The Device Os Is Restricted In Your Activation Profile

[Doria Vilcan]

MicrosoftIntune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. If you currently use device administrator management, we recommend switching to another Android management option in Intune before support ends. For more information, see Ending support for Android device administrator on GMS devices.

Intune includes device restriction policies that help administrators control Android, iOS/iPadOS, macOS, and Windows devices. These restrictions let you control a wide range of settings and features to protect your organization's resources. For example, administrators can:

These features are available in Intune, and are configurable by the administrator. Intune uses "configuration profiles" to create and customize these settings for your organization's needs. After you add these features in a profile, you can then push or deploy the profile to devices in your organization.

In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-NC IT Team or JohnGlenn_ITDepartment. For more information about scope tags, go to Use RBAC and scope tags for distributed IT.

After some research I found out hat this blockage is directly related with the Screen Time options/settings on iOS and/or MacOS. Sonoma goes even on more MacOS sections (you might noticed) I've seen them on many settings MBP.

I use a time-tracking app that will track usage across all my devices and consolidate that into its summary to see where my time is spent in much granular ways than what Apple provides. That requires Sharing Across Devices to be on.

Having my iOS devices lock down access to my account on my Mac makes no sense. I don't think this has been thought through. (I never would've guessed it was my iPhone that was the "profile," if you can even call it that, that caused the restriction, based on its cryptic message.)

It does sound as if your Mac was provided to you from your employer, and they've set it up as Managed device. If this is the case, you'll need to contact your employer and find out if they can delete the Profile you mentioned.

Same here for over 24 hours now.

Support sent this reply:

All Twitter Blue subscribers will be required to confirm their phone number as part of sign up. If you do not have a phone number associated with your account, you will be prompted to add one. You may be experiencing this issue because you are trying to add a phone number from your account in a new session. To protect your account, we temporarily restrict changes to profile settings from new sessions. We recommend you use an older session and try again.

However, with some devices this does not work, which means that upon returning home and even rebooting their devices students' iPads are still treated as if they were on campus. I can only undo this by manually refreshing the device status/network details. Even when the iPads receive a new IP, Gateway etc. from their home dhcp server, the public IP is unaltered and thus the restriction profile is not removed. This can not be explained by a flawed configuration of the private networks either, since in case of siblings one iPad uninstalls the restriction profile as expected, whereas the other does not.

This also "works" the other way around: When students arrive on campus and connect to the school's LAN, they still "carry" their home public IP "around" which is why the restriction profile is not installed.

I do not really see how the reply is relevant!?

However, the only workaround that I have come up with is to make the students refresh their device details via the Jamf Student App. Still, I would like to know if there is a real solution to the problem.

The public IP address (and much more data) is only updated in the Jamf School console with a check-in, the device isn't able to dynamically report information back to MDM without first being asked to (hopefully DDM will help with this in the future.

To my understanding, the check-in cadence for devices in Jamf School is every 2 hours, which is likely why you are finding devices still show as the 'wrong' IP when at home (and why refreshing the device fixes the problem) You might find that using time-based profiles will give you better results.

Failing that and still wanting to use the location based way my advice would be to explore the API. There are end points which will let you search through devices and then refresh them via a script. You could automate this script so that a certain times of the day (say the start and end of school) you are refreshing devices at a more regular cadence via the API (and therefore getting faster results).

I wouldn't recommend checking the devices in so regularly during the entire day but for short bursts to tackle this issue, I wouldn't see a problem. Of course, you are effectively creating time-based rules but based on a location.....so if you've not looked into the API before, you might want to check out the in product time based feature first

Thank you very much for your suggestions/insights.

To my mind time-based profiles are too blunt and instrument because the times when students leave school simply vary way too much.

The 2h check-in frequency is another thing I was wondering about: Why can't this be set to a lower value? I remember reading that the interval in Jamf Pro is 15 minutes?

I will definitely look into the API but I would like to see an option to change the check-in frequency as well. Should this perhaps be a feature request?

I found out that students can push their location using the Jamf student app. This works for our students and could be considered a solution.

Students open the app, tap on their profile icon, tap on their device, and then tap on refresh (outlined from memory).

Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.

This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.

Are you accessing the Google Account from the country identified in the documents sent to Google? Note Google may be identifying your location upon your accessing the Google app due to the devices ip location.

How long ago did you contact support? I personally don't think it hurts to be a pest by consistently contacting support. There's an old saying in America that, "The squeaky wheel gets the grease"

If you've already submitted your identification documents and your account is still restricted after several months, it's best to reach out to Google's support team directly for assistance. They will have access to your account details and can provide specific information about the status of your account and any necessary steps to resolve the issue. To contact Google support, you can visit the Google Help Center ( ) and navigate to the relevant section for account support. Look for options to contact their support team via email, chat, or phone. It's important to note that I'm providing this information based on general knowledge up until September 2021, and Google's support processes may have changed since then. It's always recommended to refer to the official Google support channels for the most accurate and up-to-date information regarding your account issue.

Don't worry - it's quick and painless! Just click below, and once you're logged in we'll bring you right back here and post your question. We'll remember what you've already typed in so you won't have to do it again.

Hey @CinciAmy!

Sorry to see this has happened to you?

Are you trying from a desktop device using a wired connection :?

If so, turn the speaker on and let it play anything, if all works well, this should fix your playback issue.

Let us know how it goes!

I am having the same issue with two new Amazon echo speakers. They appear grayed out on the Spotify app and have the text "playback restricted" displayed next to them. Resetting account, reinstalling speakers, doing the other things listed in this thread have not helped. Very frustrating since the speakers primary purpose is to play Spotify. Moderators, can you ask your coders for the app what are the triggers to display the text "playback restricted" so we can understand what is triggering this? The text didn't come from the ether. This is a feature of your program.

I'm having the same issue. I set up a brand new Echo dot a few hours ago. At first, it played fine but after a few hours I came back to the Spotify app and the device is grayed out, and "playback restricted" is displayed underneath it. How can I remedy this?

I'm also having this problem. New Echo Dot worked ok initially but a few hours later has 'Playback Restricted' but Spotify still working fine on original owned Echo. This has to be a Spotify software issue, tried rebooting etc Echo but hasn't solved the problem

To restrict access to a specific profile on your account, you can protect it with a Profile Lock PIN. If you have already accessed a profile and get prompted to enter a PIN before playing a TV show or movie, see more about account-level PINs.

3a8082e126