Common Profile Configurations

Here are some common profile changes.

Tech Lockdown Team

Here are some highlighted configurations that are more useful to home users who want to prevent bypassing filtering/blocking capabilities.

Note

After making changes to a section in the profile, make sure you click the Save button. Click the Publish button after you are done making all changes. Then go to your group and upgrade the profile to distribute the new profile version to all devices in the group. See the Update Profile section for more information.

Application restrictions

Consider customizing the following restrictions:

Users can install unapproved apps (set list of approved apps using MDM)
Deleting apps
Remove system apps
Download Books content > Erotic content

Browser Restrictions

Consider restricting Safari.

Network and Roaming

Connect to Wi-Fi, only if distributed via MDM

Selecting this option will limit the Wi-Fi networks a user can connect to based on the networks you manually define. This is useful if you only want a device to connect to your home internet connection.

Always on Wi-Fi

Useful if you want to stop a user from switching off of a filter home network connection Wi-Fi to a roaming connection when at home.

Allow users to configure VPN

This setting should be restricted - a VPN should only be configured by the MDM.

Content Ratings

This section isn't as useful, but it's worth showcasing that you can restrict explicit music & podcasts. Note that this setting won't impact third-party apps like Spotify.

Wi-Fi

Optionally, you can configure Wi-Fi settings via the MDM.

For home networks, enter your Wi-Fi name in the Wi-FI SSID field, select WPA/WPA2 security type, then enter your WiFi password.

Combine this with Restrictions > Network & Roaming > Always on Wifi and Connect to Wi-Fi, only if distributed via MDM if you want to significantly restrict internet access to known/filtered internet connections.

Kiosk Mode

Kiosk mode is a powerful profile configuration that lets you narrow down the features a user has access to on the device. You can easily turn your iPhone into a "dumb phone" without sacrificing useful features like maps, camera, email, etc.

After enabling kiosk mode in multi app mode, I've restricted the following iPhone to have access to only a few features.

You can completely customize this as needed using Multi-app mode.

One of the most useful things about Kiosk mode is that you can specifically define what apps a user can see and access. This means that you can set up a filtering app, but make it impossible for the user to access or even see. The app is still running, but it's not visible to the user.

Enable single-app mode if you want to enforce the use of only one kiosk app. This is useful if you are using a parental control kiosk app.

Most commonly: enable multi-app mode to specify exactly what apps the user can see and access.

Hide the MDM app

Content Filtering

You can take advantage of the Screen Time Content Filter built-in to all iPhones.

Allowlist Mode

With the Filter type:Allowlist mode, you can restrict access to all websites except the ones you specify. This is a restrictive approach that is very limiting, but also one of the most thorough ways to narrow down only a few approved websites.

Blocklist Mode

Alternatively, you can toggle on the Filter type: Blocklist and add a list of URLs that should be blocked.

Next Up

Manage Apps

Manage Apps on your iPhone

You can now take advantage of remote management to install or uninstall apps on your iPhone