Skip to main content

Apple Lock Screen Policy

Updated this week

Use the Apple Lock Screen Policy to control what users can access from the lock screen on managed Apple devices. By restricting Control Center, Today View, and Wallet (Passbook) on the lock screen, you reduce the risk of unauthorized access to sensitive information or device features when a device is lost, unattended, or shared.

This policy is available for:

  • iOS only

    • Allow Lock Screen Control Center

    • Allow Lock Screen Today View

    • Allow Wallet While Locked

You can create and assign this policy from:
Device Management → Policies → New Policy → Apple → Lock Screen Policy

Recommended use cases

Typical reasons to enforce a lock screen policy:

  • Security-conscious environments (finance, healthcare, legal, etc.) that must minimize what a passerby can do from the lock screen.

  • Shared or frontline devices where many people might briefly handle a device.

  • Lost or stolen device risk reduction, ensuring features like Control Center or Wallet are not exposed.

Settings

1. Allow Lock Screen Control Center

  • Field name: allowLockScreenControlCenter

  • Platforms: iOS

What it controls
Determines whether users can open Control Center while the device is locked.

Behavior

  • True (enabled/allowed)

    • Users can swipe or click to open Control Center on the lock screen.

    • They may be able to toggle Wi‑Fi, Bluetooth, flashlight, camera, and other quick actions depending on device configuration.

  • False (disabled/not allowed)

    • The system prevents Control Center from appearing on the lock screen.

    • Users must unlock the device before accessing Control Center.

Security impact

Disabling Control Center on the lock screen helps prevent:

  • Quickly disabling network connectivity (e.g., turning off Wi‑Fi) before the device can be located.

  • Using shortcuts such as camera or other controls without authentication.

Recommendation

  • For high-security or shared devices: set to False (do not allow Control Center on the lock screen).

  • For personal or low-risk devices: you may leave it True to preserve user convenience.

2. Allow Lock Screen Today View

  • Field name: allowLockScreenTodayView

  • Platforms: iOS

What it controls
Determines whether the Today View / widgets view in Notification Center is available on the lock screen.

Behavior

  • True (enabled/allowed)

    • Users can access Today View from the lock screen (e.g., by swiping to the widget screen).

    • Widgets can expose calendar previews, reminders, tasks, notes, and other potentially sensitive data.

  • False (disabled/not allowed)

    • The system disables the Today view in Notification Center on the Lock Screen.

    • Users must unlock the device to see Today View or widgets.

Security impact

Disabling Today View on the lock screen reduces the risk that:

  • Calendar events, meetings, or reminders are visible to anyone holding the device.

  • Data from third‑party widgets (project tools, messaging apps, etc.) is exposed without authentication.

Recommendation

  • For devices with access to sensitive calendars or line-of-business apps via widgets: set to False.

  • For less sensitive environments, you can keep this True if widget access on the lock screen is desirable.

3. Allow Wallet While Locked (iOS only)

  • Field name: allowPassbookWhileLocked

  • Platforms: iOS

What it controls
Determines whether Wallet (formerly Passbook) notifications and passes (e.g., boarding passes, tickets, payment cards) are available on the lock screen.

Behavior

  • True (enabled/allowed)

    • Wallet notifications and passes can appear on the lock screen.

    • Users can double-click the side or home button (depending on model) to bring up Wallet from a locked state, subject to device and Wallet settings.

  • False (disabled/not allowed)

    • The system hides Passbook/Wallet notifications from the Lock Screen.

    • Users must unlock the device to view Wallet items and related notifications.

Security impact

Disabling Wallet on the lock screen can help:

  • Avoid exposing travel itineraries, tickets, or personal payment-related UI when a device is locked.

  • Reduce the chance that someone can interact with Wallet/cards from a locked device (depending on device and Wallet configuration).

Recommendation

  • For corporate-owned iPhones or environments with strict privacy requirements: set to False.

  • For BYOD or low-risk deployments, you may leave this True to maintain a smooth Wallet experience for end users.

Deployment guidance

Create the policy

  • Go to Device Management → Policies → New Policy.

  • Select Apple and choose Lock Screen Policy.

  • Configure the fields above based on your security requirements.

Assign to device groups

  • Target smart groups for:

    • All managed iOS devices.

  • For Wallet-specific restrictions, target iOS device groups only.

Test before broad rollout

  • Apply the policy to a small test group.

  • Lock the device and verify:

    • Control Center behavior on the lock screen.

    • Today View / widget visibility on the lock screen.

    • Wallet notifications/lock-screen access on iOS devices.

Communicate to users

  • Let users know that some lock screen features may no longer be available, and that this is required for organizational security.

Related Articles
Apple Security Access Control Policy
Apple Intelligence Policy
Apple Sharing Restrictions Policy
Apple Siri Policy
Apple iCloud Policy
Did this answer your question?