Blocking Apple devices

To generally control access to Apple devices, there is a special device class Apple devices.

Unlike other devices, which can either be locked or unlocked only, the Apple device class provides a detailed distinction by access rights. Thus, they are treated like drives. This allows all iPods, iPads and iPhones to be controlled very precisely and the data transfer to be tracked.

Please note that Apple devices are classified as 'regular' devices in the DOC.

The following options can be configured:

The General tab

  • Allow : Any authenticated user can use Apple devices

  • Deny (lock) for all users : Access to Apple devices is blocked for all users.

  • Deny (lock), but allow access for defined users and groups : Apple devices are locked, but access is possible for the specified user(s) or group(s).

    To include another group or user in the list, click Add. Click Remove to delete the previously selected entry.

The Filter / Shadow tab

  • Filter files, [...] : Using the file filter, accesses can be restricted and logged based on the file types (PDF, DOCX, etc.). However, the file filter must have been created beforehand. The file filter can be used and assigned in all rules.

  • Audit and shadow files...: Operations (read, write) are logged and can be evaluated later with the DOC.

  • ... using the following filters : Select the existing file filters here and insert them accordingly.

  • Allow access as configured only to selected subfolders: Here you can configure the folders by clicking on the button.

iTunes tab:

  • Independently of the devices, you can also restrict the range of functions, for example the blocked iTunes functions. This way you can disable the synchronization of special data types.

  • Audit all transferred files and data : This is equivalent to file logging in the file filter, i.e. all data exchange is logged.

Click here for more information about the Awareness tab.

Messages tab:

  • Display custom message in user notification: Enable this option to configure a custom message for a rule. Enter a text that will be displayed regardless of the currently set system language. This language-independent message is represented by a key symbol at the upper left corner of the input field. If you have defined multilingual user messages, you can also select one of these messages. To do so, click the arrow and select Multilingual messaging from the list.

  • If you want the message to be displayed even if access by the user is possible, enable the corresponding option.

  • To disable the display of notifications in general (including the display of standard notifications), enable Do not show notification.

  • If you want to suppress the generation of monitoring events for this whitelist rule, check Do not generate audit events when this rule is activated.