Edit

Share via

Optional restrictions

  • Article

Optional policies, while relatively common, are provided for more situational use cases.

To learn more, see:

Tip

When creating a settings catalog profile in the Microsoft Intune admin center, you can copy a policy name from this article and paste it into the settings picker search field to find the desired policy.

Category Property Value Notes Payload property
Managed Settings > Bluetooth Enabled True Enable the Bluetooth setting. Enabled
Restrictions Force Automatic Date And Time True Enables the Set Automatically feature in Date & Time and the user can't disable it.

Note:
  • Location services must be enabled during Setup Assistant.
  • Manual Time Zone policy will return an error if this policy is set to True.
 forceAutomaticDateAndTime
Managed Settings > Time Zone Time Zone Example:
America/Los_Angeles
Asia/Tokyo
Australia/Brisbane

See complete list in IANA time zone database.		 If the forceAutomaticDateAndTime restriction is set in Restrictions, this setting fails with an error. Otherwise, setting this value disables automatic time zone logic. The user is still able to change the time zone; for example, by turning automatic date and time back on. The intention is to allow setting the time zone when automatic determination isn't available, such as when Location Services are off. TimeZone
Restrictions Allow Bluetooth Modification False Prevents modification of Bluetooth settings. allowBluetoothModification
Restrictions Allow USB Restricted Mode True Allows iOS devices to always connect to USB accessories while locked. If the system has Lockdown mode enabled, it ignores this value. allowUSBRestrictedMode
Restrictions Blocked App Bundle IDs Example:
com.apple.facetime
com.apple.findmy
com.apple.Home
com.apple.MobileStore
com.apple.MobileSMS
com.apple.Music
com.apple.podcasts
com.apple.stocks
com.apple.tv
com.apple.store.Jolly
com.apple.supportapp		 Prevents showing or launching apps with bundle IDs in the array. blockedAppBundleIDs
Restrictions Enforced Software Update Delay 30 How many days to delay a software update on the device. enforcedSoftwareUpdateDelay
Restrictions Force Classroom Automatically Join Classes True Automatically gives permission to the teacher's requests without prompting the student. forceClassroomAutomaticallyJoinClasses
Restrictions Force Classroom Request Permission To Leave Classes True A student enrolled in an unmanaged course through Classroom needs to request permission from the teacher to leave the course. forceClassroomRequestPermissionToLeaveClasses
Restrictions Force Classroom Unprompted App And Device Lock True Allows the teacher to lock apps or the device without prompting the student. forceClassroomUnpromptedAppAndDeviceLock
Restrictions Force Classroom Unprompted Screen Observation True If true and ScreenObservationPermissionModificationAllowed is also true in the Education payload, a student enrolled in a managed course through the Classroom app automatically gives permission to that course teacher's requests to observe the student's screen without prompting the student. forceClassroomUnpromptedScreenObservation
Restrictions Force Preserve ESIM On Erase True Preserves eSIM when it erases the device due to too many failed password attempts or the Erase All Content and Settings option.

Note: Doesn't preserve eSIM if Find My initiates erasing the device.		 forcePreserveESIMOnErase
System Configuration > Lock Screen Message Asset Tag Information {{devicename}} Displayed in the login window and Lock screen. AssetTagInformation
System Configuration > Lock Screen Message Lock Screen Footnote Example:
School of Fine Art		 The footnote displayed in the login window and Lock screen. LockScreenFootnote