The standards below are strongly recommended for mobile devices used in a clinical setting.
TIP: Use the following list as a template for your configuration. You may find it useful to print the list and check off each setting for validation.
These recommendations will evolve over time. Imprivata welcomes your feedback and suggestions.
DEP ProfileMobile Access Management can assign the device to the DEP profile, so it does not need to be the default profile. |
||
| Authentication | ON | |
| (Workspace ONE) Device Ownership Type | ON | |
| (Workspace ONE) Device Organization Group | Your preference | |
| Profile Name | GroundControl | |
| Department | Anything | |
| Support Number | Anything | |
| Require MDM enrollment | Enabled | |
| Supervision | Enabled | |
| Lock MDM Profile | Enabled | |
| Anchor Certificate | Disabled | |
| Device pairing | Enabled | |
| Supervision Identity Certificate | Upload Supervision Identity | |
| Await Configuration | Disabled | |
| Auto Advance Setup | Disabled | |
| Setup Assistant | Skip all setup screens | |
| Account Setup | Don't Skip | |
| Account Type | Administrator | |
| Create New Admin Type | No | |
MDM Notification ProfileThere must be one, and only one, notification profile. |
||
| Epic Rover | Allow Notifications | ON |
| Show in Notification Center | ON | |
| Show in Lock Screen | ON | |
| Allow Badging | ON | |
| Allow Sound | ON | |
| Allow critical alert notifications | ON | |
| Allow CarPlay | ON | |
| Alert Style when unlocked | Banner | |
| Select group notification type | Do not group | |
| Imprivata Locker for iOS | Allow Notifications | ON |
| Show in Notification Center | ON | |
| Show in Lock Screen | ON | |
| Allow Badging | ON | |
| Allow Sound | ON | |
| Allow critical alert notifications | ON | |
| Allow CarPlay | ON | |
| Alert Style when unlocked | Banner | |
| Select group notification type | Do not group | |
MDM Restriction ProfileMultiple Restriction profiles are permitted, and the iOS device will coalesce them into the most restrictive version. |
||
| OS Updates - Delay Updates | 90 days | |
| Allow use of camera | ON | |
| Allow FaceTime | OFF | |
| Allow passcode modification | ON | |
| Allow Biometric ID to unlock device | OFF | |
| Allow installing public apps | OFF | |
| Allow App Store icon on Home screen | OFF | |
| Allow app removal | OFF | |
| Force limited ad tracking | ON | |
| Show user-generated content in Siri | OFF | |
| Allow manual profile installation | OFF | |
| Allow configuring Restrictions | OFF | |
| Allow Erase All Contents and Settings | OFF | |
| Allow device name modification | OFF | |
| Allow wallpaper modification | OFF | |
| Allow account modification | OFF | |
| Allow Bluetooth Settings Modification | OFF | |
| Allow system app removal | OFF | |
| Allow manual VPN creation | OFF | |
| Force Date & Time to be Set Automatically | ON | |
| Allow auto filling of passwords | ON | |
| Allow sharing of Wi-Fi passwords | OFF | |
| Allow eSIM modification | OFF | |
| Allow personal hotspot modification | OFF | |
| Allow AirDrop * For iOS 17 +, disabling AirDrop prevents the NameDrop feature from triggering with devices in close proximity. | OFF | |
| Allow USB Restricted Mode | OFF | |
| Allow user to trust unmanaged enterprise apps | OFF | |
| Allow pairing with non-Configurator hosts | ON | |
| Force Wi-Fi Whitelisting | ON | |