Skip to content

Feature List

Entgra UEM server comes with a variety of features optimally catering for every enterprise mobility need that you are likely to encounter in your enterprise.

Accredited as a Google Enterprise EMM Partner, for Android devices the available features of our EMM server include forced confinement to specific WiFi networks, remote keyboard/mouse inputs on screen-share mode, pre-approved connected peripherals and allow listed applications.

The reporting functionality of the server extends to reports for tracking devices that do not have a mandatory application installed, changed SIM details and reports on enrolled as well as unenrolled devices.

Our support for Android, iOS & macOS and Windows operating systems enables wider reach over a range of platforms.

For the available features in each of the operating systems, click on the relevant OS below:

Platform

  • Tenant deletion: Delete obsolete tenants conveniently by clearing out all related data including that of subtenants.

  • Conditional Email Access (CEA): Control and manage access to corporate email accounts on mobile devices based on specific conditions or policies, and/or restrict access via unauthorized/non-compliant devices.

  • Disenroll multiple devices at once: Ability to select and disenroll multiple devices at once.

  • Custom logs for specific modifications: Custom logs are created for user activities relating to group modification events, device group assignments, user modification events, role modification events, and user login events.

  • UI/UX enhancements: A collection of fitting improvements elevating the user experience such as a guided tour for remote session file system view, customizable device listing, improvements to remote sessions and navigation, etc.

  • Trigger operations simultaneously in a device group: It is possible to send one or more operations to a device group at once. This feature is available on Android, iOS and Windows devices.

  • Direct publishing of app releases: This feature allows approved users to publish app releases promptly without going through all steps of the application lifecycle.

Android

Entgra UEM 6.0.0 is a Google Enterprise Partner for Android. Entgra EMM therefore supports the Android Enterpise, COPE, Legacy BYOD and COSU (Kiosk) types of Google recommended enrollments.

Android - Features

The table below summarizes the supported features for Android devices:

Feature Description Legacy (BYOD) Android Enterprise COSU (Kiosk) COPE Enrollment System App
Allow only pre-approved input methods
Block metered connection for specific applications
Android login support for Azure AD
MS Exchange Online support for Android X
Live Feed X X
FTP file transferring X X
Entgra App catalog X
Hardware properties X
Block App uninstall X
Device theme policy X
Remotely clear app data X
Grafana based dashboards X X
Remote screen keyboard and mouse inputs in screen-sharing mode.
Allow-list/Block-list connected peripherals plugged-in.
Force devices to be locked on to a given WiFi network.
Entgra secure browser application with remote settings
Device location history view to track the fleet’s history.
Display a custom message when the device is locked and for locked settings.
Offline un-enrollement via a special per device admin pin code.
Get Device Information - Fetch the device's runtime information.
Get Device Location Information - Fetch the device's current location.
Get Installed Applications - Fetch the device's installed application list.
Ring Device - Ring the device for the purpose of locating the device in case of misplacement.
Transfer files from a remote server(FTP) to device folder.
Transfer files from a device folder to an FTP location.
Mute Device - Put the device in silent mode.
Change Lock Code - Changes the device's currently set lock code. From Android N upwards, clear passcode will not work. X X
Clear Password - Remove any password that the device owner has put. From Android N upwards, clear passcode will not work. X X
Send Notifications/Messages - Send a notification (message) to the device.
Enterprise Wipe - Wipe the entreprise portion of the device.
Device Lock (soft lock) - Lock the device remotely. Similar to pressing the power button on the device and locking it.
Reboot Device - Restart the phone for example for troubleshooting purposes. X X
Upgrade Firmware - Upgrade Android operating firmware ensuring that firmware and the device has to be compatible and only applicable in OEM scenarios. X X X X
Execute Shell Command - Remotely execute the shell commands on the device's command prompt. X X X X
Hard Lock - Lock a device remotely by an admin and only the admin can unlock the device. X X
Manage Web Clip - Install a shortcut link to a web page/web app on the phone's home screen.
Trigger Google Play App - Install an app from the google play store.
Install/Uninstall/update applications - Capability to perform various application management tasks such as install, uninstall and update apps. - Install an app from the google play store.
View Device Screen - Screen sharing with the Admin. - Install an app from the google play store.
Remote Control Device - Allow Admin to remotely control the device.
Get Logcat - View the log of the operating system.
Silent App Install - Install apps on the device without prompting the user to click install.
Remote Kiosk Enable - Enable or disable kiosk mode remotely for maintenance reasons, troubleshooting etc. X X X X
Email Notifications for SIM Removal. X X

Android - Supported Operations

Entgra UEM Server facilitates one time operations that can be performed remotely via the Endpoint Management Console. These operations are useful for runtime maintenance of devices.

The following table lists out the operations that can be applied to an Android device.

For details on each, click here.

Operation Type Description
Ring Ability to Ring the device via Entgra UEM Server.
Device Lock Ability to Lock the device via Entgra UEM Server.
When Hard lock enabled (OEM Mode Only) is selected, the device can be unlocked only through EMM. This is available only in COPE enrollment.
Optionally, messege can be sent to the device via Entgra UEM Server while applying this operation.
Device Lock Ability to Lock the device via Entgra UEM Server.
When Hard lock enabled (OEM Mode Only) is selected, the device can be unlocked only through EMM. This is available only in COPE enrollment.
Optionally, messege can be sent to the device via Entgra UEM Server while applying this operation.
Location Ability to request coordinates of device location via Entgra UEM Server.
Clear Password Ability to clear current password via Entgra UEM Server.
(This functionality is only working with profile owners from Android 7.0 API 24 onwards.).
Mute Ability to enable mute in the device via Entgra UEM Server.
Message Ability to send message operation via Entgra UEM Server. The title of the message can be defined seperately in the Title box. The message can be defined in the message box.
Change Lock-code Ability to enable or disable current lock code via Entgra UEM Server.
(This functionality is only working with profile owners from Android 7.0 API 24 onwards.)
File Transfer Ability to Transfer file via Entgra UEM Server.
Enterprise Wipe Ability to remove enterprise applications via Entgra UEM Server.
Wipe Data Ability to Factory reset the device via Entgra UEM Server.
Enter the Pin code of the device to complete this operation.
Send app restriction Ability to send remote configurations to an app via Entgra UEM Server.
Reboot Ability to reboot the device via Entgra UEM Server.
This configuration will be available only for COPE/COSU enrollment types.
Change LockTask Ability to change LockTask mode of KIOSK device via Entgra UEM Server.
This configuration will be available only for COSU enrollment type.
Change LockTask Ability to change LockTask mode of KIOSK device via Entgra UEM Server.
This configuration will be available only for COSU enrollment type.
Upgrade Firmware Ability to upgrade firmware via Entgra UEM Server.

Android - Supported Policies

The policies that can be applied on an Android device depends on the way the device is enrolled with the server.

Accordingly, the table below indicates the policies applicable for each type of enrollment.

Feature Description Legacy (BYOD) Android Enterprise COSU (Kiosk) COPE Enrollment System App
Account restriction settings - Define the types of accounts permitted on the device and the number of accounts per type. X
Display changed device name - Displays the device name changed by admin via APIs in the agent.
Alternate app installing capability - an alternative mechanism in the agent that enables installing apps hosted in environments other than the app store, and/or to be used if standard installation fails.
File access permissions - enables external file storage write-access for Android 11.
Passcode Policy - Add a passcode strength policy to the device or to work profile
Encryption Settings - Execute the encypt device storage.
WiFi Settings - Push a configuration contaning the wifi profile of the company.
Virtual Private network (VPN Settings) - Push a configuration contaning the VPN profile of the company.
Device Profile Policy - Decides which system apps must be enabled or disabled in a device X
COSU Profile Configuration - Configure the behaviour of the Kiosk X X
Application Restriction Settings - Decides which apps are allowed do be in a device. X
App Screen Usage Time - policy to track/restrict screen usage per app.
Runtime permissions - Permissions that are required for the app to work can be granted automatically and defined. X
System Update Policy (COSU) - Specify the strategy or the time windows to perform OS updates. X X
Monitor/Revoke Policies - Continuously monitor the policies of the device to detect any policy violations.
Certificate Install Settings - Install certificate to devices remotely.
Global Proxy Settings - Reroute all the http communication of a device via a global http proxy. X X
Enrollment App Install - Decides which apps need to be installed upon enrollment.
Remote App Configurations - Send app configurations for the user's installed apps.
Disable Profile Removal - Disable the user's ability to unenroll from EMM. X

Android - Restriction Policies

Restriction Policies are those that can be applied on a device restricting or controlling the use of certain specific device features. There are a large number of restrictions that can be applied on an Android device.

The following table lists the available Restriction Policies for Android devices.

Feature Description Legacy (BYOD) Android Enterprise COSU (Kiosk) COPE Enrollment System App
Disable access to camera
Disable modifying certificates in the device X
Disable configuring VPN settings X
Disable configuring App control by hiding the status bar of App Control X
Disable cross-profile copy-paste - Copying text between profiles is blocked. X
Disable debugging - Disable usb debuging X
Disable installing apps to the device X
Disable installing apps from unknown sources X
Disable modifying accounts such as Google, Facebook from being modified/ added/ removed X
Disable outgoing beams - Disable using NFC to transfer data. X
Disable sharing device location. X
Disable uninstalling apps X
Disable parent profile app linking - Disable apps in the personal profile to handle web links from the work profile. X
Ensure verifying apps - Enforce only verified apps can be installed on the device. X
Disable screen capture - Disable capturing the screen of the device. X
Enable auto timing - Enable or diable using time from mobile network as system time. X X
Disable SMS - Disable access to SMS. X X
Disable volume adjust - Disable adjusting the volume of the device. X X
Disable cell broadcast - Disables cell broadcasting messages of the network. X X
Disable configuring bluetooth settings. X X
Disable configuring moble network settings. X X
Disable configuring tethering settings. X X
Disable configuring WiFi settings. X X
Disable safe boot - Disable booting into safe mode. X X
Disable outgoing calls X X
Disable mount physical media - Disable plugging into different media devices. X X
Disable create window - Disable showing certain notifications, toasts and alert by apps. X X
Disable factory resetting of devices. X X
Disable removing users from device. X X
Disable adding new users to device. X X
Disable network reset - Disable user from performing network setting reset. X X
Disable USB file transfer - Disable transfering data over USB. X X
Disable unmute microphone - Configure access to microphone. X X
Disable status bar - Block user from opening the notification bar and access to status bar. X X
Disable set wallpaper - Disable changing wallpapers. X X
Disable auto fill - Disable auto filling forms. X X
Disable bluetooth - Disable bluetooth. X X
Disable bluetooth sharing - Disable sharing via bluetooth. X X
Disable data roaming - Disable data roaming. X X
Disallow changing default SIM - Users are disallowed from changing the default corporate SIM card. X X
Disallow changing default SIM - Users are not allowed to change the default corporate SIM card. X X
Force uninstall applications not allowed - When installing apps to the device which have not been allow-listed, users are forced to uninstall the apps from the device. X X

iOS & macOS

iOS & macOS - Features

iOS & macOS - Supported Operations

Entgra UEM Server facilitates one time operations that can be performed remotely via the Endpoint Management Console. These operations are useful for runtime maintenance of devices.

Available operations for iOS and macOS vary according to how Apple defines the protocol and also depending on whether the device is a Bring Your Own Device (BYOD) or a Company Owned Personally Enabled (COPE) device.

The table below depicts a summary of this information.

iOS iOS macOS
Feature Description BYOD COPE BYOD
Get Device Information - Fetch the device's runtime information.
Get Installed Applications - Fetch the device's installed application list.
Get Device Location Information - Fetch the device's current location. X
Ring Device - Ring the device for the purpose of locating the device in case of misplace. X
Install/Uninstall/update applications - Manage apps installed on the device. X
Enterprise data wipe - Wipe the entreprise portion of the device.
Lock Device - Lock the device remotely. Similar to pressing the power button on the device and locking it.
Send Notification - Send a notification(message) to the device. X
Clear Passcode - Clear the passcode of a mobile device. X
Wipe Device(factory reset) - Factory reset a device.
Restart - Restart command is issued to restart the device.
Shutdown - Shutdown command is issued to shutdown the device.
External profile add and remove APIs X
Fetch security information of devices. X

iOS & macOS - Applicable Policies

The policies that can be applied on an iOS device depends on the way the device is enrolled with the server.

Accordingly, the table below indicates the policies applicable for each type of enrollment.

iOS iOS macOS
Feature BYOD DEP BYOD
Virtual Private Network (VPN Settings) - Push a configuration contaning the VPN profile of the company.
Wi-Fi Settings - Push a configuration contaning the wifi profile of the company.
Calendar - This payload configures a CalDAV account.
Calendar Subscription - Adds a subscribed calendar to the userʼs calendars list. X
Cellular Network Settings - Push cellular configurations such as APN settings to a mobile device. X
Email Settings - These configurations can be used to define settings for connecting to your POP or IMAP email accounts.
LDAP Settings - These configurations can be used to define settings for connecting to your LDAP server.
Manage Domains - Any document downloaded from the given URLs are marked as managed documents and will be used in managed open in restrictions. X
Unmarked Email Domains - Specify a list of email domains that are enterprise recognised so that the others are marked as unregnised by highlighting in the mail client.
Passcode Policy - Add a passcode strength policy to the device or to work profile.
Monitor/Revoke Policies - Continiously monitor the policies of the device to detect any policy violations.
Certificate Install - Install certificate to devices remotely.
Global Proxy Settings - Reroute all the http communication of a device via a global http proxy.
Disable Profile Removal - Disable the user's ability to unenroll from EMM. X X
AirPlay Settings - The AirPrint payload adds AirPrint printers to the user's AirPrint printer list. X
Network Usage Rules - Network Usage Rules allow enterprises to specify how managed apps use networks, such as cellular data networks. X X
App Lock (Kiosk mode) - Configure the behaviour of the Kiosk. X X
Font Install - Install fonts to an iOS device remotely. X X
Exchange - Exchange active sync contacts and mails to devices. X
Managed Settings command - Send the app configurations for user's installed apps. X X
AppStore Payload - Enforce restrictions on the App store in macOS. X X
Loginwindow Payload - Behaviour of the login screen and users are controlled with this policy. X X
Firewall Policy - A Firewall payload manages the Application Firewall settings that are accessible in the Security Preferences pane. X X

iOS & macOS - Restrictions Policies

Restrictions Policies are those that can be applied on a device restricting or controlling the use of certain specific device features.

There are a large number of restrictions that can be applied on an iOS device. The following table lists the available Restriction Policies for iOS devices.

iOS iOS macOS
Feature Description BYOD COPE BYOD
Allow App Removal - When false, disables removal of apps from iOS device. This key is deprecated on unsupervised devices. X
Allow Assistant - When false, disables Siri. Defaults to true. X
Allow Assistant WhileLocked - When false, the user is unable to use Siri when the device is locked. Defaults to true. This restriction is ignored if the device does not have a passcode set. Availability: Available only in iOS 5.1 and later.
Allow Camera - When false, the camera is completely disabled and its icon is removed from the Home screen. Users are unable to take photographs. Availability: Available in iOS and in macOS 10.11 and later.
Allow Cloud DocumentSync - When false, disables document and key-value syncing to iCloud. This key is deprecated on unsupervised devices.Availability: Available in iOS 5.0 and later and in macOS 10.11 and later.
Allow CloudKeychainSync - When false, disables iCloud keychain synchronization. Default is true. Availability: Available in iOS 7.0 and later and macOS 10.12 and later.
Allow DiagnosticSubmission - When false, this prevents the device from automatically submitting diagnostic reports to Apple. Defaults to true. Availability: Available only in iOS 6.0 and later. X
Allow ExplicitContent - When false, explicit music or video content purchased from the iTunes Store is hidden. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store. This key is deprecated on unsupervised devices. X
Allow FingerprintForUnlock - If false, prevents Touch ID from unlocking a device. Availability: Available in iOS 7 and later and in macOS 10.12.4 and later.
Allow GlobalBackgroundFetchWhenRoaming - When false, disables global background fetch activity when an iOS phone is roaming. X
Allow LockScreenNotificationsView - If set to false, the Notifications view in Notification Center on the lock screen is disabled and users cannot receive notifications when the screen is locked. Availability: Available only in iOS 7.0 and later. X
Allow LockScreenTodayView - If set to false, the Today view in Notification Center on the lock screen is disabled. Availability: Available only in iOS 7.0 and later. X
Allow MultiplayerGaming - When false, prohibits multiplayer gaming. This key is deprecated on unsupervised devices. X
Allow OpenFromManagedToUnmanaged - If false, documents in managed apps and accounts only open in other managed apps and accounts. Default is true. Availability: Available only in iOS 7.0 and later. X
Allow OpenFromUnmanagedToManaged - If set to false, documents in unmanaged apps and accounts will only open in other unmanaged apps and accounts. Default is true. Availability: Available only in iOS 7.0 and later. X
Allow ScreenShot - If set to false, users can't save a screenshot of the display and are prevented from capturing a screen recording; it also prevents the Classroom app from observing remote screens. Defaults to true. Availability: Updated in iOS 9.0 to include screen recordings. X
Allow PhotoStream - When false, disables Photo Stream. Availability: Available in iOS 5.0 and later. X
Allow Safari - When false, the Safari web browser application is disabled and its icon removed from the Home screen. This also prevents users from opening web clips. This key is deprecated on unsupervised devices. X
Safari AllowAutoFill - When false, Safari auto-fill is disabled. Defaults to true. X
Safari ForceFraudWarning - When true, Safari fraud warning is enabled. Defaults to false. X
Safari AllowJavaScript - When false, Safari will not execute JavaScript. Defaults to true. X
Safari AllowPopups - When false, Safari will not allow pop-up tabs. Defaults to true. X
Safari AcceptCookies - Determines conditions under which the device will accept cookies. The user facing settings changed in iOS 11, though the possible values remain the same. X
Allow SharedStream - If set to false, Shared Photo Stream will be disabled. This will default to true. Availability: Available in iOS 6.0 and later. X
Allow UntrustedTLSPrompt - When false, automatically rejects untrusted HTTPS certificates without prompting the user. Availability: Available in iOS 5.0 and later. X
Allow VideoConferencing - When false, disables video conferencing. This key is deprecated on unsupervised devices. X
AllowVoiceDialing - When false, disables voice dialing if the device is locked with a passcode. Default is true. X
AllowYouTube - When false, the YouTube application is disabled and its icon is removed from the Home screen. X
This key is ignored in iOS 6 and later because the YouTube app is not provided. X
Allow iTunes - When false, the iTunes Music Store is disabled and its icon is removed from the Home screen. Users cannot preview, purchase, or download content. This key is deprecated on unsupervised devices. X
Allow EnterpriseAppTrust - If set to false removes the Trust Enterprise Developer button in Settings->General->Profiles & Device Management, preventing apps from being provisioned by universal provisioning profiles. This restriction applies to free developer accounts but it does not apply to enterprise app developers who are trusted because their apps were pushed via MDM, nor does it revoke previously granted trust. Defaults to true. Availability: Available in iOS 9.0 and later. X
force EncryptedBackup - When true, encrypts all backups. X
force ITunesStorePasswordEntry - When true, forces user to enter their iTunes password for each transaction. Availability: Available in iOS 5.0 and later. X
force LimitAdTracking - If true, limits ad tracking. Default is false. Availability: Available only in iOS 7.0 and later. X
force AirPlayOutgoingRequestsPairingPassword - If set to true, forces all devices receiving AirPlay requests from this device to use a pairing password. Default is false. Availability: Available only in iOS 7.1 and later. X
force AirPlayIncomingRequestsPairingPassword - If set to true, forces all devices sending AirPlay requests to this device to use a pairing password. Default is false. Availability: Available only in Apple TV 6.1 and later. X
Allow ActivityContinuation - If set to false, Activity Continuation will be disabled. Defaults to true. X
Allow EnterpriseBookBackup - If set to false, Enterprise books will not be backed up. Defaults to true. X
Allow EnterpriseBookMetadataSync - If set to false, Enterprise books notes and highlights will not be synced. Defaults to true.
Allow CloudPhotoLibrary - If set to false, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device will be removed from local storage. Availability: Available in iOS 9.0 and later and in macOS 10.12 and later. X
force AirDropUnmanaged - If set to true, causes AirDrop to be considered an unmanaged drop target. Defaults to false. Availability: Available in iOS 9.0 and later. X
force WatchWristDetection - If set to true, a paired Apple Watch will be forced to use Wrist Detection. Defaults to false. Availability: Available in iOS 8.2 and later. X
Allow AddingGameCenterFriends - When false, prohibits adding friends to Game Center. This key is deprecated on unsupervised devices. X
Allow InAppPurchases - When false, prohibits in-app purchasing. X
Allow LockScreenControlCenter - If false, prevents Control Center from appearing on the Lock screen. Availability: Available in iOS 7 and later. X
Allow OTAPKIUpdates - If false, over-the-air PKI updates are disabled. Setting this restriction to false does not disable CRL and OCSP checks. Default is true. Availability: Available only in iOS 7.0 and later. X
Allow PassbookWhileLocked - If set to false, Passbook notifications will not be shown on the lock screen.This will default to true. Availability: Available in iOS 6.0 and later. X
Allow ManagedAppsCloudSync - If set to false, prevents managed applications from using iCloud sync. X
Allow Podcasts - Not available. Need DEP. If set to false, disables podcasts. Defaults to true. Availability: Available in iOS 8.0 and later. X X
Allow DefinitionLookup - Not available. Need DEP. If set to false, disables definition lookup. Defaults to true. Availability: Available in iOS 8.1.3 and later and in macOS 10.11.2 and later. X
Allow PredictiveKeyboard - Not available. Need DEP. If set to false, disables predictive keyboards. Defaults to true. Availability: Available in iOS 8.1.3 and later. X X
Allow AutoCorrection - Not available. Need DEP. If set to false, disables keyboard auto-correction. Defaults to true. Availability: Available in iOS 8.1.3 and later. X X
Allow SpellCheck - Not available. Need DEP. If set to false, disables keyboard spell-check. Defaults to true. Availability: Available in iOS 8.1.3 and later. X X
Allow MusicService - Not available. Need DEP. If set to false, Music service is disabled and Music app reverts to classic mode. Defaults to true. Availability: Available in iOS 9.3 and later and macOS 10.12 and later.
Allow News - Not available. Need DEP. If set to false, disables News. Defaults to true. Availability: Available in iOS 9.0 and later.
Allow UIAppInstallation - When false, the App Store is disabled and its icon is removed from the Home screen. However, users may continue to use Host apps (iTunes, Configurator) to install or update their apps. Defaults to true. Availability: Available in iOS 9.0 and later. X X
Allow KeyboardShortcuts - If set to false, keyboard shortcuts cannot be used. Defaults to true. Availability: Available in iOS 9.0 and later. X X
Allow PairedWatch - If set to false, disables pairing with an Apple Watch. Any currently paired Apple Watch is unpaired and erased. Defaults to true. Availability: Available in iOS 9.0 and later. X X
Allow PasscodeModification - If set to false, prevents the device passcode from being added, changed, or removed. Defaults to true. This restriction is ignored by shared iPads. Availability: Available in iOS 9.0 and later. X X
Allow DeviceNameModification - If set to false, prevents device name from being changed. Defaults to true. Availability: Available in iOS 9.0 and later. X X
Allow WallpaperModification - If set to false, prevents wallpaper from being changed. Defaults to true. Availability: Available in iOS 9.0 and later. X X
Allow AutomaticAppDownloads - If set to false, prevents automatic downloading of apps purchased on other devices. Does not affect updates to existing apps. Defaults to true. Availability: Available in iOS 9.0 and later. X X
Allow RadioService - If set to false, Apple Music Radio is disabled. Defaults to true. Availability: Available in iOS 9.3 and later. X X
Blocked AppBundleIDs - If present, prevents bundle IDs listed in the array from being shown or launchable. Availability: Available in iOS 9.3 and later. X X
Allowed AppBundleIDs - If present, allows only bundle IDs listed in the array from being shown or launchable. Availability: Available in iOS 9.3 and later. X X
Allow NotificationsModification - If set to false, notification settings cannot be modified. Defaults to true. Availability: Available in iOS 9.3 and later. X X
Allow RemoteScreenObservation - If set to false, remote screen observation by the Classroom app is disabled. Defaults to true. X X
This key should be nested beneath allowScreenShot as a sub-restriction. If allowScreenShot is set to false, it also prevents the Classroom app from observing remote screens. Availability: Available in iOS 9.3 and later. X X
Allow DiagnosticSubmissionModification - If set to false, the diagnostic submission and app analytics settings in the Diagnostics & Usage pane in Settings cannot be modified. Defaults to true. Availability: Available in iOS 9.3.2 and later. X X
Allow BluetoothModification - If set to false, prevents modification of Bluetooth settings. Defaults to true. Availability: Available in iOS 10.0 and later. X X
Allow Dictation - If set to false, disallows dictation input. Defaults to true. Availability: Available only in iOS 10.3 and later. X X
Force WiFiWhitelisting - If set to true, the device can join Wi-Fi networks only if they were set up through a configuration profile. Defaults to false. Availability: Available only in iOS 10.3 and later. X X
Force UnpromptedManaged- ClassroomScreenObservation - If set to true, and ScreenObservationPermissionModificationAllowed is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that course's teacher's requests to observe the student's screen without prompting the student. Defaults to false. Availability: Available only in iOS 10.3 and later. X X X
Allow AirPrint - If set to false, disallow AirPrint. Defaults to true. Availability: Available only in iOS 11.0 and macOS 10.13 and later. X
Allow AirPrintCredentialsStorage - If set to false, disallows keychain storage of username and password for Airprint. Defaults to true. Availability: Available only in iOS 11.0 and later. X X
Force AirPrintTrustedTLSRequirement - If set to false, disables iBeacon discovery of AirPrint printers. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Defaults to true. Availability: Available only in iOS 11.0 and macOS 10.13 and later. X
Allow AirPrintiBeaconDiscovery - If set to false, disables iBeacon discovery of AirPrint printers. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Defaults to true. Availability: Available only in iOS 11.0 and macOS 10.13 and later. X
Allow SystemAppRemoval - If set to false, disables the removal of system apps from the device. Defaults to true. Availability: Available only in iOS 11.0 and later. X X
Allow VPNCreation - If set to false, disallow the creation of VN configurations. Defaults to true. Availability: Available only in iOS 11.0 and later. X X
Allow ProximitySetupToNewDevice - Supervised only. If set to false, disables the prompt to setup new devices that are nearby. Defaults to true. Availability: Available only in iOS 11.0 and later. X X
Allow AccountModification - If set to false, account modification is disabled. Availability: Available only in iOS 7.0 and later. X X
Allow AppCellularDataModification - If set to false, changes to cellular data usage for apps are disabled. Availability: Available only in iOS 7.0 and later. X X
Allow AppInstallation - When false, the App Store is disabled and its icon is removed from the Home screen. Users are unable to install or update their applications. This key is deprecated on unsupervised devices. allowAssistantUserGeneratedContent - When false, prevents Siri from querying user-generated content from the web. Availability: Available in iOS 7 and later. X X
AllowBookstore - If set to false, iBookstore will be disabled. This will default to true. Availability: Available in iOS 6.0 and later. X X
Allow BookstoreErotica - Not available prior to iOS 6.1. If set to false, the user will not be able to download media from the iBookstore that has been tagged as erotica. This will default to true. Availability: Available in iOS 6.0 and later. X X
Allow Chat - When false, disables the use of the Messages app with supervised devices. Availability: Available in iOS 6.0 and later. X X
Allow FindMyFriendsModification - If set to false, changes to Find My Friends are disabled. Availability: Available only in iOS 7.0 and later. X X
Allow GameCenter - When false, Game Center is disabled and its icon is removed from the Home screen. Default is true. Availability: Available only in iOS 6.0 and later. X X
Allow HostPairing - If set to false, host pairing is disabled with the exception of the supervision host. If no supervision host certificate has been configured, all pairing is disabled. Host pairing lets the administrator control which devices an iOS 7 device can pair with. Availability: Available only in iOS 7.0 and later. X X
Allow UIConfigurationProfileInstallation - If set to false, the user is prohibited from installing configuration profiles and certificates interactively. This will default to true. Availability: Available in iOS 6.0 and later. X X
Autonomous SingleAppModePermittedAppIDs - If present, allows apps identified by the bundle IDs listed in the array to autonomously enter Single App Mode. Availability: Available only in iOS 7.0 and later. X X X
Force AssistantProfanityFilter - When true, forces the use of the profanity filter assistant. X X
Allow EraseContentAndSettings - If set to false, disables the Erase All Content And Settings option in the Reset UI. X X
Allow SpotlightInternetResults - If set to false, Spotlight will not return Internet search results. Availability: Available in iOS and in macOS 10.11 and later. X
Allow EnablingRestrictions - If set to false, disables the "Enable Restrictions" option in the Restrictions UI in Settings. X X

Windows

  • Windows Autopilot enrollment: Ready-to-use corporate devices with zero admin intervention for users. Streamlined bulk deployment, setup and configuration of Windows devices by registering with the Windows Autopilot deployment service. Automatic retrieval of relevant configurations from Windows Autopilot servers upon booting up devices for the first time will simplify the enrollment process significantly while enhancing the user experience remarkably.

  • Remote screen share support: Solve technical problems in real-time and improve customer engagement while saving time and money with better average resolution time using remote screen share for Windows devices.

  • Device operation enhancements: Add new device operations such as application list, firewall information, security information and device information to Windows device operations list conveniently.

  • Windows group policy support: Support for implementing over 200 group policies for Windows devices enrolled to the UEM server, similar to Active Directory (AD) environment group policy application. Enables administrators to execute group security and application settings across devices conveniently.

  • Windows bulk enrollment using PPKG: Enroll Windows devices conveniently and seamlessly in bulk by remotely deploying device configuration settings for the entire enrollment process, using Provisioning Packages (PPKGs).

  • Windows Azure AD (Entra ID) integrated enrollment support: Support for Azure AD registered and joined Windows devices for enrollment into Entgra UEM server via Microsoft Entra ID integration. Enables streamlined and efficient provisioning of devices in bulk for large-scale implementation of enterprise devices.

Windows - Supported Operations

Entgra UEM Server facilitates one time operations that can be performed remotely via the Endpoint Management Console.

The following operations can be executed on a Windows device.

Feature Description
Disenroll Remove selected devices
Wipe data Wipe the enterprise portion of the device
Location Fetch the device's current location
Reboot Reboot the device remotely

Windows - Supported Policies

The following policies can be executed on a Windows device.

Feature Description
Passcode policy Define a password policy for the devices.
Encryption settings Encrypt data on the device, when the device is locked and make it readable when the passcode is entered.
WiFi Policy Configure settings for accessing wireless networks.
Assigned access settings Set up Windows OS to allow only one application to run above the lock screen.
Update settings Configure update settings on Windows devices.
Defender Allowing to define settings of the Windows defender app and its scanning parameters.
BitLocker settings This configuration can encrypt data using BitLocker when the device is locked and make it readable when the passcode is entered.

Windows - Restriction Policies

Restrictions policies are those that can be applied on a device restricting or controlling the use of certain specific device features.

The following restriction policies are applicable on a Windows device.

Feature Description
Disable camera Disable the camera on the device
Disable location Disable fetching location details
Disable storage card Disable plugging of storage cards in the device
Disable device reset Disable resetting the device
Disable OneDrive sync Disable syncing files with OneDrive
Disable manual root certificate install Disable installing root certificates and intermediate certificates
Disable Bluetooth Disable Bluetooth control in the device
Disable cellular data Disable mobile data (only for mobile)
Disable data roaming Disable mobile data roaming on the device (only for mobile)
Disable connected devices Disable connecting with other devices
Disable connect with PC Disable connection with a PC of the device
Disable NFC Disable NFC in the device
Disable USB connection Disable USB connection on the device (only for mobile)
Disable VPN configuration Disable VPN configurations on the device (only for mobile)
Disable VPN roaming Disable VPN roaming on the device(only for mobile)
Disable date time Disable changing date and time settings
Disable non Microsoft accounts Disable adding non-Microsoft based accounts to the device
Disable private window in browser Decides if private browsing is allowed on the device
Disable indexing of removable drives Decides if the search results contain files from removable devices
Disable language settings Disable language settings
Disable region settings Disable region settings
Disable cortana Decides if cortana is allowed on the device