Overview
The Apple Interface Controls policy manages a set of interface-level features on Apple devices to improve privacy and security on managed, corporate-owned hardware.
With this policy, admins can:
Disable Location Services
Disable Spotlight Internet Search
Disable Game Centre
Restrict Startup Disk selection (macOS)
These controls help reduce data leakage, limit distractions, and prevent unauthorized changes to how a device boots.
Supported platforms and OS requirements
Supported platforms
macOS
iOS
iPadOS
Minimum OS versions
Enable Location Services
macOS 10.11+
iOS 13.0+
iPadOS 13.0+
Enable Spotlight Internet Search
macOS 10.11+
iOS 13.0+
iPadOS 13.0+
Enable Game Centre
macOS 10.11+
iOS 6.0+
iPadOS 13.0+
Restrict Startup Disk Selection
macOS 10.11+
If a device does not meet the minimum OS requirement for a specific control, that control will not be applied on that device.
Policy settings
1. Enable Location Services
Field name: enableLocationServices
Default: true
When disabled (false):
Location Services are disabled on the device.
Apps and system services cannot determine the device’s geographic location.
Users will not be able to turn Location Services back on while the policy is enforced.
Typical use cases
Highly regulated environments where location data is considered sensitive.
Devices used in locations where tracking is prohibited or undesirable.
Impact on users
Apps that depend on location (maps, ride‑sharing, weather, “find nearby” features) may not work correctly or may show reduced functionality.
System features that require location (e.g., “Find My” accuracy, timezone suggestions, location-based suggestions) may be limited.
2. Enable Spotlight Internet Search
Field name: enableSpotlightInternetSearch
Default: true
When disabled (false):
Spotlight (or system search) is prevented from sending search queries to Apple.
Internet search results and online suggestions are not returned in Spotlight.
Search is limited to on-device content only (apps, local files, etc.).
Typical use cases
Organizations with strict data privacy requirements that want to minimize outbound search telemetry.
Locked-down environments where only approved web access methods (e.g., specific browsers with filtering) should be used.
Impact on users
Users will still be able to search on the device (apps, documents, system items).
They will not see web results or online suggestions directly in Spotlight.
3. Enable Game Centre
Field name: enableGameCenter
Default: true
When disabled (false):
Game Centre is disabled on the device.
Users cannot sign in to Game Centre or use Game Centre features (leaderboards, achievements, multiplayer, etc.).
Apps that rely on Game Centre may show errors or reduced functionality.
Typical use cases
Corporate or education devices where gaming is not appropriate or allowed.
Environments focused on productivity where Game Centre serves no business purpose.
Impact on users
No access to Game Centre services or social gaming features.
Some games may still run but without Game Centre capabilities; others may refuse to start or prompt the user that Game Centre is unavailable.
4. Restrict Startup Disk Selection (macOS only)
Field name: restrictStartupDiskSelection
Default: false
When enabled (true):
Users are restricted from changing the startup disk on macOS devices.
This helps prevent booting from:
External drives (USB, Thunderbolt, etc.)
Alternate internal volumes or OS installations
Reduces the risk of users bypassing security controls by booting into unmonitored or unmanaged environments.
Typical use cases
High-security environments where only the managed OS image is allowed.
Shared or kiosk Macs where users must not alter the boot configuration.
Impact on users
Users cannot change the startup disk via System Settings / System Preferences or during startup.
IT or administrators may still be able to change the boot configuration using privileged tools or physical access, depending on your environment and security model.
Configuration behavior
You can enable any combination of these controls depending on your security and privacy requirements.
Settings apply only on devices and OS versions that meet the minimum system requirements listed above.