Skip to main content
Matrix42 Self-Service Help Center

Backup Policy for iOS and iPadOS devices

Overview

Administrators have the ability to allow or deny iOS or iPadOS devices to be restored from backup and maintain access to corporate information. By default, this setting is disabled for security reasons, to prevent a user’s backup being restored on other devices. This includes the scenario where one of your employees has left your organization and subsequently tries to restore a backup that was made during their time with you. Please keep There are certain situations where a restore from backup is required or desired, such as major iOS upgrades or by receiving a new iPhone or iPad and the convenience for a phone migration. We recommend allowing the restore process mostly during fleet upgrades to new major OS versions or when your organizations security policy explicitly allow to perform backups due to convenience reasons. The second part of this knowledge base article contains a configuration for how to prevent users in general to generate iCloud backups and or connecting the device to a macOS device to perform a backup. We recommend in addition to review the Backup and Device Migration Principles for Apple Devices article for additional information about backups.

Configuration

The Allow Restore from Backup option is located under Admin > Backup Policy and can be enabled or disabled. When a device is restored from backup and this setting is disabled, Silverback will detect the restored backup and send a command to the device for deleting business data. 

Setting Options Description
Allow Restore from Backup Enabled or Disabled

Will prevent or allow that End users can restore their Silverback device connection with a backup.

Notification

When a restore from a backup has been detected, Administrators with enabled Receive Email Alerts option will receive the following E-Mail Notification:

clipboard_ed028a24e293d44c92706229fb0c0036a.png

Log Information

Additionally, the following message is shown in the Logs section 

1313885

28 Nov 2018 06:45:06 AM

SilverbackMDM.SilverBack.Common.MdmProtocols.Http401Exception: Restore from backup is not allowed, therefore Send 401 to remove mdm base profile.
at SilverbackMDM.SilverBack.Common.MdmProtocols.Checkins.TokenUpdateMsgPayload.CheckMsgLogic(IMdmRepository mdmRepository, IMdmCommandService mdmCommandService, IWebSettingService webSettingService, Device device)
at SilverbackMDM.SilverBack.Common.MdmProtocols.Checkins.CheckinMsgPayloadBase.ProcessMessage(IMdmRepository mdmRepository, IMdmCommandService mdmCommandService, IMdmBaseController controlller)
at SilverbackMDM.SilverBack.Web.Checkin.Controllers.CheckinController.CheckIn()

Prevent Backups

To prevent the backup creation on iOS and iPadOS devices, you can utilize the Allow iCloud Backup and Allow Host Pairing (supervised) restriction. By disabling the Allow iCloud Backup setting, the iCloud Backup option in iOS or iPadOS will be deactivated and made hidden. If you disable the Allow Host Pairing setting, the macOS device will show an information that paring is prohibited by a policy on the device after pressing the trust button. The following screenshots will display the behavior changes on managed devices with the configured restrictions.

Allowed iCloud Backup Disallowed iCloud Backup
IMG_0008.PNG IMG_0007.PNG
IMG_0003.PNG IMG_0004.PNG
Disallowed Host Pairing
hostpairingpolicy.png
  • Was this article helpful?