Recommended Settings for Clinical Devices

Created: Modified: Knowledge Base

The standards below are strongly recommended for mobile devices used in a clinical setting.

TIP: Use the following list as a template for your configuration. You may find it useful to print the list and check off each setting for validation.

These recommendations will evolve over time. Imprivata welcomes your feedback and suggestions.

DEP Profile

Mobile Access Management can assign the device to the DEP profile, so it does not need to be the default profile.

Authentication ON
(Workspace ONE) Device Ownership Type ON
(Workspace ONE) Device Organization Group Your preference
Profile Name GroundControl
Department Anything
Support Number Anything
Require MDM enrollment Enabled
Supervision Enabled
Lock MDM Profile Enabled
Anchor Certificate Disabled
Device pairing Enabled
Supervision Identity Certificate Upload Supervision Identity
Await Configuration Disabled
Auto Advance Setup Disabled
Setup Assistant Skip all setup screens
Account Setup Don't Skip
Account Type Administrator
Create New Admin Type No
MDM Notification Profile

There must be one, and only one, notification profile.

Epic RoverAllow Notifications ON
Show in Notification Center ON
Show in Lock Screen ON
Allow Badging ON
Allow Sound ON
Allow critical alert notifications ON
Allow CarPlay ON
Alert Style when unlocked Banner
Select group notification type Do not group
Imprivata Locker for iOSAllow Notifications ON
Show in Notification Center ON
Show in Lock Screen ON
Allow Badging ON
Allow Sound ON
Allow critical alert notifications ON
Allow CarPlay ON
Alert Style when unlocked Banner
Select group notification type Do not group
MDM Restriction Profile

Multiple Restriction profiles are permitted, and the iOS device will coalesce them into the most restrictive version.

OS Updates - Delay Updates 90 days
Allow use of camera ON
Allow FaceTime OFF
Allow passcode modification ON
Allow Biometric ID to unlock device OFF
Allow installing public apps OFF
Allow App Store icon on Home screen OFF
Allow app removal OFF
Force limited ad tracking ON
Show user-generated content in Siri OFF
Allow manual profile installation OFF
Allow configuring Restrictions OFF
Allow Erase All Contents and Settings OFF
Allow device name modification OFF
Allow wallpaper modification OFF
Allow account modification OFF
Allow Bluetooth Settings Modification OFF
Allow system app removal OFF
Allow manual VPN creation OFF
Force Date & Time to be Set Automatically ON
Allow auto filling of passwords ON
Allow sharing of Wi-Fi passwords OFF
Allow eSIM modification OFF
Allow personal hotspot modification OFF
Allow AirDrop
* For iOS 17 +, disabling AirDrop prevents the NameDrop feature from triggering with devices in close proximity.
OFF
Allow USB Restricted Mode OFF
Allow user to trust unmanaged enterprise apps OFF
Allow pairing with non-Configurator hosts ON
Force Wi-Fi Whitelisting ON