The Security Access Control Policy enables IT administrators to centrally manage and enforce critical device-security settings on macOS, iOS, and iPadOS devices, helping you meet compliance requirements and reduce security risks.
Supported Platforms
macOS 10.11+
iOS 4.0+
iPadOS 4.0+
Available Configuration Options
Allow Camera
Determines if the device's camera is available for use.
True: Camera enabled.
False: Camera disabled, including lock-screen shortcut.
Minimum: macOS 10.11+, iOS 4.0+, iPadOS 4.0+
Allow Fingerprint for Unlock
Controls the availability of fingerprint (Touch ID) or face recognition (Face ID) for unlocking devices.
True: Allows fingerprint/Face ID unlocking.
False: Forces manual passcode entry only.
Minimum: macOS 10.12.4+, iOS 7.0+, iPadOS 7.0+
Allow Fingerprint Modification
Determines if the user can add or modify fingerprints or face recognition data.
True: Fingerprints/Face ID data modifiable by user.
False: Blocks modifications to biometric data.
Minimum: macOS 14+, iOS 8.3+, iPadOS 8.3+
Enforced Fingerprint Timeout
Sets the maximum idle duration (in seconds) after which biometric unlock is disabled and the user must enter a passcode.
Default: 172800 seconds (48 hours).
Minimum: macOS 12+, iOS 9+, iPadOS 9+
Force Authentication Before AutoFill
Requires authentication before autofill can insert stored credentials (passwords, credit cards, etc.) in Safari and apps.
True: Requires Face ID, Touch ID, or passcode.
False: No additional authentication required.
Minimum: iOS 11+, iPadOS 11+, Requires a supervised device
Allow Files USB Drive Access
Controls whether users can connect and access files from USB storage drives via the Files app.
True: Allows access to USB-connected drives.
False: Blocks access to external USB drives.
Minimum: iOS 13.1+, iPadOS 13.1+, Requires a supervised device
Allow USB Restricted Mode
Manages USB accessory connection security after a device has been locked.
True: Always allows USB accessory connections (less secure).
False: Limits USB accessory connections when the device has been locked for an hour or longer (more secure).
Minimum: macOS 15.0+ , iOS 11.4.1+ , iPadOS 11.4.1+, Requires a supervised device
How to Set Up the Policy
In the Swif admin console, navigate to Device Management β Policies β Create New Policy.
Select Apple Security Access Control Policy.
Configure settings according to your organization's security requirements.
Assign the policy to device groups or individual devices, then click Deploy.
Recommended Use Cases
Security-sensitive environments (finance, healthcare, legal) where biometric security controls need to be strictly managed.
Regulatory compliance (SOC2, ISO27001, HIPAA) environments that require precise control over device security settings.
Corporate-owned iOS/iPadOS fleets to prevent unauthorized data transfers through USB drives.
Troubleshooting Common Issues
Fingerprint/Face ID settings not applying?
Check minimum OS versions and ensure devices meet the requirements.USB drive restrictions not working?
Ensure devices run iOS/iPadOS 13.1+ and confirm policy settings are correctly assigned.
By using Swif's Security Access Control Policy, your organization can effortlessly enhance the security posture of your Apple device fleet, minimize unauthorized access risks, and simplify regulatory compliance.