This list gives you an overview of all policies available in the Cortado administration portal for macOS devices. You can find out how to create policies and what you need to bear in mind in our help articles.
| Policy | Explanation | Function |
| Apps | ||
| Allow playback of explicit music, podcast & iTunes U media | Playback of explicit music, podcasts, and iTunes U permitted | On/Off |
| Allow explicit sexual content in Apple Books | Display of offensive sexual content permitted in Apple Books | On/Off |
| Authentication | ||
| Allow modifying Touch ID fingerprints / Face ID faces | Changing existing biometric data permitted | On/Off |
| Allow password AutoFill | Allow password autofill | On/Off |
| Allow proximity based password sharing requests | Request for automatic sharing of Wi-Fi passwords with (nearby) Apple devices allowed | On/Off |
| Allow password sharing | Sharing saved passwords via AirDrop allowed | On/Off |
| Data and Container Protection | ||
| Allow installing configuration profiles | Installation of configuration profiles and certificates is permitted | On/Off |
| Allow AirDrop | Use of AirDrop permitted | On/Off |
| Allow iCloud Photos | Access to iCloud photos allowed. If disabled, all undownloaded photos will be removed from local storage. | On/Off |
| Allow iCloud Private Relay | Use of iCloud Private Relay* permitted (*Apple privacy feature for internet activity) | On/Off |
| Force dictation on the device | Device does not connect to Siri servers for dictation purposes (disabled by default) | On/Off |
| Allow personalized ads delivered by Apple | Personalized advertising from Apple permitted | On/Off |
| Allow Safari AutoFill | Safari's automatic fill function for passwords, contact details, credit cards, and use of the keychain is permitted. | On/Off |
| Device | ||
| Allow modifying device name | Changing device names permitted | On/Off |
| Allow modifying account settings | Modification of accounts (Apple IDs and internet-based accounts such as mail, contacts, and calendars) permitted | On/Off |
| Allow Erase All Content and Settings | Reset to factory settings permitted | On/Off |
| Allow modifying Bluetooth settings | Changing Bluetooth settings allowed | On/Off |
| Disallow USB accessories while device is locked | Connecting devices to USB accessories at any time, even when locked, is not permitted. | On/Off |
| Allow screenshots and screen recording | Saving a screenshot and recording a screen permitted | On/Off |
| Allow iPhone Mirroring | Mirroring an iPhone on a Mac is permitted | On/Off |
| Allow Handoff | Handoff enabled (Handoff is a feature that allows you to seamlessly continue an activity started on your iPhone, such as writing an email, on your Mac.) | On/Off |
| Allow "Find My Devices" | "Find My Devices” allowed | On/Off |
| Allow "Find My Friends" | "Find My Friends" allowed | On/Off |
| Allow live voicemail | Live transcription of voicemail messages on screen permitted | On/Off |
| Allow modifying Wallpaper | Changing wallpaper permitted | On/Off |
| Allow Touch ID / Face ID to unlock device | Unlocking the device with Touch ID/Face ID permitted | On/Off |
| Allow auto unlock with Apple Watch | Automatic unlocking with Apple Watch permitted | On/Off |
| OS Updates | ||
| Defer software updates for … days (1-90) | Postpone software update | On/Off |
| OS update delay (in days) | Software update postponed by a specified number of days | Enter value |
| Force automatic OS updates (start, end, delay days) | Force OS update for a specific time window | Enter value |
| Allow installation of rapid security responses | Allow installation of minor security updates (patches) | On/Off |
| Allow removal of rapid security responses | Removal of minor security measures (patches) permitted | On/Off |
| Passcode | ||
| Allow modifying passcode | Changing the passcode is permitted | On/Off |
| Force passcode | Passcode usage is enforced | On/Off |
| Require alphanumeric value | Strings consisting of letters and numbers | On/Off |
| Allow simple value | A simple passcode contains repeating or consecutive characters, such as 123 or CBA. | On/Off |
| Minimum number of complex characters: | A complex character is a character that is not a number or letter, e.g., &, %, $, and #. | Enter value |
| Minimum passcode length | Set minimum passcode length | Enter value |
| Automatic lock time (min.) | Time that the device can remain idle without the user unlocking it | Enter value |
| Maximum grace period for device lock | Time period in minutes during which the phone can be unlocked without entering a passcode | Enter value |
| Passcode validity (1-730 days, or none) | Time period during which the password can remain unchanged before it must be renewed | Enter value |
| Maximum number of failed logins | Number of failed passcode attempts that the system allows the user before erasing or locking the device | Enter value |
| Passcode history (1-50, or none) | Number of times a new password/passcode must be changed before an old one can be used again | Enter value |
| Siri | ||
| Allow Siri | Use of Siri permitted | On/Off |
| Enable Siri profanity filter | Enforces the use of the profanity filter for Siri (disabled by default) | On/Off |
| Synchronization | ||
| Allow sending diagnostic and usage data to Apple | Allows the device to automatically send diagnostic reports to Apple. | On/Off |
| Allow iCloud Bookmarks | Allow Safari bookmarks to sync with iCloud | On/Off |
| Allow iCloud Mail | Synchronize Mail app with iCloud allowed | On/Off |
| Allow iCloud Calendar | Synchronize calendar with iCloud allowed | On/Off |
| Allow iCloud Reminders | Synchronize reminders with iCloud allowed | On/Off |
| Allow iCloud Contacts | Synchronize contacts with iCloud allowed | On/Off |
| Allow iCloud Notes | Synchronize notes with iCloud allowed | On/Off |
| Allow iCloud documents & data | Allow documents and data to be stored in iCloud Drive This refers to general access to iCloud by apps, i.e., whether programs (such as Pages, Numbers, Preview, third-party apps, etc.) are allowed to store their data or documents in iCloud. | On/Off |
| Allow iCloud Keychain | Synchronize keychain in iCloud allowed | On/Off |
| Allow iCloud Desktop and Document | This policy only affects a specific part of iCloud Drive—namely, the automatic synchronization of the user folders “Desktop” and “Documents” with iCloud. | On/Off |
| System Apps | ||
| Allow use of camera | Use of camera permitted | On/Off |
| Allow use of Game Center | Use of Game Center permitted | On/Off |
| Allow adding Game Center friends | Adding friends in Game Center allowed | On/Off |
| Allow multiplayer gaming | Multiplayer games allowed | On/Off |
| Allow Apple Books | Use of Apple Books permitted | On/Off |
| Allow Apple Music | Use of Apple Music permitted | On/Off |
| Usability | ||
| Allow define | Search for definitions of words by tapping on them permitted | On/Off |
| Allow dictation | Use of dictation function permitted | On/Off |
| Allow Spotlight Internet Results | Content from the Internet permitted in Spotlight search | On/Off |
| Apple Intelligence | ||
| Allow Genmoji | Use of AI-generated emojis (so-called genmojis) permitted | On/Off |
| Allow Image Playground | Generating AI images is permitted for use in news articles, presentations, documents, etc. | On/Off |
| Allow Writing Tools | AI-supported functions such as rewriting, correction, and summarization permitted | On/Off |
| Allow Apple Intelligence report | Creation of automatic summaries or reports based on content (e.g., emails, documents). | On/Off |
| Allow external intelligence integrations | Enables the interface so that Apple Intelligence can use external AI models (e.g., ChatGPT, Google Gemini) via Apple's mediation layer | On/Off |
| Allow signing in to external intelligence integrations | Allows you to log in with your own accounts to external AI services (e.g., OpenAI Plus). This provides access to advanced features. | On/Off |
| Allowed external intelligence workspace IDs | Allows Apple Intelligence to only use the specified external integration workspace ID and requires login to make requests. The user must log in to integrations that support login. | Enter ID |