Page tree
Skip to end of metadata
Go to start of metadata


This payload can be used to restrict Windows Phone device capabilities.



Allow WiFiAllow or disallow WiFi connection. (Configurable by Exchange as well definition will be consistent with EAS definition.)[Checked]
Allow Internet SharingAllow or disallow internet sharing (Configurable by Exchange as well definition will be consistent with EAS definition.)[Checked]
Allow Auto Connect To WiFi Sense HotspotsAllow or disallow the device to automatically connect to Wi-Fi hotspots and friend social network.[Checked]
Allow WiFi HotSpot ReportingAllow or disallow WiFi Hotspot information reporting to Microsoft. Once disallowed, the user cannot turn it on.[Checked]
Allow Manual WiFi ConfigurationAllow or disallow connecting to Wi-Fi outside of MDM server-installed networks.[Checked]
WLAN Scan ModeThis policy defines the frequency mode for active Wi-Fi scanning trigger when screen is off and on. High setting would result in faster/better WiFi discoverbility.(Normal interval)

Allow NFCAllow or disallow NFC.[Checked]
Allow BluetoothSet Bluetooth mode.[Checked]
Allow VPN Roaming Over CellularThis policy when enforced, will prevent the device from connecting VPN when the device roams over cellular networks.[Checked]
Allow VPN Over CellularThis policy specifies what type of underline connections VPN is allowed to be used.[Checked]
Allow Manual VPN ConfigurationThis policy allows the enterprise to enforce a VPN protection by disabling all VPN settings. It prevents the user from manually configuring VPN settings that does not comply with company security policy.[Checked]
Cellular App Download 20 MB LimitThis policy specifies the maximum app file size in MB allowed for downloading through celluar connection. 20MB is the default limit if checked the operator imposed limt will be in effect.[Not Checked]
Allow USB ConnectionAllow/Disallow desktop to access phone storage via USB.(Both MTP and IPoUSB) are disabled when policy enforced.[Checked]
Allow Cellular Data RoamingDisable/enable SD card.[Checked]

Allow Storage CardAllow or disallow NFC.[Checked]
Allow TelemetryAllow the device to send telemetry information (such as SQM, Watson).(Allowed)
Allow LocationAllow/Disallow location service.(Allowed)
Allow User To Reset PhoneSpecify whether allow the user to factory reset the phone from setting control panel and hardware key combination.[Checked]

Allow Copy PasteSpecify whether copy and paste is allowed.[Checked]
Allow Task SwitcherThis policy allows the company to disable the task switcher competely. It does not effect the back button action, just the visual switcher trigger by the hold back button action.[Checked]
Allow Screen CaptureSpecify whether screen capture is allowed.[Checked]
Allow Voice RecordingSpecify whether voice recording is allowed.[Checked]
Allow Save As Of Office FilesSpecify whether the user is allowed to save file in the device as office file. Note that this policy is for the Office Hub only.[Checked]
Allow Sharing Of Office FilesSpecify whether the user is allowed to share office file. Note that this policy is for the Office Hub only.[Checked]
Allow CortanaSpecify whether Cortana is allowed at the device.[Checked]
Allow Sync My SettingsAllow enterprise to disallow roaming settings among devices ( in/from WP device). If not enforced, whether roaming is allowed or not could depend on other factors.[Checked]
Allow Manual MDM UnenrollmentSpecify whether allow the user to delete the workplace account via workplace control panel.[Checked]

Allow Microsoft Account ConnectionSpecify whether allow using MSA account for non email related connection authentication and services.[Checked]
Allow Adding Non Microsoft Accounts ManuallySpecify whether user is allowed to add non MSA email accounts.[Checked]

Allow Manual Root Certificate InstallationSpecify whether the user is allowed to manually install root and intermediate CAP certificates[Checked]
Require Device EncryptionAllow enterprise to turn on internal storage encryption.[Checked]
Allow Anti Theft ModeAllows enterprise to preventing user from enabling the Anti Theft mode. Note, if user already enabled the Anti Theft mode for the device before the policy applied, they will have to manually disable the Anti Theft mode for this policy to take effect.[Checked]

Allow StoreSpecify whether app store is allowed at the device.[Checked]
Allow Developer UnlockSpecify whether developer unlock is allowed at the device.[Checked]

Allow BrowserSpecify whether IE is allowed in the device.[Checked]

Allow CameraDisable/Enable camera[Checked]

Allow Search To Use LocationSpecify whether search could leverage location information.[Checked]
Allow Storing Images From Vision SearchSpecify whether allow BingVision to store the contents of the images captured when performing Bing Visio[Checked]

Allow Action Center NotificationsSpecify whether allow action center notifications above the device lock screen.[Checked]

Allow Idle Return Without PasswordSpecify whether allow action center notifications above the device lock screen.[Checked]

Require Protection Under Lock ConfigAllows data encryption of email data and associated attachments. Pin lock key is required to unlock and decode the content.[Not Checked]
Enterprise Protected Domain Names

Specifies the enterprise domain names. Multiple domain names may be defined using "|" character as the separator.


Default value: <empty>

  • No labels