Restrictions for Windows Devices

Configure restrictions to prevent employees from frequently accessing apps and services which aren’t required in a work environment. With restrictions being set up, protect the corporate data on the data from getting leaked by any means, even through a third party app installed on the device.
Note: The restrictions provided here are available for you to configure based on the MDM plan you’ve subscribed and the Windows version the end-user is on. For detailed information, please visit our pricing page.

Restrict Basic Device Functions

Restriction Supported OS Description
Allow use of camera PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to access the camera. Camera is allowed by default.
Allow copy paste PCs & tablets:
8.1   10

Phones:
8.1   10

Users are allowed to copy and paste text and files. Allowed by default.
Require device encryption PCs & tablets:
8.1   10

Phones:
8.1   10

Prompt users to enable encryption on their devices. Disabled by default.
Allow internet sharing PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to share their internet connection via Bluetooth or by creating a portable WiFi hotspot. By default, internet sharing is allowed to the turned on/off.
Allow NFC PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to enabled or disable NFC on their device. Allowed by default.
Allow Cortana PCs & tablets:
8.1   10

Phones:
8.1   10

Allow Cortana, Microsoft’s personal assistant to respond to user queries. Cortana is allowed to respond by default.
Allow WiFi PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to enable/disable WiFi. By default, users are allowed to do so.
Allow USB connection PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to access a storage device connected to the device’s USB port. Connection to an external USB device is established by default. Allowed by default.
Allow storage card PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to include a storage card to expand storage space. Allowed by default.
Allow voice recording PCs & tablets:
8.1   10

Phones:
8.1   10

Allow voice recording in Windows devices. Allowed by default.
Allow auto connect to WiFi Sense Allow the device to connect to a WiFi hotspot automatically. Allowed by default.
Allow manual WiFi configuration PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to configure WiFi manually and connect to the WiFi networks. By default, users are allowed to do so.
Allow VPN over cellular PCs & tablets:
8.1   10

Phones:
8.1   10

Allow the device to connect to a VPN if the device is connected to the cellular network. This option is disabled by default.
Allow VPN roaming over cellular PCs & tablets:
8.1   10

Phones:
8.1   10

Allow the device to connect to a VPN if the user is not connected to the home network. By default, the device is not permitted to connect to VPN if not on the home network.
Allow cellular data roaming PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to use cellular data while roaming, which might incur additional data charges. By default, cellular data will be blocked while roaming. Disabled by default.
Allow user to reset phone PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to reset their device to the factory settings. By default, users are allowed to do so.
Allow screen capture PCs & tablets:
8.1   10

Phones:
8.1   10

Allow the user to capture the device screen. Screen captures are allowed by default.
Allow telemetry PCs & tablets:
8.1   10

Phones:
8.1   10

Telemetry collects the diagnostic data from a Windows device and sends them to Microsoft. This includes information on the hardware used, applications installed and the device drivers. Microsoft uses this information to provide software, security and driver updates and to make their services better (more info). Telemetry will be allowed by default but you can disallow or make your device send limited information to Microsoft.
Allow Bluetooth PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to turn Bluetooth on or off. This is a drop-down box with two options disallow and allow, with ‘allow’ selected by default.
Allow location PCs & tablets:
8.1   10

Phones:
8.1   10

Allow users to turn location services on/off. Disallow and Allow (default) are the two values that are available for the user.

Telemetry in Windows

Telemetry is a feature in Windows where the system information will be sent to Microsoft to provide device-specific updates. This feature is not only used for providing updates, but also to improve their services as well. Microsoft already revealed that they used telemetry to count the number of times Alt+Tab was used on a PC to switch between active Windows and found that lesser number of users used Alt+Tab since most of them weren’t familiar with that function, which then led to the addition of Task View button in Windows 10.

Applications-based Restrictions

Restriction Supported OS Description
Allow use Store PCs & tablets:
8.1   10
Phones:
8.1   10
If this option is disabled, users cannot browse or install applications from Windows Store. The app icon will be hidden. By default, Store can be accessed by the user.
Allow sync MySettings Uncheck to disable roaming settings. Allowed by default.
Allow developer unlock PCs & tablets:
8.1   10
Phones:
8.1   10
Allow users to unlock developer mode. First time when a user tries to unlock developer mode, a developer package is downloaded and installed on the device. By default, users are allowed to unlock developer mode.
Allow manual root certificate installation PCs & tablets:
8.1   10
Phones:
8.1   10
Allow users to install the root certificate on their Windows device. This option is allowed by default.
Safe Search permission PCs & tablets:
8.1   10
Phones:
8.1   10
Permit users to enable or disable Safe Search. Safe Search is where Cortana filters out adult content from the search result. Disabled by default.
Allow sharing office files Allow users to share the Microsoft Office files. Allowed by default.
Allow search to use location Use location services to display regional results while searching the internet. Location services are used by default.
Allow storing images from Vision search Allow the device to store images captured for Vision search. Vision search (or BingVision) is a feature provided by Bing which allows you to scan an image (be it an object or a bar code) with your Windows device and Bing will display its details. Images are stored by default.
Allow adding non-Microsoft accounts manually PCs & tablets:
8.1   10
Phones:
8.1   10
Allow users to add non-Microsoft email accounts. Allowed by default.
Allow save as Office files Allow users to save files on their device as a Microsoft Office file. You can specify the location to which the file is to be stored. Allowed by default.
Allow Action Center notifications PCs & tablets:
8.1   10
Phones:
8.1   10
Allow the device to show notification on Action Center, the notification area of Windows. Notifications are allowed by default.
Allow browser PCs & tablets:
8.1   10
Phones:
8.1   10
If unchecked, users are not allowed to access the default browser on their device (Internet Explorer on Windows 8.1, Edge on Windows 10). Allowed by default.
  •  
  •  
  •  
  •  
  •  
Desktop or Mobile, Hexnode MDM Got You Covered!
FREE 30-DAY TRIAL