Restrictions

You can impose restrictions on the managed Windows devices by creating a profile and associating the profile to the devices or groups.Restrictions are applicable for devices running Windows 8.1 or later versions.

Profile Settings

Description

Device Functionality

Enforce Device Encryption

Allow/Restrict encrypting the data stored in the managed device

Disable SD Card

Allow/Restrict using SD Card (external memory) in the managed device

Camera

Allow/Restrict using camera in the managed device

Screen Capture

Allow/Restrict capturing the device screen as images

Telemetry

Allow/Restrict/Partially Allow posting anonymous data to Windows for fixing security issues and other bugs

Microsoft Store

Allow/Restrict access to Microsoft Windows App Store from the managed device

Data transfer through USB

Allow/Restrict transfer of data between the managed device and a computer

Microsoft feedback notifications

Allow/Restrict feedback notifications from Microsoft

Modify device date/time

Allow/Restrict modifying date/time in the managed device

Modify device name

Allow/Restrict modifying the device name

Network

Sharing Internet

Allow/Restrict sharing Internet between the managed device and other devices

VPN

Allow/Restrict establishing connection via VPN from the managed device

Allow VPN usage while using Cellular Data

Allow/Restrict establishing connection via VPN, while using Cellular Data

Allow VPN Roaming while using Cellular Data

Allow/Restrict VPN Roaming while using Cellular Data

Cellular Network

This option lets the Cellular Network to be always on or leave it to user control

Cellular Data usage while Roaming

Allow/Restrict using cellular data, while Roaming

Wi-Fi

Allow/Restrict using Wi-Fi in the managed device

Wi-Fi Configuration

Allow/Restrict manual addition of Wi-Fi connections in the managed device.

Automatically connect to Wi-Fi Sense Hotspots

Allow/Restrict automatic connection to Wi-Fi Hotspots

Security and Privacy

Clipboard share

Allow/Restrict copy and pasting data in the managed device

Location Services

Allow/Restrict using Location Services in the managed device

Microsoft account Connection

Allow/Restrict addition of Microsoft accounts in the managed device. This profile is not applied if the device already has a Microsoft account added

Adding Non-Microsoft account manually

Allow/Restrict adding non-Microsoft accounts in the managed device

Install root certificates

Allow/Restrict installing root certificates in the managed device

Developer Unlock

Allow/Restrict Developer Unlock option in the managed device. Developer Unlock option provides advanced controls such as accessing the data/file in the device OS

Reset device

Allow/Restrict resetting the managed device

Action Center Notifications

Allow/Restrict receiving Action Center Notifications

Toast Notifications

Allow/Restrict Toast Notifications

FIPS Compliance

This options lets you secure device communications and data only using FIPS-compliant algorithms. It is recommended to read this before configuring the restriction

Add Provisioning package

Allow/Restrict adding Provisioning packages in the managed device

Remove existing Provisioning package

Allow/Restrict removing Provisioning packages already present in the managed device

Anti-Theft Mode

Allow/Restrict Anti-Theft mode in the device

Social and Search

Cortana

Allow/Restrict Cortana in the managed device

Voice Recording

Allow/Restrict voice recording in the device

Save "Office files"

Allow/Restrict saving Microsoft Office files in the device

Share "Office Files"

Allow/Restrict sharing Microsoft Office files from the managed device

Sync My Settings

Allow/Restrict Sync My Settings feature in the device

Store images from Vision Search

Allow/Restrict storing images from Vision Search in the managed device.

Safe Search permissions

Allow/Restrict using Safe Search in the managed device

Allow "Search" to use Location Services

Allow/Restrict the usage of Location Services by the default search engine, Bing

Application

Non-Store app installation

Allow/Restrict installation of non-Store apps in the managed device. It can also be user-controlled

Install apps in device memory

Allow/Restrict installation of apps in the device memory

Store app data in device memory

Allow/Restrict storage of data by apps in the device memory

Auto-update of Store apps

Allow/Restrict automatic update of Store apps, present on the device

Allow access only to Private Store

Allow/Prevent downloading of apps, not managed by the organization.

Browser

Internet Explorer/Edge Browser

Allow/Restrict Internet Explorer(in case of Windows 8.1 devices) or Edge(in case of Windows 10) in the managed device. However, usage of other browsers installed in the device is possible. In case Laptops, Desktops and Surface Pro, the users can still access the browser but with the below restrictions applied to the browser.

Windows 10 Restrictions(Common to all devices)

Cookies

Allow/Restrict usage of cookies in the managed device

In-Private browsing

Allow/Restrict In-Private browsing in the managed device

Save passwords locally

Allow/Restrict passwords to be saved locally in the device memory

Search suggestions in address bar

Allow/Restrict search suggestions in the browser

Force fraudulent website warning

Allow/Restrict fraudulent website warning in the managed device

Override fraudulent website warning

Allow/Restrict overriding a fraudulent website warning

Override malicious file warning

Allow/Restrict overriding a malicious file warning

Allow "Do not track" request

Allow/Restrict do not track requests in browsers

Windows 10 Restrictions(Applicable only Desktops, Laptops and Surface Pro)

Address bar dropdown

Allow/Restrict website suggestions, in the form of address bar dropdown on the browser

Browser Extensions

Allow/Restrict installation of extenstions. Enabling this also restricts usage of existing installations

Delete browsing history on exiting browser

Allow/Restrict automatic removal of browser history, once user closes the browser

Access about:flags page on the browser

Allow/Restrict the user access to about:flags page. This page is used to configure basic developer settings.

Allow Flash to run on the browser

Allow/Restrict execution of Flash, present on the websites

Run Flash without user intervention

Allow/Restrict automatic execution of Flash. If restricted, user will be prompted for permission to run Flash.

Autofill

Allow/Restrict automatic pre-filling of websites on the browser

Popups

Allow/Restrict display of browser popups

Developer Tools

Allow/Restrict access to Developer Tools

NFC and Bluetooth

NFC

Allow/Restrict NFC functionality in the managed devices

Bluetooth

Allow/Restrict Bluetooth functionality in the managed device

Bluetooth discovery

Allow/Restrict Bluetooth discovery in the managed device

Bluetooth pre-pairing

Allow/Restrict Bluetooth pre-pairing in the managed device. Pre-pairing is a process by which the bluetooth peripherals are automatically paired during the manufacturing process. User needn't manually pair these peripherals as they paired when setup for the first time. If the peripherals are unpaired and within range of the other paired device, they get paired automatically. For more details, refer to this.

Bluetooth services advertising

Allow/Restrict advertising Bluetooth services

 

See Also:  Associating Profiles to Groups, Associating Profiles to Devices,  App Management, Distribute Apps to Devices, Distribute Apps to Groups

 

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine