As an IT Admin, you can create and apply policies to enforce specific behavior on the iOS or PadOS devices you manage. For example, you can create policies that require users to enter a passcode when logging in, install a certificate on the device, or enable auto-lock. For iPhones, iOS 13 or later is required.
Prerequisite: All iOS and iPadOS devices must be enrolled in MDM through user enrollment or device enrollment. See Add Company-Owned iOS Devices and Users: Enroll Your Personal iOS Device.
Below is a list of all iOS policies in JumpCloud. You can create these iOS policies and apply them to your iOS and iPadOS devices and device groups. Specific instructions for more nuanced policies are linked in the Learn More column. If a Learn More article isn't listed, see Get Started: Policies and Create a Policy.
Name | Description | Category | Requires Supervision? | Learn More |
AirPrint Destination | Wirelessly print from an Apple device to an enabled printer. | Enterprise Settings, Configuration | ✔️ | Create a Mac or iOS AirPrint Policy |
Allow Activation Lock | Enable a theft-deterrent feature that makes it difficult for anyone else to use a lost or stolen macOS or iOS device. | Security, Compliance | ✔️ | Configure Activation Lock on Mac and iOS Devices |
App Notification Settings | Configure the notification settings for an application by bundle identifier. | Enterprise Settings, Productivity | ✔️ | Create a Mac or iOS App Notification Settings Policy |
Blocked Apple Apps | Manage which apps appear on Supervised iOS and iPadOS devices by hiding custom or third-party apps. | Security, Enterprise Settings | ✔️ | -- |
Blocked Custom Apps | Manage which apps appear on Supervised iOS and iPadOS devices. | Security, Enterprise Settings | ✔️ | -- |
Block iOS Widget Sharing | Prevent the display of an application’s data on a macOS 14 Sonoma device that is signed into the same Apple ID. | ✔️ | -- | |
Custom Font | Supply one TrueType or OpenType font or typeface to a device or group of devices. After installation, the font can be used by any application. | Enterprise Settings, Productivity | ✔️ | Create a Mac or iOS Custom Font Policy |
Disable Analytics | Disable the ability to send diagnostic reports from an iOS or iPadOS device to Apple. | Monitoring, Reporting | ❌ | -- |
Disable FaceTime | Hide the FaceTime app. FaceTime lets users make video and audio calls on an iOS device. This policy applies to supervised devices only. | Enterprise Settings, Security | ✔️ | -- |
Disable iCloud Photo Library | Disable user access to iCloud's Photo Library. Users can securely store their photos and videos in iCloud and keep them synced with their devices. Photos that are not downloaded from iCloud to the user’s device are removed from local storage. | Security, Compliance | ❌ | -- |
Disable Siri | Disable all access to Apple's Siri Assistant | Enterprise Settings, Compliance | ❌ | -- |
Disable Spotlight | Disable internet search results from displaying in Spotlight searches. Spotlight search helps users quickly find anything on their devices and on the web, and also offers suggestions and updates results as the user types. | Enterprise Settings, Configuration | ❌ | -- |
Disable Unlocking with Biometrics | Prevent users from unlocking their iOS or iPadOS devices using Touch ID or Face ID. Users must instead enter a passcode to unlock the device. | Security, Compliance | ❌ | -- |
Disable Unlock with Apple Watch | Prevent users from unlocking their iPhones from an Apple Watch. The policy works on iOS 14.5 and later. | Security, Device Access | ❌ | -- |
Encrypted DNS over HTTPS | Encrypt Domain Name System (DNS) over HTTPS so you can use encrypted DNS services on your iOS devices. | Enterprise Settings, Security | ✔️ | Create a Mac or iOS Encrypted DNS Policy |
Encrypted DNS over TLS | Encrypt Domain Name System (DNS) over Transport Layer Security (TLS) so that you can use encrypted DNS services on your iOS devices. | Enterprise Settings, Security | ✔️ | Create a Mac or iOS Encrypted DNS Policy |
Global HTTP Proxy | Preconfigures a global proxy server for macOS and iOS devices, in order to safely pass all traffic through an HTTP proxy set by this policy. | Enterprise Settings, Security | ✔️ | Create a Mac or iOS Global HTTP Proxy Server |
Home Screen Shortcut | Add a shortcut (web clip) to the home screen of a user's iOS or iPadOS device. Shortcuts provide fast access to favorite web pages or links, such as the JumpCloud User Portal, work email, or work calendar. | Enterprise Settings, Configuration | ❌ | Create an iOS Home Screen Shortcut Policy |
Install Certificate | Install a certificate on an iOS device, so that the device is trusted. | Enterprise Settings, Security | ❌ | Create a Mac or iOS Install Certificate Policy |
Manage Rapid Security Response | Control your macOS and iOS devices by automatically installing new Rapid Security Response updates as they become available. | Enterprise Settings, Configuration | ✔️ | Create a Mac or iOS Rapid Security Response Policy |
MDM Custom Configuration Profile | Distribute custom MDM configuration profiles to your devices. Profiles can be exported from tools like Apple Configurator or iMazing Profile Editor and then uploaded as a .mobileconfig file. | Enterprise Settings, Configuration | ❌ | Create a Mac or iOS MDM Custom Configuration Profile Policy |
Passcode Restrictions | Secure MDM-enrolled iOS and iPadOS devices and enforces settings for passcode length, complexity, failed attempts, etc. After a device is enrolled in MDM, the user has 60 minutes to enter a passcode that meets the restrictions in this policy. If the user does not comply within the time limit, the user is forced to change the passcode. | Compliance, Security | ❌ | Create an iOS Passcode Restrictions Policy |
Require Passcode for User-Enrolled Devices | Secure user-enrolled devices by forcing users to enter a passcode to access the device. These restrictions are automatically applied: simple passcodes with sequential or repeated characters are not allowed, the passcode is required, and the minimum length must be six characters. You can only apply the policy or remove it from devices that were user-enrolled. | Compliance, Security | ❌ | -- |
Restrict Apple Intelligence | Use this policy to disable some or all of the Apple Intelligence features in iOS 18.1 or later. | Enterprise Settings, Configuration | ✔️ | |
Restrict Erase All Contents and Settings | Return an iOS device to factory defaults. | Enterprise Settings, Security | ✔️ | -- |
Restrict iPhone Mirroring | Use this policy to prohibit the use of iPhone mirroring on iOS 18.0+. | Enterprise Settings, Configuration | ✔️ | -- |
Restrict Sharing Between Managed and Unmanaged Apps | Control how Managed Apps can communicate with Unmanaged Apps, including the ability to copy and paste between these app types. | Software Management, Security | ❌ | Create a Restrict Sharing between Managed and Unmanaged Apps Policy for iOS |
SCEP Profiles | Configure Simple Certificate Enrollment Protocol (SCEP) to make issuing digital certificates easier, more secure, and scalable. | Enterprise Settings | ✔️ | Create a Mac or iOS SCEP Profiles Policy |
Single App Mode | Present a single application as the device's user interface and control which settings are available to users. | Configuration, Enterprise Settings | ✔️ | |
SSO Extension | Configure an SSO Extension policy to leverage Apple's Extensible SSO when using an external identity provider. | Enterprise Settings, Configuration | ❌ | Configure an SSO Extension Policy for iOS |
Supervised iOS Restrictions | Configure specific restrictions that are unavailable for other enrollment types. | Enterprise Settings, Security | ✔️ | Create an iOS Supervised Restrictions Policy |
WiFi Configuration | Configure a WiFi network for your iOS devices. | Enterprise Settings, Network | ❌ | Create a Mac or iOS WiFi Policy |
After you choose an iOS policy to add, customized information appears on the left side about the policy and which versions are required for that policy. See Create a Policy.