General settings for Mobile Devices in Configuration Manager
Updated: June 4, 2015
Applies To: System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
Use this topic to find the mobile device settings that you can configure in a Configuration Manager configuration item.
For details about how to create a configuration item that contains these settings, see How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager
Password
Device
Email management
Store
Browser
Internet Explorer
Content Rating
Cloud
Security
Peak Synchronization
Roaming
Encryption
Wireless communications
Certificates
System Security
Windows Server Work Folders
Data Protection
iOS Custom Profile
Kiosk Mode (iOS)
Compliant and Noncompliant Apps (iOS)
Compliant and Noncompliant Apps (Android)
Allowed and Blocked Apps list (Windows Phone 8.1)
Password
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 (enrolled by Microsoft Intune) |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Require password settings on mobile devices |
Require a password on supported devices. |
No |
No |
Yes |
Yes |
Yes (Android only) |
Yes |
Yes |
Yes |
Minimum password length (characters) |
The minimum length for the password. |
Yes |
Yes (password length must not be less than 6 characters) |
Yes |
Yes |
Yes (Android only) |
Yes |
Yes |
Yes |
Password expiration in days |
The number of days before a password must be changed. |
Yes |
Yes |
Yes |
Yes |
Yes (Android only) |
Yes |
Yes |
Yes |
Number of passwords remembered |
Prevents re-using previously used passwords. |
Yes |
Yes |
Yes |
Yes |
Yes (Android only) |
Yes |
Yes |
Yes |
Number of failed logon attempts before device is wiped |
Wipes the device if this number of login attempts fail. |
Yes |
Yes |
Yes |
Yes |
Yes (Android only) |
Yes |
Yes |
Yes |
Idle time before mobile device is locked |
Specifies how many minutes of inactivity before the device is locked. |
Yes |
Yes |
Yes |
Yes |
Yes (Android only) |
Yes |
Yes |
Yes |
Password complexity |
Choose whether you can specify a PIN such as ‘1234’, or whether you must supply a strong password. |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Password quality |
Select the password complexity level required and also whether biometric devices can be used. |
No |
No |
No |
No |
Android only |
No |
No |
No |
Send password recovery PIN to Exchange Server |
Applies to Windows Mobile 6.1 and later devices only. |
n/a |
n/a |
n/a |
n/a |
n/a |
n/a |
Device
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Voice dialing |
Allows use of the voice dialing feature on the device. |
No |
No |
No |
Yes |
No |
No |
||
Voice assistant |
Allows use of a voice assistance app like Siri. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Voice assistant while locked |
Allows use of a voice assistance app like Siri when the device is locked. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Screen capture |
Allows you to take a screenshot of the device display. |
No |
No |
Windows Phone 8.1 only |
Yes |
No |
No |
No |
No |
Video conferencing |
Allows use of video chat apps such as Facetime. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Add game center friends |
Allows you to add friends in the game center app. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Multiplayer gaming |
Allows you to play games with other players on the Internet. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Personal wallet software while locked |
Allows use of personal wallet software like Passbook. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Diagnostic data submission |
Allow submission of app log files. |
Yes |
No |
Windows Phone 8.1 only |
Yes |
No |
No |
No |
No |
Geolocation1 |
Allow the device to use location services information. |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
Copy and Paste1 |
Use copy and paste to transfer data between apps. |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
Factory reset |
Allow the user to perform a factory reset on the device. |
No |
No |
No |
No |
Samsung KNOX only |
No |
No |
No |
Clipboard share between applications |
Use the clipboard to copy and paste between apps. |
No |
No |
No |
No |
Samsung KNOX only |
No |
No |
No |
1 Available for Windows Phone 8.1 devices when you are using System Center 2012 Configuration Manager SP2 or later, or when you have installed the optional Windows Phone 8.1 extension for Microsoft Intune.
Email management
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
POP and IMAP email |
Allows connection to email accounts that use the POP and IMAP standards. |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Maximum time to keep email |
How long to keep email before it is deleted from the server. |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Allowed message formats |
Specify whether user emails can be HTML, or plain text only. |
No |
No |
No |
No |
No |
No |
Yes |
No |
Maximum size for plain text email (automatically downloaded |
Controls the maximum size of plain text emails when automatically downloaded. |
No |
No |
No |
No |
No |
No |
Yes |
No |
Maximum size for HTML email (automatically downloaded) |
Controls the maximum size of HTML emails when automatically downloaded. |
No |
No |
No |
No |
No |
Yes |
No |
|
Maximum size of an attachment (automatically downloaded) |
Configures the maximum size email that will be automatically downloaded. |
No |
No |
No |
No |
No |
No |
Yes |
No |
Custom email account1 |
Allow using a non-Microsoft account on the device. |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
Make Microsoft Account optional in Windows Mail app |
Yes |
No |
No |
No |
No |
No |
No |
No |
1 Available for Windows Phone 8.1 devices when you are using System Center 2012 Configuration Manager SP2 or later, or when you have installed the optional Windows Phone 8.1 extension for Microsoft Intune.
Store
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Application store |
Allows access to the app store on the device. |
No |
No |
Windows Phone 8.1 only |
Yes |
No |
No |
No |
No |
Enter a password to access the application store |
Users must enter a password to access the app store. |
No |
No |
No |
Yes (iTunes only) |
No |
No |
No |
No |
In-app purchases |
Allows users to make in-app purchases. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Browser
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 (enrolled by Microsoft Intune) |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Default browser |
User can change the default Internet browser. |
No |
No |
Yes (Windows Phone 8.1 only) |
Yes |
No |
Yes |
No |
No |
Autofill |
User can change autocomplete settings in the browser. |
Yes |
No |
No |
Yes |
No |
No |
No |
No |
Active scripting |
Browser can run scripts, such as Active X scripts. |
Yes |
No |
No |
Yes |
No |
No |
No |
No |
Plug-ins |
User can add plug-ins to Internet Explorer. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Pop-up blocker |
Enables or disables the browser pop-up blocker. |
Yes |
No |
No |
Yes |
No |
No |
No |
No |
Cookies |
Allow cookies to be saved on the device. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Fraud warning |
Enable or disable warnings of potential fraudulent websites. |
Yes |
No |
No |
Yes |
No |
No |
No |
No |
Internet Explorer
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Always send Do Not Track header |
Prevents browsing information from being sent to third-party sites. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Intranet security zone |
Yes |
No |
No |
No |
No |
No |
No |
No |
|
Security lever for Internet zone |
Configure the security level for the Internet zone. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Security level for intranet zone |
Configure the security level for the intranet zone. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Security level for trusted sites zone |
Configure the security level for the trusted sites zone. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Security level for restricted sites zone |
Configure the security level for the restricted sites zone. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Namespaces for intranet zone |
Yes |
No |
No |
No |
No |
No |
No |
No |
|
Go to intranet site for single word entry |
Enables or disables the setting that allows Internet Explorer to automatically go to an Intranet site if a valid site name is entered without a preceding HTTP: |
Yes |
No |
No |
No |
No |
No |
No |
No |
Enterprise Mode menu option1 |
Allow users to activate and deactivate Enterprise Mode from the Internet Explorer Tools menu. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Logging report location (URL)1 |
Specify a URL where visited websites will be logged when Enterprise Mode is active. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Enterprise Mode site list location (URL)1 |
Specify the location of the list of websites that will use Enterprise Mode when it is active. |
Yes |
No |
No |
No |
No |
No |
No |
No |
1With System Center 2012 R2 Configuration Manager, the optional Enterprise Mode Internet Explorer extension introduces Enterprise Mode for Internet Explorer 11 and later, which allows access to sites that would otherwise only work in earlier versions of Internet Explorer.
If you are using Configuration Manager SP2, this functionality is built-in and you do not need to install the extension.
Content Rating
These settings apply to iOS devices only.
Setting name |
Details |
iOS |
|---|---|---|
Explicit content in media store |
Specify if you want to allow adult content to be accessed from the app store. |
Yes |
Ratings region |
Specifies the country for which you want to apply ratings restrictions. |
Yes |
Movie rating |
Specify the maximum rating of movie content you want to allow. |
Yes |
TV show rating |
Specify the maximum rating of TV show content you want to allow. |
Yes |
App rating |
Specify the maximum rating of app content you want to allow. |
Yes |
Note
The ratings you can select will vary depending on the Ratings region you selected.
Cloud
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
||
|---|---|---|---|---|---|---|---|---|---|
Cloud backup |
Allow backup to a cloud service like iCloud. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Encrypted backup |
Allow the backup to a cloud service to be encrypted. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Document synchronization |
Allow document synchronization to a cloud service. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Photo synchronization |
Allow photo synchronization to a cloud service. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Settings synchronization |
Allows synchronization of settings between devices. |
Yes (get only) |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
Credentials synchronization |
Allows synchronization of credentials between devices. |
Yes (get only) |
No |
No |
No |
No |
No |
No |
No |
Microsoft Account1 |
Allow the use of a Microsoft account on the device. |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
Settings synchronization over metered connections |
Allow settings to be synchronized when the Internet connection is metered. |
Yes (get only) |
No |
No |
No |
No |
No |
No |
No |
Google backup |
Allow the use of Google backup. |
No |
No |
No |
No |
Samsung KNOX only. |
No |
No |
No |
Google account auto sync |
Allow Google account settings to be automatically synchronized. |
No |
No |
No |
No |
Samsung KNOX only. |
No |
No |
No |
1 Available for Windows Phone 8.1 devices when you are using System Center 2012 Configuration Manager SP2 or later, or when you have installed the optional Windows Phone 8.1 extension for Microsoft Intune.
Security
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Unsigned file installation |
Allows the loading of unsigned files. |
No |
No |
No |
No |
No |
No |
Yes |
No |
Unsigned applications |
Allows the loading of unsigned apps. |
No |
No |
No |
No |
No |
No |
Yes |
No |
SMS and MMS messaging |
Allow SMS and MMS messaging from the device. |
No |
No |
No |
No |
No |
No |
Yes |
No |
Removable storage |
Allow use of removable storage, like an SD card on the device. |
No |
No |
Yes |
No |
Android 4.1 and later |
Yes |
Yes |
No |
Camera |
Allow use of the device camera. |
No |
No |
Windows Phone 8.1 only |
Yes |
Android 4.0 and later |
Yes |
Yes |
Yes |
Bluetooth |
Allow use of the devices Bluetooth capability. |
Yes (get only) |
No |
Windows Phone 8.1 only |
No |
No |
Yes |
Yes |
Yes |
Near field communication (NFC)1 |
Allow communication using NFC on the device. |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
YouTube |
Allows use of the YouTube app on the device. |
No |
No |
No |
No |
Samsung KNOX only. |
No |
No |
No |
Power off |
Allows the device to be powered off. |
No |
No |
No |
No |
Samsung KNOX only. |
No |
No |
No |
Profile file |
Provisions a VPN profile for Windows RT devices. |
Windows RT only |
No |
No |
No |
No |
No |
No |
No |
Profile name |
Provisions a VPN profile for Windows RT devices. |
Windows RT only |
No |
No |
No |
No |
No |
No |
No |
Profile for all users |
Provisions a VPN profile for Windows RT devices. |
Windows RT only |
No |
No |
No |
No |
No |
No |
No |
1 Available for Windows Phone 8.1 devices when you are using System Center 2012 Configuration Manager SP2 or later, or when you have installed the optional Windows Phone 8.1 extension for Microsoft Intune.
Peak Synchronization
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Specify peak time |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
|
Peak synchronization frequency |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
|
Off-peak synchronization frequency |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Roaming
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Mobile device management while roaming |
Allows the device to be managed by Configuration Manager when it is roaming. |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Software download while roaming |
Allows the download of apps and software when roaming. |
No |
No |
No |
No |
No |
No |
Yes |
Yes |
Email download while roaming |
Allows e-mail downloads when roaming. |
No |
No |
No |
No |
No |
No |
Yes |
No |
Voice roaming |
Allows voice calls when roaming. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Automatic synchronization while roaming |
Allows the device t automatically synchronize when roaming. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Data roaming |
Allow roaming between networks when accessing data. |
Yes |
No |
Windows Phone 8.1 only. |
Yes |
No |
No |
No |
No |
Encryption
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Storage card encryption |
Require any storage cards used with the device to be encrypted. |
No |
No |
No (apps and associated data are automatically encrypted) |
No |
No |
No |
Yes |
No |
File encryption on mobile device1 |
Requires that files on the mobile device are encrypted. |
Yes |
No |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Require email signing |
No |
No |
No |
No |
No |
No |
Yes |
No |
1 Additional information for devices that run Windows 8.1
To enforce encryption on devices that run Windows 8.1, you must install the HYPERLINK "https://support.microsoft.com/kb/3013816" December 2014 MDM client update for Windows on each device.
If you enable this setting for Windows 8.1 devices, all users of the device must have a Microsoft Account.
For encryption to work, the device must meet the Microsoft InstantGo hardware certification requirements.
When you enforce encryption on a device, the recovery key is only accessible from the users Microsoft Account, accessed from their OneDrive account. You cannot recover this key on behalf of a user.
Wireless communications
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Wireless network connection1 |
Enable or disable the devices Wi-Fi capability. |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
Yes |
Yes |
Wi-Fi tethering1 |
Let’s users use their device as a mobile hotspot. |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
Offload data to Wi-Fi when possible1 |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
|
Wi-Fi hotspot reporting1 |
No |
No |
Windows Phone 8.1 only |
No |
No |
No |
No |
No |
1 Available for Windows Phone 8.1 devices when you are using System Center 2012 Configuration Manager SP2 or later, or when you have installed the optional Windows Phone 8.1 extension for Microsoft Intune.
To configure a wireless network connection
-
On the Configure mobile device wireless communication settings page, click Add.
-
In the Wireless Network Connection dialog box, specify the following information about the wireless connection that will be provisioned on mobile devices:
Setting
More information
Network name (SSID)
Network connection
Choose from Internet or Work.
Authentication
Choose the authentication method for the wireless connection from:
Open
Shared
WPA
WPA-PSK
WPA2
WPA2-PSK
Data encryption
Choose the encryption method used by this connection. The values you can select will differ depending on the Authentication method you selected:
Disabled
WEP
TKIP
AES
Key index
Select a key index from 1 to 4 that will be used with a Data encryption setting of WEP.
This network connects to the Internet
Select this option if you want to supply proxy settings that let mobile devices on a wireless connection connect to the Internet.
Proxy server settings
Specify as required, Server and Port settings for HTTP, WAP and Sockets.
Enable 802.1X network access
Select this option if you want to secure the connection by specifying an EAP type.
EAP type
Choose the EAP type to use from:
PEAP
Smart card or certificate
-
When you are finished, click OK.
Certificates
Let’s you import certificates to install on mobile devices.
Click Import, and then specify the following values:
Certificate file – Click Browse and then select the certificate file with the extension .cer that you want to import.
Destination store – Choose one or more destination stores where the imported certificate will be added on the mobile device from:
Root
CA
Normal
Privileged
SPC
Peer
Role – If SPC (Software Publisher Certificate) is selected as the destination store, choose the role that will be associated with the certificate from:
Mobile Operator
Manager
User Authenticated
IT Administrator
User Unauthenticated
Trusted Provisioning Server
System Security
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
User to accept untrusted TLS certificates |
If Allowed, lets the user accept these certificates. If Prohibited, automatically rejects untrusted certificates. |
No |
No |
No |
Yes |
No |
No |
No |
No |
User Account Control |
Enables or disables Windows User Account Control on the device. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Network firewall |
Enables or disables Windows Firewall. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Updates |
Choose how Windows software updates will be downloaded to computers. For example, you can automatically download updates, but let the user choose when to install them. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Minimum classification of updates |
Choose the minimum classification of updates that will be downloaded to Windows computers, None, Important, or Recommended. |
Yes |
No |
No |
No |
No |
No |
No |
No |
SmartScreen |
Enable or disable Windows Smart Screen. |
Yes |
No |
No |
No |
No |
No |
No |
No |
Virus protection |
Yes (get only) |
No |
No |
No |
No |
No |
No |
No |
|
Virus protection signatures are up to date |
Yes (get only) |
No |
No |
No |
No |
No |
No |
No |
|
Lock screen control center1 |
Controls whether the control center app can be accessed when the device is locked. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Lock screen notification view1 |
Controls whether notifications can be viewed when the device is locked. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Lock screen today view1 |
Controls whether the Today view can be seen when the device is locked. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Fingerprint for unlocking1 |
Allow the use of the fingerprint sensor to unlock the device. |
No |
No |
No |
Yes |
No |
No |
No |
No |
1 Available for iOS devices when you are using System Center 2012 Configuration Manager SP2 or later, or when you have installed the optional iOS 7 and iOS 8 Security Settings extension for Microsoft Intune.
Windows Server Work Folders
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
|---|---|---|---|---|---|---|---|
Work Folders URL |
Configures the location of a Windows Server work folder that users can connect to from their device. |
Yes |
No |
No |
No |
No |
No |
Data Protection
Setting name |
Details |
Windows 8.1 and Windows RT 8.1 |
Windows RT |
Windows Phone 8 and Windows Phone 8.1 |
iOS |
Android and Samsung KNOX |
Exchange ActiveSync |
Windows Mobile |
Nokia Symbian |
|---|---|---|---|---|---|---|---|---|---|
Open documents in managed apps in other unmanaged apps1 |
For use with apps managed by Configuration Manager application management policies. |
No |
No |
No |
Yes |
No |
No |
No |
No |
Open documents in unmanaged apps in other managed apps1 |
For use with apps managed by Configuration Manager application management policies. |
No |
No |
No |
Yes |
No |
No |
No |
No |
1 Available for iOS devices when you are using System Center 2012 Configuration Manager SP2 or later, or when you have installed the optional iOS 7 and iOS 8 Security Settings extension for Microsoft Intune.
iOS Custom Profile
The iOS custom profile lets you deploy settings that you created using the Apple Configurator tool to iOS devices. This tool lets you create many settings that control the operation of these devices and export them to a configuration profile. You can then import this configuration profile into an iOS custom policy and deploy the settings to users and devices in your organization.
For more information, see Custom Settings for Mobile Devices in Configuration Manager.
Kiosk Mode (iOS)
Kiosk mode allows you to lock a device to only allow certain features to work. For example, you can allow a device to only run one managed app that you specify, or you can disable the volume buttons on a device. These settings might be used for a demonstration model of a device, or a device that is dedicated to performing only one function, such as a point of sale device.
For more information, see Kiosk Mode Settings for Mobile Devices in Configuration Manager
Compliant and Noncompliant Apps (iOS)
Let’s you specify a list of iOS apps that are compliant, or not compliant in your company. You can then display a report showing noncompliant app installations.
For more information, see App Compliance for Mobile Devices in Configuration Manager.
Compliant and Noncompliant Apps (Android)
Let’s you specify a list of Android apps that are compliant, or not compliant in your company. You can then display a report showing noncompliant app installations.
For more information, see App Compliance for Mobile Devices in Configuration Manager.
Allowed and Blocked Apps list (Windows Phone 8.1)
Let’s you specify a list of Windows Phone apps that are compliant, or not compliant in your company. Apps that you specify as blocked cannot be installed by users. If you specify a list of allowed apps, users can only install apps in the list.
For more information, see App Compliance for Mobile Devices in Configuration Manager.