unpaired device.	allowUnpairedExternalBootToRecovery
Restrictions	Allow Untrusted TLS Prompt	False	Websites with untrusted certificates will not be displayed. If you use a DNS filtering solution or need to accept certificate changes due to SSL inspection, distribute the root CA certificate of the changed certificate from MDM.	allowUntrustedTLSPrompt
Restrictions	Allow Video Conferencing	False	Hides the FaceTime app. Note: Disabling may prevent screen sharing in some remote assistant apps used by IT Helpdesk.	allowVideoConferencing
Restrictions	Force WiFi To Allowed Networks Only	True	Limits the device to only join Wi-Fi networks set up through a configuration profile. Note: Could potentially leave the device in an unmanageable state if unable to connect to allowed networks.	forceWiFiToAllowedNetworksOnly

Create policy using Graph Explorer

Use Graph to create the settings catalog policy in your tenant without assignments or scope tags.

This will create a policy in your tenant with the name _MSLearn_Example_CommonEDU - iPads - Device restrictions (require additional consideration).

POST https://graph.microsoft.com/beta/deviceManagement/configurationPolicies
Content-Type: application/json

{"name":"_MSLearn_Example_CommonEDU - iPads - Device restrictions (require additional consideration)","description":"","platforms":"iOS","technologies":"mdm,appleRemoteManagement","roleScopeTagIds":["0"],"settings":[{"@odata.type":"#microsoft.graph.deviceManagementConfigurationSetting","settingInstance":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","settingDefinitionId":"settings_item_mdmoptions","groupSettingCollectionValue":[{"children":[{"@odata.type":"#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","settingDefinitionId":"settings_item_mdmoptions_mdmoptions","groupSettingCollectionValue":[{"children":[{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"settings_item_mdmoptions_mdmoptions_activationlockallowedwhilesupervised","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"settings_item_mdmoptions_mdmoptions_activationlockallowedwhilesupervised_false","children":[]}}]}]}]}]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationSetting","settingInstance":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","settingDefinitionId":"com.apple.applicationaccess_com.apple.applicationaccess","groupSettingCollectionValue":[{"children":[{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowappremoval","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowappremoval_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowerasecontentandsettings","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowerasecontentandsettings_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowunpairedexternalboottorecovery","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowunpairedexternalboottorecovery_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowuntrustedtlsprompt","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowuntrustedtlsprompt_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_allowvideoconferencing","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_allowvideoconferencing_false","children":[]}},{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","settingDefinitionId":"com.apple.applicationaccess_forcewifitoallowednetworksonly","choiceSettingValue":{"@odata.type":"#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","value":"com.apple.applicationaccess_forcewifitoallowednetworksonly_true","children":[]}}]}]}}]}

1. Click Try it to open Graph Explorer.
2. Once Graph Explorer is open, select the user icon in the top right to sign-in and sign in with your Intune administrator organizational account.
3. Click Run query to create the policy in your tenant.

   Tip

   If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires DeviceManagementConfiguration.ReadWrite.All permissions. You can grant the required permissions by selecting modify permissions and then selecting Consent.

4. The policy is created in your tenant and can be edited to meet your requirements before assigning to groups.