Restrictions
This article focuses on configuration profiles that are used to configure restrictions for the use of certain applications, contents, services, and device features in managed devices.
Restriction configuration profiles allow administrators to disable certain device features. When a feature is disabled, the device end-user can no longer use or modify the state of the particular feature if the administrators don't lift the restriction first.
Supported restrictions vary between device platforms
There is some variation between different device platforms what restriction configuration profiles are applicable to the devices. The following articles describe in detail what restrictions are supported on each device platform, and also, what are the platform-specific requirements for the use of the restriction configuration profiles.
How to configure restrictions
First you need to create a new configuration profile and define the enabled restrictions.
Start by navigating to
, and click the Add button. This will open the wizard for creating a new configuration profile.In the 1st step of the configuration profile wizard, choose the device platform of your devices. If you want to deploy restrictions to devices on multiple platforms, you need to create the configuration profiles for each platform separately.
Next in the 2nd step, choose to configure Restrictions.
In the 3rd step, you get to configure the actual restriction settings. The available configuration options in this phase vary between device platforms.
Android and Windows Phone restrictions have three possible settings. Allowed, Denied or Not set. Not set means that whatever the current state of the restriction, it will remain untouched when the configuration is deployed. Allowed means the restriction will be disabled, if currently active, and the feature will become accessible to end-users when the configuration profile is deployed. Denied means the restriction will be enabled and end-users can no longer access the feature after the profile is deployed.
On iOS restriction profiles you can select the features and settings you want to deny from the end user. Some of the iOS restrictions have a predefined list of values to choose from.
Notice that the restriction settings have been divided and grouped into multiple tabs. Visit each tab to see all available settings.
After that, you only need to give a name and description for your restriction configuration profile and you're all set!
Also check Creating a configuration profile if you need more instructions for creating the configuration profile.
How to deploy restrictions
Restriction configuration profiles can be deployed to devices just like the other configuration profiles. Just choose the desired configuration profile in the Configuration profiles view and click Deploy button. For more instructions, please see Deploying a configuration profile.
Viewing active restrictions
Active restrictions are collected as part of the device inventory. To view which restrictions are currently active on a device, open the device form and go to the Inventory tab. Active restrictions can be seen in the Restrictions table.
NOTE for the Android platform: Due to how Samsung's SAFE APIs work, there is no way to check for the current state of the Google Play Store restriction. Because of this, the restriction will never be shown under active restrictions even when it is active.
How to disable restriction configurations
Restrictions can be disabled by simply deleting the deployed configuration profile from the device. This can be done by opening the device page and clicking the trashcan icon in the Configuration profiles table on Main tab. See Removing deployed configuration profiles for more information.
In some cases, a device could go to a bricked state and there is a need to disable the restrictions configuration. For Android devices there is a safety feature for disabling the restrictions on the device. Read more about this safety feature from here.