About Lockdown Mode

Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks.

What is Lockdown Mode?

Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats. Most people will never be targeted by attacks of this nature.

When Lockdown Mode is enabled, your device won’t function like it usually would. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites and features are strictly limited for security and some experiences may not be available at all.

Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later. Additional protections are available starting in iOS 17, iPadOS 17, watchOS 10 and macOS Sonoma.

For a complete set of protections, update your devices to the latest software before turning on Lockdown Mode.

How Lockdown Mode protects your device

When Lockdown Mode is enabled, some apps and features will function differently, including:

  • Messages — Most message attachment types will be blocked, other than certain images, video and audio. Some features, such as links and link previews, will be unavailable.

  • Web browsing — Certain complex web technologies will be blocked, which may cause some websites to load more slowly or to not operate correctly. In addition, web fonts may not be displayed, and images may be replaced with a missing image icon.

  • FaceTime — Incoming FaceTime calls will be blocked unless you’ve previously called that person or contact. Features such as SharePlay and Live Photos are unavailable.

  • Apple services — Incoming invitations for Apple services, such as invitations to manage a home in the Home app, are blocked unless you have previously invited that person. Game Center is also disabled.

  • Photos — When you share photos, location information is excluded. Shared albums are removed from the Photos app and new Shared Album invitations are blocked. You can still view these shared albums on other devices that haven’t enabled Lockdown Mode.

  • Device connections — To connect your iPhone or iPad to an accessory or another computer, the device needs to be unlocked. To connect your Mac laptop with Apple silicon to an accessory, your Mac needs to be unlocked and you need to provide explicit approval.

  • Wireless connectivity — Your device won't automatically join non-secure Wi-Fi networks and will disconnect from a non-secure Wi-Fi network when you turn on Lockdown Mode. 2G cellular support is turned off.

  • Configuration profiles — Configuration profiles can’t be installed, and the device can’t be enrolled in Mobile Device Management or device supervision while in Lockdown Mode.

Phone calls and plain text messages will continue to work while Lockdown Mode is enabled. Emergency features, such as SOS emergency calls, will not be affected.

How to turn on Lockdown Mode

For a complete set of protections, you should update all of your devices to the latest software and turn on Lockdown Mode for all of your devices.

  • Lockdown Mode needs to be turned on separately for your iPhone, iPad and Mac.

  • When you turn on Lockdown Mode for your iPhone, it's automatically turned on for your paired Apple Watch.

  • When you turn on Lockdown Mode for one of your devices, you get prompts to turn it on for your other supported Apple devices.

When Lockdown Mode is turned on, you might receive notifications when an app or feature is limited. A banner in Safari indicates that Lockdown Mode is on.

How to turn on Lockdown Mode on iPhone or iPad

  1. Open the Settings app.

  2. Tap Privacy & Security.

  3. Scroll down, tap Lockdown Mode, then tap Turn On Lockdown Mode.

    in Privacy & Security settings on iPhone, turn on Lockdown Mode.
  4. Tap Turn On Lockdown Mode.

  5. Tap Turn On & Restart, then enter your device passcode.

How to turn on Lockdown Mode on Mac

  1. Choose the Apple menu  > System Settings.

  2. From the sidebar, click Privacy & Security.

  3. Scroll down, click Lockdown Mode, then click Turn On.

  4. Click Turn on Lockdown Mode. You might need to enter the user password.

  5. Click Turn On & Restart.

How to exclude apps or websites from Lockdown Mode

While your device is in Lockdown Mode, you can exclude an app or website in Safari from being impacted and limited by WebKit restrictions. Only exclude trusted apps or websites and only if necessary.

On iPhone or iPad

To exclude a website while browsing: Tap the Page Menu buttonnull, tap the More buttonnull to open the Page Menu, then turn off Lockdown Mode for that website.

To exclude a website from Lockdown Mode protections, turn off Lockdown Mode in Page Settings in Safari.

To exclude an app or edit your excluded websites:

  1. Open the Settings app.

  2. Tap Privacy & Security.

  3. Under Security, tap Lockdown Mode.

  4. Tap Configure Web Browsing.

    To exclude an app or edit your excluded websites, tap Configure Web Browsing.

To exclude an app, turn that app off in the menu. Only the apps that you’ve opened since enabling Lockdown Mode and that have limited functionality will appear on this list.

To edit your excluded websites, tap Excluded Safari Websites > Edit.

On Mac

To exclude a website while browsing: Choose the Safari menu > Settings for [website]. Then untick the Enable Lockdown Mode box. To include the website again, re-tick the box.

To edit your excluded websites:

  1. From the menu bar in Safari, choose the Safari menu > Settings.

  2. Click Websites.

  3. In the sidebar, scroll down and click Lockdown Mode.

  4. From the menu next to a configured website, turn Lockdown Mode on or off.

Configuration profiles and managed devices

If a device is in Lockdown Mode, new configuration profiles can‘t be installed, and the device can‘t be enrolled in Mobile Device Management or device supervision. If a user wants to install a configuration profile or management profile, they’ll need to turn off Lockdown Mode, install the profile and then re-enable Lockdown Mode, if necessary. These restrictions can prevent attackers from attempting to install malicious profiles.

A device that was already enrolled in Mobile Device Management before Lockdown Mode was enabled will remain managed. System administrators can install and remove configuration profiles on that device.

Lockdown Mode is not a configurable option for Mobile Device Management by system administrators, as it’s designed for the very small number of individual users who may be targeted by extreme cyber attacks.

Published Date: