Backup Policy for iOS and iPadOS devices
Overview
Administrators have the ability to allow or deny iOS or iPadOS devices to be restored from backup and maintain access to corporate information. By default, this setting is disabled for security reasons, to prevent a user’s backup being restored on other devices. This includes the scenario where one of your employees has left your organization and subsequently tries to restore a backup that was made during their time with you. Please keep There are certain situations where a restore from backup is required or desired, such as major iOS upgrades or by receiving a new iPhone or iPad and the convenience for a phone migration. We recommend allowing the restore process mostly during fleet upgrades to new major OS versions or when your organizations security policy explicitly allow to perform backups due to convenience reasons. The second part of this knowledge base article contains a configuration for how to prevent users in general to generate iCloud backups and or connecting the device to a macOS device to perform a backup. We recommend in addition to review the Backup and Device Migration Principles for Apple Devices article for additional information about backups.
Configuration
The Allow Restore from Backup option is located under Admin > Backup Policy and can be enabled or disabled. When a device is restored from backup and this setting is disabled, Silverback will detect the restored backup and send a command to the device for deleting business data.
Setting | Options | Description |
---|---|---|
Allow Restore from Backup | Enabled or Disabled |
Will prevent or allow that End users can restore their Silverback device connection with a backup. |
Notification
When a restore from a backup has been detected, Administrators with enabled Receive Email Alerts option will receive the following E-Mail Notification:
Log Information
Additionally, the following message is shown in the Logs section
1313885 |
28 Nov 2018 06:45:06 AM |
SilverbackMDM.SilverBack.Common.MdmProtocols.Http401Exception: Restore from backup is not allowed, therefore Send 401 to remove mdm base profile. |
Prevent Backups
To prevent the backup creation on iOS and iPadOS devices, you can utilize the Allow iCloud Backup and Allow Host Pairing (supervised) restriction. By disabling the Allow iCloud Backup setting, the iCloud Backup option in iOS or iPadOS will be deactivated and made hidden. If you disable the Allow Host Pairing setting, the macOS device will show an information that paring is prohibited by a policy on the device after pressing the trust button. The following screenshots will display the behavior changes on managed devices with the configured restrictions.
Allowed iCloud Backup | Disallowed iCloud Backup |
Disallowed Host Pairing | |
![]() |