Skip to main content

Hi Im trying to set up a restrictions-profile for some BYOD-iPhones. Some restrictions get pushed correctly but the two most important ones won't show up on the iPhone.

Settings are:

 
 

 

Voice dialing while device is locked Restricted Server-side logging of Siri commandsDeprecated Restricted Users to accept untrusted TLS certificates Restricted Trusting new enterprise app authors Restricted Managed apps can write contacts to unmanaged contacts accounts Restricted Unmanaged apps to read contacts from managed contacts accounts Restricted Sending diagnostic reports to Apple Restricted Apple Watch wrist detection Restricted

 

But these two get ignored:

Managed apps can write contacts to unmanaged contacts accounts
Unmanaged apps to read contacts from managed contacts accounts

 

Testing-iPhone is running iOS 15.4.1

This is what ends up on the iPhone.

do those settings require supervised or DEP? 

for informational purposed (we have not gone BYOD yet but I see it on the horizon) do you see these as potential attack vectors or are you just going with trying to match with company owned devices? 

Voice dialing while device is locked
Restricted
Sending diagnostic reports to Apple
Restricted
Apple Watch wrist detection
Restricted

The shouldn't as they are advertised special for BYOD.

 

These three have different reasons:

We see voice-dialing and Apple Watch wrist detection as potential attack vector (like someone using the phone of a higher employe to get informations).

Diagnostic reports is to be compliant with European GDPR.

Seems like these two

Managed apps can write contacts to unmanaged contacts accounts Restricted Unmanaged apps to read contacts from managed contacts accounts Restricted

need these two

Documents from managed sources open in unmanaged destinations Restricted Documents from unmanaged sources open in managed destinations Restricted

to get applied. But the contacts restrictions won't be displayed under Settings -> Management -> Restrictions.

More in this thread:

https://community.jamf.com/t5/jamf-pro/unmanaged-app-reading-managed-contacts-although-restriction-is/m-p/265589#M243796

The shouldn't as they are advertised special for BYOD.

 

These three have different reasons:

We see voice-dialing and Apple Watch wrist detection as potential attack vector (like someone using the phone of a higher employe to get informations).

Diagnostic reports is to be compliant with European GDPR.


thanks for the info

Terms & ConditionsCookie settingsAccessibility statement