This article focuses on configuration profiles that are used to configure restrictions for the use of certain applications, contents, services, and device features in managed devices.
Restriction configuration profiles allow administrators to disable certain device features. When a feature is disabled, the device end-user can no longer use or modify the state of the particular feature if the administrators don't lift the restriction first.
Restrictions are not available in the Miradore Online Free plan
The restriction configuration profiles are available in the Business and Enterprise plans of Miradore Online, but not in the Free plan. If you're a free plan user and interested in restriction configuration profiles, consider upgrading your site subscription. For instructions, please check How to upgrade subscription.
Supported restrictions vary between device platforms
There is some variation between different device platforms what restriction configuration profiles are applicable to the devices. The following articles describe in detail what restrictions are supported on each device platform, and also, what are the platform-specific requirements for the use of the restriction configuration profiles.
How to configure restrictions
First you need to create a new configuration profile and define the enabled restrictions.
Start by navigating to Mobile management > Configuration profiles, and hit Create configuration profile from the Actions pane at the right-hand side. This will create a new configuration profile for you.
In the 1st step of the configuration profile wizard, choose the device platform of your devices. If you want to deploy restrictions to devices on multiple platforms, you need to create the configuration profiles for each platform separately.
Next in the 2nd step, choose to configure Restrictions.
In the 3rd step, you get to configure the actual restriction settings. The available configuration options in this phase vary between device platforms.
Android and Windows Phone restrictions have three possible settings. Allowed, Denied or Not set. Not set means that whatever the current state of the restriction, it will remain untouched when the configuration is deployed. Allowed means the restriction will be disabled, if currently active, and the feature will become accessible to end-users when the configuration profile is deployed. Denied means the restriction will be enabled and end-users can no longer access the feature after the profile is deployed.
On iOS restriction profiles you can select the features and settings you want to deny from the end user. Some of the iOS restrictions have a predefined list of values to choose from.
Notice that the restriction settings have been divided and grouped into multiple tabs. Visit each tab to see all available settings.
After that, you only need to give a name and description for your restriction configuration profile and you're all set!
Also check Creating a configuration profile if you need more instructions for creating the configuration profile.
How to deploy restrictions
Restriction configuration profiles can be deployed to devices just like the other configuration profiles. Just choose the desired configuration profile in the Configuration profiles view and click Deploy configuration profile from the Actions menu at the right-hand side of the view. For more instructions, please see Deploying a configuration profile.
Viewing active restrictions
Active restrictions are collected as part of the device inventory. To view which restrictions are currently active on a device, open the device form and go to the Inventory tab. Active restrictions can be seen in the Restrictions table.
NOTE for the Android platform: Due to how Samsung's SAFE APIs work, there is no way to check for the current state of the Google Play Store restriction. Because of this, the restriction will never be shown under active restrictions even when it is active.
How to disable restriction configurations
Restrictions can be disabled by simply deleting the deployed configuration profile from the device. This can be done by opening the device page and clicking the trashcan icon in the Configuration profiles table. See Removing deployed configuration profiles for more information.
Safety feature for Android
Because it is possible to get the device to a bricked state by deploying a restrictions configuration with certain combinations, there is a safety feature in place. For example, it is possible to create a restrictions configuration that blocks both cellular data usage and Wi-Fi. This will block all data traffic and thus the client will no longer be able to contact the server, and there is no way to remove the configuration through Miradore Online.
If you accidentally deploy such a configuration to an Android device, you can remove the configuration manually. First, open the device form of the target device in Miradore Online. On the Main tab, there is a section named Miradore client under which there is a device specific security code displayed. You can use this security code to disable the configuration by opening Miradore Online client on the device, then going to settings and selecting Disable restrictions. The client will prompt for a security code. When you enter the code shown on the device form, all active restrictions will be removed.
Please send comments to firstname.lastname@example.org.