Restricting iOS Apps

You can use Jamf Pro to create a mobile device configuration profile that restricts certain iOS apps and specify the mobile devices and users to which the profile should be applied (called "scope"). Mobile device configuration profiles are XML files (.mobileconfig) that provide an easy way to define settings and restrictions for mobile devices.

General Requirements

To restrict iOS apps, you need:

  • Jamf Pro 9.9 or later

  • Supervised mobile devices with iOS 9.3 or later

  • A valid push certificate in Jamf Pro

Restricting iOS App Store Apps

You can restrict iOS App Store apps by deploying a configuration profile that restricts usage of certain apps in the App Store or that disables usage of the App Store on managed iOS devices.

  1. Log in to Jamf Pro.

  2. Click Devices at the top-left of the page.

  3. Click Configuration Profiles.

  4. Click New images/download/thumbnails/80769829/Icon_New_Button.png .

  5. On the General pane, enter a name for the profile and configure other settings on the pane as needed.

  6. To configure the iOS app restrictions, click the Restrictions tab, and do one of the following, depending on the Jamf Pro version of your environment:
    Jamf Pro 10.22.0 or later

    • To disable usage of the App Store on managed iOS devices, do the following:

      1. Click the Apps tab.

      2. Select iOS and Supervised in the filter.

      3. Restrict the Installing apps using App Store setting.

    • To allow usage of the App Store on managed iOS devices and control which apps are allowed, do the following:

      1. Click the Apps tab.

      2. Select iOS and Supervised in the filter.

      3. Configure the App usage setting as needed.

    Jamf Pro 10.21.0 or earlier

    • To disable usage of the App Store on managed iOS devices, do the following:

      1. Click iOS.

      2. Click Functionality.

      3. Deselect the Allow installing apps using Apple Configurator and iTunes (iOS 9 or later) /Allow installing apps using App Store (iOS 5–iOS 8 only) checkbox.

    • To allow usage of the App Store on managed iOS devices and control which apps are allowed, do the following:

      1. Click iOS and tvOS.

      2. Click Applications.

      3. Choose “Do Not Allow Some Apps” or “Only Allow Some Apps” from the Restrict App Usage pop-up menu.

      4. Click Add images/download/thumbnails/80769829/Icon_Add_Button.png .

      5. Enter the app name in the App Name field.

      6. Repeat steps d through e as needed.

  7. Click the Scope tab and configure the scope of the profile. With scope, you can add targets, limitations, and exclusions for remote management tasks.

    1. On the Targets pane, choose “All Mobile Devices” or “Specific Mobile Devices” from the Target Mobile Devices pop-up menu.

    2. (Optional) For Selected Deployment Targets, click Add, and then select a deployment target.

  8. Click Done.

  9. To deploy the configuration profile, click Save.
    Note: If a device has two or more configuration profiles with restrictions, it will accept the most restrictive settings.

Restricting iOS Third-Party Apps

You can restrict iOS apps downloaded from third-party websites by deploying a configuration profile that allows managed devices to install or update apps from only MDM or from MDM and the App Store.

  1. Log in to Jamf Pro.

  2. Click Devices at the top-left of the page.

  3. Click Configuration Profiles.

  4. Click New images/download/thumbnails/17105125/Icon_New_Button.png .

  5. On the General pane, enter a name for the profile and configure other settings on the pane as needed.

  6. To only allow users to install or update apps from MDM and the App Store, click the Restrictions tab and do the following, depending on the Jamf Pro version of your environment:
    Jamf Pro 10.22.0 or later

    1. Click Functionality.

    2. Select iOS in the filter.

    3. Allow the Trusting new enterprise app authors setting.

    4. (Optional) To restrict users from accessing the App Store and only allow users to install or update apps from MDM, restrict the Installing apps using Apple Configurator and iTunes setting on the Apps tab.

    Jamf Pro 10.21.0 or earlier

    1. Click iOS.

    2. Click Functionality.

    3. Deselect the Allow trusting new enterprise app authors checkbox.

    4. (Optional) To restrict users from accessing the App Store and only allow users to install or update apps from MDM, deselect the Allow installing apps using Apple Configurator and iTunes (iOS 9 or later) /Allow installing apps using App Store (iOS 5–iOS 8 only) checkbox.

  7. Click the Scope tab and configure the scope of the profile. With scope, you can add targets, limitations, and exclusions for remote management tasks.

    1. On the Targets pane, choose “All Mobile Devices” or “Specific Mobile Devices” from the Target Mobile Devices pop-up menu.

    2. (Optional) For Selected Deployment Targets, click Add, and then select a deployment target.

  8. Click Done.

  9. To deploy the configuration profile, click Save.
    Note: If a device has two or more configuration profiles, it will accept the most restrictive settings.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.