ASD's Blueprint for Secure Cloud

iOS/iPadOS

This section describes the configuration of device configuration profiles within Microsoft Intune associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 5 minutes

Basics

ItemValue
NameIos/Ipad
Description
PlatformiOS/iPadOS
Profile typeDevice restrictions

Assignments

Included groups

None

Excluded groups

None

Scope tags

ItemValue
Scope tagsDefault

Configuration settings

App Store, Doc Viewing, Gaming

ItemValue
Block viewing corporate documents in unmanaged appsYes
Allow unmanaged apps to read from managed contacts accountsYes
Treat AirDrop as an unmanaged destinationYes
Block viewing non-corporate documents in corporate appsYes
Allow copy/paste to be affected by managed open-inYes
Block App storeYes
Block automatic app downloadsYes

Built-in apps

ItemValue
Block SiriYes
Require Safari fraud warningsYes
Block internet search results from SpotlightYes
Safari cookiesBlock all cookies, and block cross site tracking
Block Safari JavaScriptYes
Block Safari pop-upsYes
Block Siri for dictationYes
Block Siri for translationYes
Block cameraYes
Block FaceTimeYes
Block Apple BooksYes
Block iMessageYes
Block PodcastsYes
Music serviceYes
Block iTunes RadioYes
Block iTunes storeYes
Block Find My iPhoneYes
Block Find My FriendsYes
Block user modification to the Find My Friends settingsYes
Block removal of system apps from deviceYes
Block SafariYes
Block Safari AutofillYes

Cloud and Storage

ItemValue
Force encrypted backupYes
Block managed apps from storing data in iCloudYes
Block backup of enterprise booksYes
Block notes and highlights sync for enterprise booksYes
Block iCloud Photos syncYes
Block iCloud Photo LibraryYes
Block My Photo StreamYes
Block HandoffYes
Block iCloud backupYes
Block iCloud document and data syncYes
Block iCloud Keychain syncYes

Connected devices

ItemValue
Force Apple Watch wrist detectionYes
Require AirPlay outgoing requests pairing passwordYes
Block Apple Watch auto unlockYes
Block AirDropYes
Block pairing with Apple WatchYes
Block modifying Bluetooth settingsYes
Block pairing with non-Configurator hostsYes
Block AirPrintYes
Block setting up new nearby devicesYes
Block access to USB drive in Files appYes
Disable near-field communication (NFC)Yes

General

ItemValue
Block sending diagnostic and usage data to AppleYes
Block screenshots and screen recordingYes
Block untrusted TLS certificatesYes
Block over-the-air PKI updatesYes
Force limited ad trackingYes
Block trusting new enterprise app authorsYes
Limit Apple personalized advertisingYes
Block remote AirPlay, view screen by Classroom app, and screen sharingYes
Allow Classroom app to perform AirPlay and view screen without promptingYes
Block modification of account settingsYes
Block Screen TimeYes
Block users from erasing all content and settings on deviceYes
Block modification of device nameYes
Block modification of notifications settingsYes
Block modification of WallpaperYes
Block configuration profile changesYes
Allow activation lockYes
Block removing appsYes
Block app clipsYes
Force automatic date and timeYes
Block VPN creationYes
Block modification of eSIM settingsYes

Locked Screen Experience

ItemValue
Block Control Center access in lock screenYes
Block Notification Center access in lock screenYes
Block Today view in lock screenYes
Block Wallet notifications in lock screenYes

Password

ItemValue
Require passwordYes
Block simple passwordsYes
Required password typeAlphanumeric
Number of non-alphanumeric characters in password1
Minimum password length14
Number of sign-in failures before wiping device11
Maximum minutes after screen lock before password is requiredImmediately
Maximum minutes of inactivity until screen locks1 Minute
Password expiration (days)365
Prevent reuse of previous passwords5
Block Touch ID and Face ID unlockYes
Block passcode modificationYes
Block modification of Touch ID fingerprints and Face ID facesYes
Block password AutoFillYes
Block password proximity requestsYes
Block password sharingYes

Restricted Apps

ItemValue
Type of restricted apps listApproved apps
Apps list
App store URLApp bundle IDApp namePublisher
https://apps.apple.com/au/app/adobe-acrobat-reader-for-pdf/id469337564com.adobe.Adobe-ReaderAdobe Acrobat Reader for PDFAdobe Inc
https://apps.apple.com/us/app/microsoft-authenticator/id983156458com.microsoft.azureauthenticatorMicrosoft AuthenticatorMicrosoft Corporation
https://apps.apple.com/us/app/microsoft-edge/id1288723196com.microsoft.msedgeMicrosoft EdgeMicrosoft Corporation
https://apps.apple.com/us/app/microsoft-excel/id586683407com.microsoft.Office.ExcelMicrosoft ExcelMicrosoft Corporation
https://apps.apple.com/us/app/microsoft-onedrive/id477537958com.microsoft.skydriveMicrosoft OneDriveMicrosoft Corporation
https://apps.apple.com/au/app/microsoft-onenote/id410395246com.microsoft.onenoteMicrosoft OneNoteMicrosoft Corporation
https://apps.apple.com/au/app/microsoft-powerpoint/id586449534com.microsoft.Office.PowerpointMicrosoft PowerPointMicrosoft Corporation
https://apps.apple.com/us/app/microsoft-outlook/id951937596com.microsoft.Office.OutlookMicrosoft OutlookMicrosoft Corporation
https://apps.apple.com/au/app/microsoft-sharepoint/id1091505266com.microsoft.sharepointMicrosoft SharePointMicrosoft Corporation
https://apps.apple.com/us/app/microsoft-teams/id1113153706com.microsoft.skype.teamsMicrosoft TeamsMicrosoft Corporation
https://apps.apple.com/us/app/microsoft-word/id586447913com.microsoft.Office.WordMicrosoft WordMicrosoft Corporation
https://apps.apple.com/au/app/power-apps/id1047318566com.microsoft.msappsPowerAppsMicrosoft Corporation

Shared iPad

ItemValue
Block Shared iPad temporary sessions​Yes

Wireless

ItemValue
Block voice dialing while device is lockedYes

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra