diff --git a/README.md b/README.md index 1f5f760..9209928 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,11 @@ This release corresponds to the following OS versions | OS | Version | |----------|---------| -| iOS | 18.1 | -| macOS | 15.1 | -| tvOS | 18.1 | -| visionOS | 2.1 | -| watchOS | 11.1 | +| iOS | 18.2 | +| macOS | 15.2 | +| tvOS | 18.2 | +| visionOS | 2.2 | +| watchOS | 11.2 | ## Important Release Notes diff --git a/declarative/declarations/configurations/diskmanagement.settings.yaml b/declarative/declarations/configurations/diskmanagement.settings.yaml index b8f7f8e..b986992 100644 --- a/declarative/declarations/configurations/diskmanagement.settings.yaml +++ b/declarative/declarations/configurations/diskmanagement.settings.yaml @@ -23,7 +23,7 @@ payloadkeys: - key: Restrictions type: presence: optional - content: Defines the restrictions for disks + content: The restrictions for the disk. subkeys: - key: ExternalStorage title: External Storage @@ -36,9 +36,9 @@ payloadkeys: combinetype: enum-last content: |- Specifies the mount policy for external storage: - * Allowed - external storage that is read-write or read-only will be mounted. - * ReadOnly - only external storage that is read-only will be automatically mounted. Note that external storage that is read-write will not be mounted read-only. - * Disallowed - no external storage will be mounted. + * 'Allowed': the system can mount external storage that is read-write or read-only. + * 'ReadOnly': the system can only mount read-only external storage. Note that external storage that is read-write will not be mounted read-only. + * 'Disallowed': The system can't mount any external storage. - key: NetworkStorage title: Network Storage type: @@ -50,6 +50,6 @@ payloadkeys: combinetype: enum-last content: |- Specifies the mount policy for network storage: - * Allowed - network storage that is read-write or read-only will be mounted. - * ReadOnly - only network storage that is read-only will be mounted. Note that network storage that is read-write will not be mounted read-only. - * Disallowed - no network storage will be mounted. + * 'Allowed': the system can mount network storage that is read-write or read-only. + * 'ReadOnly': the system can only mount read-only network storage. Note that network storage that is read-write will not be mounted read-only. + * 'Disallowed': The system can't mount any network storage. diff --git a/declarative/declarations/configurations/math.settings.yaml b/declarative/declarations/configurations/math.settings.yaml index 51af9b0..82c5cdc 100644 --- a/declarative/declarations/configurations/math.settings.yaml +++ b/declarative/declarations/configurations/math.settings.yaml @@ -75,7 +75,7 @@ payloadkeys: type: presence: optional content: If present, configures the Math Notes mode of the calculator. If not - present, math notes mode is enabled. + present, Math Notes mode is enabled. subkeys: - key: Enabled type: @@ -110,7 +110,7 @@ payloadkeys: type: presence: required combinetype: boolean-and - content: Controls whether keyboard suggestions include math solutions + content: Controls whether keyboard suggestions include math solutions. - key: MathNotes type: presence: required diff --git a/declarative/declarations/configurations/safari.extensions.settings.yaml b/declarative/declarations/configurations/safari.extensions.settings.yaml index 1c20241..efb5909 100644 --- a/declarative/declarations/configurations/safari.extensions.settings.yaml +++ b/declarative/declarations/configurations/safari.extensions.settings.yaml @@ -30,17 +30,15 @@ payloadkeys: title: Managed Extensions type: presence: optional - content: Extensions being managed + content: The dictionary of managed extensions settings. subkeys: - key: ANY type: presence: optional - content: The composed identifier of the managed extension, or "*" for all extensions. - In order for the extension to be managed, its host app must be present on the - device. To generate this string use codesign -dv . The browser - extension is located in the PlugIns folder inside the app bundle. The expected - format is "Identifier (TeamIdentifier)". For extensions that are not also available - on macOS the app developer will need to provide this information. + content: |- + The composed identifier of the managed extension, or “*” for all extensions. In order for the extension to be managed, its host app must be present on the device. + To generate this string use 'codesign -dv '. The browser extension is located in the PlugIns folder inside the app bundle. The expected format is “Identifier (TeamIdentifier)”. + For extensions that aren't also available on macOS the app developer needs to provide this information. subkeytype: ExtensionDictionary subkeys: - key: State @@ -54,9 +52,9 @@ payloadkeys: combinetype: enum-last content: |- Controls whether an extension is allowed. - * Allowed - The user is allowed to turn the extension on or off - * AlwaysOn - The extension will always be on - * AlwaysOff - The extension will always be off + * 'Allowed' - The user is allowed to turn the extension on or off. + * 'AlwaysOn' - The extension will always be on. + * 'AlwaysOff' - The extension will always be off. - key: PrivateBrowsing title: Private Browsing state type: @@ -68,18 +66,18 @@ payloadkeys: combinetype: enum-last content: |- Controls whether an extension is allowed in Private Browsing. - * Allowed - The user is allowed to turn the extension on or off in Private Browsing - * AlwaysOn - The extension will always be on in Private Browsing if the extension is on outside of Private Browsing - * AlwaysOff - The extension will never be on in Private Browsing + * 'Allowed' - The user is allowed to turn the extension on or off in Private Browsing. + * 'AlwaysOn' - The extension will always be on in Private Browsing if the extension is on outside of Private Browsing. + * 'AlwaysOff' - The extension will never be on in Private Browsing. - key: AllowedDomains title: Allowed domains type: presence: optional combinetype: set-union content: Controls the domains and sub-domains the extension is granted access - to. Any non-prefixed domains take precedence over prefixed domains, and DeniedDomains - takes precedence over AllowedDomains. Any domains not specified in AllowedDomains - or DeniedDomains are configurable by the user. + to. Any non-prefixed domains take precedence over prefixed domains, and 'DeniedDomains' + takes precedence over 'AllowedDomains'. Any domains not specified in 'AllowedDomains' + or 'DeniedDomains' are configurable by the user. subkeys: - key: Domain title: Domain @@ -90,10 +88,10 @@ payloadkeys: type: presence: optional combinetype: set-union - content: Controls the domains and sub-domains the extension is not allowed to + content: Controls the domains and sub-domains the extension isn't allowed to access. Any non-prefixed domains take precedence over prefixed domains, and - DeniedDomains takes precedence over AllowedDomains. Any domains not specified - in AllowedDomains or DeniedDomains are configurable by the user. + 'DeniedDomains' takes precedence over 'AllowedDomains'. Any domains not specified + in 'AllowedDomains' or 'DeniedDomains' are configurable by the user. subkeys: - key: Domain title: Domain diff --git a/declarative/declarations/configurations/services.background-tasks.yaml b/declarative/declarations/configurations/services.background-tasks.yaml index 8758a49..07a5a2e 100644 --- a/declarative/declarations/configurations/services.background-tasks.yaml +++ b/declarative/declarations/configurations/services.background-tasks.yaml @@ -24,8 +24,8 @@ payloadkeys: type: presence: required content: The unique identifier of the set of background tasks managed with this - configuration. This should be a reverse DNS style identifier. This is used solely - by the management system to differentiate between tasks in different configurations. + configuration. This should be a reverse DNS style identifier. The system uses + this identifier to differentiate between tasks in different configurations. - key: TaskDescription title: Task Description type: @@ -40,20 +40,14 @@ payloadkeys: - application/zip presence: optional content: |- - Specifies the identifier of an asset declaration containing a reference - to the files to be used for the background task configuration. The corresponding - asset must be of type "com.apple.asset.data". The referenced data must be a zip - archive of an entire directory, that will be expanded and stored in a well known - location for the background task. The asset's "ContentType" and "Hash-SHA-256" - keys in the "Reference" key are required. - - This file should contain background task executables, scripts, and configuration - files, but not the launchd configuration files. + Specifies the identifier of an asset declaration containing a reference to the files to be used for the background task configuration. The corresponding asset must be of type “'com.apple.asset.data'”. + The referenced data must be a zip archive of an entire directory, that will be expanded and stored in a well known location for the background task. The asset's “ContentType” and “Hash-SHA-256” keys in the “Reference” key are required. + This file should contain background task executables, scripts, and configuration files, but not the 'launchd' configuration files. - key: LaunchdConfigurations title: Launchd Configurations type: presence: optional - content: An array of launchd configuration files used to run the background tasks. + content: An array of 'launchd' configuration files used to run the background tasks. subkeys: - key: launchd-item type: @@ -70,11 +64,11 @@ payloadkeys: - application/xml - text/xml presence: required - content: |- - Specifies the identifier of an asset declaration containing a reference - to the launchd configuration file for the background task. The referenced data must be a - property list file conforming to the launchd.plist format. The asset's "ContentType" and "Hash-SHA-256" - keys in the "Reference" key are required. + content: Specifies the identifier of an asset declaration containing a reference + to the launchd configuration file for the background task. The referenced + data must be a property list file conforming to the launchd.plist format. + The asset's “ContentType” and “Hash-SHA-256” keys in the “Reference” key are + required. - key: Context title: Launchd Context type: diff --git a/declarative/declarations/configurations/softwareupdate.settings.yaml b/declarative/declarations/configurations/softwareupdate.settings.yaml index 8db66e5..32fdbfa 100644 --- a/declarative/declarations/configurations/softwareupdate.settings.yaml +++ b/declarative/declarations/configurations/softwareupdate.settings.yaml @@ -33,9 +33,9 @@ payloadkeys: presence: optional default: true combinetype: boolean-and - content: If 'true', the device shows all software update enforcement notifications. - If 'false', the device only shows notifications triggered one hour before the - enforcement deadline, and the restart countdown notification. + content: |- + If set to 'true', the device shows all software update enforcement notifications. + If set to 'false', the device only shows notifications triggered one hour before the enforcement deadline, and the restart countdown notification. - key: Deferrals title: Software Update Deferrals supportedOS: @@ -44,8 +44,8 @@ payloadkeys: - supervised type: presence: optional - content: Controls the deferral of software updates. Rapid Security Responses are - not considered within 'Major', 'Minor', or 'System' deferral mechanism. + content: This object configures the deferral of software updates. Rapid Security + Responses aren't considered within 'Major', 'Minor', or 'System' deferral mechanism. subkeys: - key: CombinedPeriodInDays title: Combined Major/Minor Update Deferral Period @@ -60,7 +60,7 @@ payloadkeys: combinetype: number-max content: Specifies the number of days to defer a major or minor OS software update on the device. When set, software updates only appear after the specified delay, - following the release of the software update. + following the release of the software update. Available in iOS 18 and later. - key: MajorPeriodInDays title: Major Update Deferral Period supportedOS: @@ -74,7 +74,7 @@ payloadkeys: combinetype: number-max content: Specifies the number of days to defer a major OS software update on the device. When set, software updates only appear after the specified delay, following - the release of the software update. + the release of the software update. Available in macOS 15 and later. - key: MinorPeriodInDays title: Minor Update Deferral Period supportedOS: @@ -87,8 +87,9 @@ payloadkeys: max: 90 combinetype: number-max content: Specifies the number of days to defer a minor OS software update on the - device. When set, software updates only appear after the specified delay, following - the release of the software update. + device. It also defers major updates for iOS. When set, software updates only + appear after the specified delay, following the release of the software update. + Available in macOS 15 and later. - key: SystemPeriodInDays title: System Update Deferral Period supportedOS: @@ -102,7 +103,7 @@ payloadkeys: combinetype: number-max content: Specifies the number of days to defer system or non-OS updates. When set, updates only appear after the specified delay, following the release of - the update. + the update. Available in macOS 15 and later. - key: RecommendedCadence title: Software Update Recommended Cadence supportedOS: @@ -116,10 +117,10 @@ payloadkeys: - Newest combinetype: enum-last content: |- - Specifies how the device shows software updates to the user. When more than one update is available update, the device behaves as follows: - * "All" - Shows all software update versions. - * "Oldest" - Shows only the oldest (lower numbered) software update version. - * "Newest" - Shows only the newest (highest numbered) software update version. + This string specifies how the device shows software updates to the user. When more than one update is available update, the device behaves as follows: + * 'All' - Shows all software update versions. + * 'Oldest' - Shows only the oldest (lower numbered) software update version. + * 'Newest' - Shows only the newest (highest numbered) software update version. - key: AutomaticActions title: Automatic Software Update Settings supportedOS: @@ -128,7 +129,7 @@ payloadkeys: - supervised type: presence: optional - content: Specifies various automatic Software Update functionality. + content: This object configures various automatic Software Update functionality. subkeys: - key: Download title: Automatic downloads of available updates. @@ -141,10 +142,10 @@ payloadkeys: default: Allowed combinetype: enum-last content: |- - Specifies whether automatic downloads of available updates can be controlled by the user: - * "Allowed" - the user can enable or disable automatic downloads. - * "AlwaysOn" - automatic downloads are always enabled. - * "AlwaysOff" - automatic downloads are always disabled. + Specifies whether the user can control automatic downloads of available updates: + * 'Allowed' - the user can enable or disable automatic downloads. + * 'AlwaysOn' - automatic downloads are always enabled. + * 'AlwaysOff' - automatic downloads are always disabled. - key: InstallOSUpdates title: Automatic installs of OS updates. type: @@ -156,10 +157,10 @@ payloadkeys: default: Allowed combinetype: enum-last content: |- - Specifies whether automatic install of available OS updates can be controlled by the user: - * "Allowed" - the user can enable or disable automatic installs. - * "AlwaysOn" - automatic installs are always enabled. - * "AlwaysOff" - automatic installs are always disabled. + Specifies whether the user can control automatic installation of available updates: + * 'Allowed' - the user can enable or disable automatic installation. + * 'AlwaysOn' - automatic installations are always enabled. + * 'AlwaysOff' - automatic installations are always disabled. - key: InstallSecurityUpdate title: Automatic installs of available security updates. supportedOS: @@ -174,10 +175,10 @@ payloadkeys: default: Allowed combinetype: enum-last content: |- - Specifies whether automatic install of available security updates can be controlled by the user: - * "Allowed" - the user can enable or disable automatic installs. - * "AlwaysOn" - automatic installs are always enabled. - * "AlwaysOff" - automatic installs are always disabled. + Specifies whether the user can control automatic installation of available security updates: + * 'Allowed' - the user can enable or disable automatic installation. + * 'AlwaysOn' - automatic installations are always enabled. + * 'AlwaysOff' - automatic installations are always disabled. - key: RapidSecurityResponse title: Rapid Security Response Settings supportedOS: @@ -186,8 +187,8 @@ payloadkeys: - supervised type: presence: optional - content: These configurations allow for setting user access to interacting with - Rapid Security Responses (RSRs). + content: These configurations set user access to interacting with Rapid Security + Responses (RSRs). subkeys: - key: Enable title: Enable Rapid Security Response Installation @@ -195,17 +196,18 @@ payloadkeys: presence: optional default: true combinetype: boolean-and - content: If 'false', Rapid Security Responses are not offered for user installation. - Rapid Security Responses can still be installed via 'com.apple.configuration.softwareupdate.enforcement.specific' - configurations. If 'true', Rapid Security Responses are offered to the user. + content: |- + If set to 'false', Rapid Security Responses aren't offered for user installation. The system can still install Rapid Security Responses with 'com.apple.configuration.softwareupdate.enforcement.specific' configurations. + If set to 'true', the system offers Rapid Security Responses to the user. - key: EnableRollback title: Enable Rapid Security Response Rollbacks type: presence: optional default: true combinetype: boolean-and - content: If 'false', Rapid Security Response rollbacks are not offered to the - user. If 'true', Rapid Security Response rollbacks are offered to the user. + content: |- + If set to 'false', the system doesn't offer Rapid Security Response rollbacks to the user. + If set to 'true', the system offers Rapid Security Response rollbacks to the user. - key: AllowStandardUserOSUpdates title: Allow Standard User OS Updates supportedOS: @@ -215,16 +217,16 @@ payloadkeys: presence: optional default: true combinetype: boolean-and - content: If 'true', a standard user can perform Major and Minor Software Updates. - If 'false', only administrators can perform Major and Minor Software Updates. + content: |- + If set to 'true', a standard user can perform Major and Minor Software Updates. + If set to 'false', only administrators can perform Major and Minor Software Updates. - key: Beta supportedOS: macOS: introduced: n/a type: presence: optional - content: Configurations for controlling or specifying the beta programs associated - with a device. + content: This object configures the beta program settings for a device. subkeys: - key: ProgramEnrollment supportedOS: @@ -240,26 +242,19 @@ payloadkeys: default: Allowed combinetype: enum-last content: |- - Specifies whether beta program enrollment can be controlled by the user in software update settings UI: - * "Allowed" - the user can enroll in any applicable beta programs associated with their - logged in Apple Account. If the `OfferPrograms` key is present, then the programs listed in - that key are also presented to the user. - * "AlwaysOn" - the beta programs specified by the organization are used, and the user - is not be able to enroll in a beta program using their logged in Apple Account. The device - is automatically enrolled into the beta program specified by the `RequireProgram` key if - it is present. Otherwise, the programs listed in the `OfferPrograms` key are - presented to the user to choose which to enroll with. - * "AlwaysOff" - The device is not allowed to enroll in any beta programs. The device is - removed from any beta programs, if already enrolled. + Specifies whether the user can control beta program enrollment in the software update settings UI: + * 'Allowed' - the user can enroll in any applicable beta programs associated with their logged in Apple Account. If the 'OfferPrograms' key is present, then the programs listed in that key are also presented to the user. + * 'AlwaysOn' - the beta programs specified by the organization are used, and the user isn't able to enroll in a beta program using their logged in Apple Account. The device is automatically enrolled into the beta program specified by the 'RequireProgram' key if it's present. Otherwise, the system presents the programs listed in the 'OfferPrograms' key to the user to choose which to enroll with. + * 'AlwaysOff' - The device isn't allowed to enroll in any beta programs. The system removes the device from any beta programs, if already enrolled. - key: OfferPrograms type: presence: optional combinetype: set-union content: An array of beta programs allowed on the device. This key must only be - present if the `ProgramEnrollment` key is set to `Allowed` or `AlwaysOn`. This - key must not be present if the `RequireProgram` key is present. This key can - be present on unsupervised devices where the `ProgramEnrollment` key is not - supported but is implicitly set to `Allowed`. + present if the 'ProgramEnrollment' key is set to 'Allowed' or 'AlwaysOn'. This + key must not be present if the 'RequireProgram' key is present. This key can + be present on unsupervised devices where the 'ProgramEnrollment' key isn't supported + but is implicitly set to 'Allowed'. subkeys: - key: Program type: @@ -274,8 +269,8 @@ payloadkeys: type: presence: required content: The Apple Business Manager or Apple School Manager seeding service - token for the organization the MDM server is part of. This token is used - to enroll the device in the corresponding beta program. + token for the organization the MDM server is part of. The system uses this + token to enroll the device in the corresponding beta program. - key: RequireProgram supportedOS: iOS: @@ -285,7 +280,7 @@ payloadkeys: presence: optional combinetype: first content: The device automatically enrolls in this beta program. This key must - only be present if the `ProgramEnrollment` key is set to `AlwaysOn`. The `OfferPrograms` + only be present if the 'ProgramEnrollment' key is set to 'AlwaysOn'. The 'OfferPrograms' key must not be present if this key is present. subkeys: - key: Description @@ -296,8 +291,8 @@ payloadkeys: type: presence: required content: The Apple Business Manager or Apple School Manager seeding service - token for the organization the MDM server is part of. This token is used to - enroll the device in the corresponding beta program. + token for the organization the MDM server is part of. The system uses this + token to enroll the device in the corresponding beta program. related-status-items: - status-items: - softwareupdate.beta-enrollment diff --git a/declarative/status/device.model.marketing-name.yaml b/declarative/status/device.model.marketing-name.yaml index ecb43b1..a624269 100644 --- a/declarative/status/device.model.marketing-name.yaml +++ b/declarative/status/device.model.marketing-name.yaml @@ -55,5 +55,4 @@ payloadkeys: type: presence: required content: The device's marketing name, such as 'iPhone 12'. This value may not always - be available. Alternatively, use 'device.model.configuration-code' to look up - the marketing name through the web API. + be available. diff --git a/declarative/status/softwareupdate.beta-enrollment.yaml b/declarative/status/softwareupdate.beta-enrollment.yaml index 51e73fd..abf530f 100644 --- a/declarative/status/softwareupdate.beta-enrollment.yaml +++ b/declarative/status/softwareupdate.beta-enrollment.yaml @@ -30,5 +30,5 @@ payloadkeys: title: The device's enrolled beta program. type: presence: required - content: The device's enrolled beta program name, or an empty string if there is + content: The device's enrolled beta program name, or an empty string if there's no enrolled beta program. diff --git a/declarative/status/softwareupdate.device-id.yaml b/declarative/status/softwareupdate.device-id.yaml index d95aa3f..d7aa7af 100644 --- a/declarative/status/softwareupdate.device-id.yaml +++ b/declarative/status/softwareupdate.device-id.yaml @@ -31,4 +31,4 @@ payloadkeys: type: presence: required content: The device identifier to use when looking up available software updates - via . + via 'https://gdmf.apple.com/v2/pmv'. diff --git a/declarative/status/softwareupdate.pending-version.yaml b/declarative/status/softwareupdate.pending-version.yaml index d74c929..6d05b53 100644 --- a/declarative/status/softwareupdate.pending-version.yaml +++ b/declarative/status/softwareupdate.pending-version.yaml @@ -46,3 +46,10 @@ payloadkeys: presence: required content: The build version of the pending software update, including any rapid security response version. This string is empty if no update is pending. + - key: target-local-date-time + title: The target local date-time + type: + presence: optional + content: The local date time value for when the pending software update will be + installed. This key is only present when the pending software update is being + enforced. diff --git a/docs/errata.md b/docs/errata.md index 2d88c90..4581266 100644 --- a/docs/errata.md +++ b/docs/errata.md @@ -2,6 +2,10 @@ This document lists errata for the YAML schema. This is used when older versions of the schema are incorrect, and a fix was made in later schema to correct the problem. +## macOS 15.2 + +Added missing supervised key to macOS across profiles and commands + ## iOS 18.1 / macOS 15.1 ### mdm/profiles/com.apple.applicationaccess.yaml diff --git a/mdm/checkin/authenticate.yaml b/mdm/checkin/authenticate.yaml index 1cda84c..0fb2d93 100644 --- a/mdm/checkin/authenticate.yaml +++ b/mdm/checkin/authenticate.yaml @@ -17,6 +17,7 @@ payload: introduced: '10.7' devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed @@ -96,8 +97,8 @@ payloadkeys: mode: forbidden type: presence: optional - content: The device's UDID (Unique Device ID). This is required if the enrollment - type is not user enrollment. + content: The device's UDID (Unique Device ID). The system requires this value if + the enrollment type isn't user enrollment. - key: EnrollmentID supportedOS: iOS: @@ -117,8 +118,9 @@ payloadkeys: introduced: n/a type: presence: optional - content: The per-enrollment identifier for the device. Available in macOS 10.15 - and iOS 13.0 and later. This is required if the enrollment type is user enrollment. + content: |- + The per-enrollment identifier for the device. The system requires this value if the enrollment type is user enrollment. + Available in macOS 10.15 and iOS 13.0 and later. - key: OSVersion supportedOS: iOS: diff --git a/mdm/checkin/checkout.yaml b/mdm/checkin/checkout.yaml index efc8c04..16f6458 100644 --- a/mdm/checkin/checkout.yaml +++ b/mdm/checkin/checkout.yaml @@ -17,6 +17,7 @@ payload: introduced: '10.7' devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/checkin/tokenupdate.yaml b/mdm/checkin/tokenupdate.yaml index 67bb59f..db46545 100644 --- a/mdm/checkin/tokenupdate.yaml +++ b/mdm/checkin/tokenupdate.yaml @@ -17,6 +17,7 @@ payload: introduced: '10.7' devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/checkin/userauthenticate.yaml b/mdm/checkin/userauthenticate.yaml index 5b415bc..3e11b27 100644 --- a/mdm/checkin/userauthenticate.yaml +++ b/mdm/checkin/userauthenticate.yaml @@ -9,6 +9,7 @@ payload: introduced: '10.7' devicechannel: false userchannel: true + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/account.configuration.yaml b/mdm/commands/account.configuration.yaml index 13011e9..21360a3 100644 --- a/mdm/commands/account.configuration.yaml +++ b/mdm/commands/account.configuration.yaml @@ -11,6 +11,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: true userenrollment: mode: forbidden diff --git a/mdm/commands/application.extensions.listactive.yaml b/mdm/commands/application.extensions.listactive.yaml index 1393a07..3e7a173 100644 --- a/mdm/commands/application.extensions.listactive.yaml +++ b/mdm/commands/application.extensions.listactive.yaml @@ -10,6 +10,7 @@ payload: accessrights: QueryInstalledApps devicechannel: false userchannel: true + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/application.extensions.mappings.yaml b/mdm/commands/application.extensions.mappings.yaml index 0a6b6fe..8786254 100644 --- a/mdm/commands/application.extensions.mappings.yaml +++ b/mdm/commands/application.extensions.mappings.yaml @@ -10,6 +10,7 @@ payload: accessrights: QueryInstalledApps devicechannel: false userchannel: true + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/application.install.enterprise.yaml b/mdm/commands/application.install.enterprise.yaml index 8b122c4..d4ea94d 100644 --- a/mdm/commands/application.install.enterprise.yaml +++ b/mdm/commands/application.install.enterprise.yaml @@ -12,6 +12,7 @@ payload: accessrights: AllowAppInstallation devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/application.install.yaml b/mdm/commands/application.install.yaml index 6c478d7..bbec1ad 100644 --- a/mdm/commands/application.install.yaml +++ b/mdm/commands/application.install.yaml @@ -26,6 +26,7 @@ payload: accessrights: AllowAppInstallation devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/application.installed.list.yaml b/mdm/commands/application.installed.list.yaml index 55fbe15..1fcacec 100644 --- a/mdm/commands/application.installed.list.yaml +++ b/mdm/commands/application.installed.list.yaml @@ -19,6 +19,7 @@ payload: accessrights: AllowQueryApplications devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/application.invitetoprogram.yaml b/mdm/commands/application.invitetoprogram.yaml index 9cebc10..b55f5ea 100644 --- a/mdm/commands/application.invitetoprogram.yaml +++ b/mdm/commands/application.invitetoprogram.yaml @@ -19,6 +19,7 @@ payload: accessrights: None devicechannel: false userchannel: true + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/application.managed.list.yaml b/mdm/commands/application.managed.list.yaml index 59a8f49..b9a72d0 100644 --- a/mdm/commands/application.managed.list.yaml +++ b/mdm/commands/application.managed.list.yaml @@ -22,6 +22,8 @@ payload: accessrights: AllowAppInstallation devicechannel: true userchannel: true + supervised: false + requiresdep: false userenrollment: mode: allowed tvOS: diff --git a/mdm/commands/application.remove.yaml b/mdm/commands/application.remove.yaml index b53f239..c0d90a9 100644 --- a/mdm/commands/application.remove.yaml +++ b/mdm/commands/application.remove.yaml @@ -19,6 +19,8 @@ payload: accessrights: AllowAppInstallation devicechannel: true userchannel: false + supervised: false + requiresdep: false userenrollment: mode: forbidden tvOS: diff --git a/mdm/commands/certificate.list.yaml b/mdm/commands/certificate.list.yaml index df2e3fb..b7282b5 100644 --- a/mdm/commands/certificate.list.yaml +++ b/mdm/commands/certificate.list.yaml @@ -25,6 +25,7 @@ payload: accessrights: AllowInspection devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/device.configured.yaml b/mdm/commands/device.configured.yaml index b87c67f..7a62cfa 100644 --- a/mdm/commands/device.configured.yaml +++ b/mdm/commands/device.configured.yaml @@ -20,6 +20,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: true userenrollment: mode: forbidden diff --git a/mdm/commands/device.erase.yaml b/mdm/commands/device.erase.yaml index 6f8b227..6ff2a7f 100644 --- a/mdm/commands/device.erase.yaml +++ b/mdm/commands/device.erase.yaml @@ -20,6 +20,7 @@ payload: accessrights: AllowDeviceErase devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/device.lock.yaml b/mdm/commands/device.lock.yaml index bb0ab7f..9391fd0 100644 --- a/mdm/commands/device.lock.yaml +++ b/mdm/commands/device.lock.yaml @@ -20,6 +20,7 @@ payload: accessrights: AllowPasscodeRemovalAndLock devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/device.restart.yaml b/mdm/commands/device.restart.yaml index 1ec823c..9d9d021 100644 --- a/mdm/commands/device.restart.yaml +++ b/mdm/commands/device.restart.yaml @@ -20,6 +20,7 @@ payload: accessrights: AllowPasscodeRemovalAndLock devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/device.shutdown.yaml b/mdm/commands/device.shutdown.yaml index 2aed195..ceae7bc 100644 --- a/mdm/commands/device.shutdown.yaml +++ b/mdm/commands/device.shutdown.yaml @@ -20,6 +20,7 @@ payload: accessrights: AllowPasscodeRemovalAndLock devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/information.contentcaching.yaml b/mdm/commands/information.contentcaching.yaml index 71386a7..a791e8d 100644 --- a/mdm/commands/information.contentcaching.yaml +++ b/mdm/commands/information.contentcaching.yaml @@ -11,6 +11,7 @@ payload: accessrights: AllowQueryNetworkInformation devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/information.device.yaml b/mdm/commands/information.device.yaml index 06570d1..b2e260f 100644 --- a/mdm/commands/information.device.yaml +++ b/mdm/commands/information.device.yaml @@ -20,6 +20,7 @@ payload: accessrights: Special Case devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/information.security.yaml b/mdm/commands/information.security.yaml index 77081b7..a5b8d80 100644 --- a/mdm/commands/information.security.yaml +++ b/mdm/commands/information.security.yaml @@ -20,6 +20,7 @@ payload: accessrights: AllowQuerySecurity devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed @@ -69,8 +70,8 @@ responsekeys: userenrollment: mode: forbidden type: - content: If 'true', the device has a passcode. This value is available in iOS - 4 and later, and tvOS 6 and later. + content: If 'true', the device has a passcode. This key doesn't apply to User-Enrolled + devices. This value is available in iOS 4 and later, and tvOS 6 and later. - key: PasscodeCompliant supportedOS: macOS: diff --git a/mdm/commands/lom.devicerequest.yaml b/mdm/commands/lom.devicerequest.yaml index c349ca1..10cff16 100644 --- a/mdm/commands/lom.devicerequest.yaml +++ b/mdm/commands/lom.devicerequest.yaml @@ -10,6 +10,7 @@ payload: accessrights: DeviceLockAndRemovePasscode devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/lom.setuprequest.yaml b/mdm/commands/lom.setuprequest.yaml index c02bc0c..8f309d4 100644 --- a/mdm/commands/lom.setuprequest.yaml +++ b/mdm/commands/lom.setuprequest.yaml @@ -11,6 +11,7 @@ payload: accessrights: DeviceLockAndRemovePasscode devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/managed.application.configuration.yaml b/mdm/commands/managed.application.configuration.yaml index 123ef22..6e0e5fd 100644 --- a/mdm/commands/managed.application.configuration.yaml +++ b/mdm/commands/managed.application.configuration.yaml @@ -23,6 +23,7 @@ payload: accessrights: AllowAppInstallation devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/media.install.yaml b/mdm/commands/media.install.yaml index adb385e..ad29e3d 100644 --- a/mdm/commands/media.install.yaml +++ b/mdm/commands/media.install.yaml @@ -20,6 +20,7 @@ payload: accessrights: AllowAppInstallation devicechannel: false userchannel: true + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/mirroring.request.yaml b/mdm/commands/mirroring.request.yaml index f30c2f2..350aa11 100644 --- a/mdm/commands/mirroring.request.yaml +++ b/mdm/commands/mirroring.request.yaml @@ -19,6 +19,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/mirroring.stop.yaml b/mdm/commands/mirroring.stop.yaml index 09ed9aa..7128606 100644 --- a/mdm/commands/mirroring.stop.yaml +++ b/mdm/commands/mirroring.stop.yaml @@ -19,6 +19,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/passcode.firmware.set.yaml b/mdm/commands/passcode.firmware.set.yaml index d566399..5e3e512 100644 --- a/mdm/commands/passcode.firmware.set.yaml +++ b/mdm/commands/passcode.firmware.set.yaml @@ -10,6 +10,7 @@ payload: accessrights: DeviceLockAndRemovePasscode devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/passcode.firmware.verify.yaml b/mdm/commands/passcode.firmware.verify.yaml index a4934d5..3a2f9ec 100644 --- a/mdm/commands/passcode.firmware.verify.yaml +++ b/mdm/commands/passcode.firmware.verify.yaml @@ -10,6 +10,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/passcode.recovery.set.yaml b/mdm/commands/passcode.recovery.set.yaml index 35a2d13..6e71f48 100644 --- a/mdm/commands/passcode.recovery.set.yaml +++ b/mdm/commands/passcode.recovery.set.yaml @@ -10,6 +10,7 @@ payload: accessrights: DeviceLockAndRemovePasscode devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/passcode.recovery.verify.yaml b/mdm/commands/passcode.recovery.verify.yaml index cf72fb1..8df3d53 100644 --- a/mdm/commands/passcode.recovery.verify.yaml +++ b/mdm/commands/passcode.recovery.verify.yaml @@ -10,6 +10,7 @@ payload: accessrights: DeviceLockAndRemovePasscode devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/profile.install.yaml b/mdm/commands/profile.install.yaml index 1fbaea3..5d7e04a 100644 --- a/mdm/commands/profile.install.yaml +++ b/mdm/commands/profile.install.yaml @@ -22,6 +22,7 @@ payload: accessrights: AllowInstallationRemoval devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/profile.list.yaml b/mdm/commands/profile.list.yaml index 2a81027..d269181 100644 --- a/mdm/commands/profile.list.yaml +++ b/mdm/commands/profile.list.yaml @@ -21,6 +21,7 @@ payload: accessrights: AllowInspection devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/profile.provisioning.install.yaml b/mdm/commands/profile.provisioning.install.yaml index 65c1044..2c7725c 100644 --- a/mdm/commands/profile.provisioning.install.yaml +++ b/mdm/commands/profile.provisioning.install.yaml @@ -22,6 +22,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/profile.provisioning.list.yaml b/mdm/commands/profile.provisioning.list.yaml index 91b2cf6..1b80e50 100644 --- a/mdm/commands/profile.provisioning.list.yaml +++ b/mdm/commands/profile.provisioning.list.yaml @@ -22,6 +22,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/profile.provisioning.remove.yaml b/mdm/commands/profile.provisioning.remove.yaml index c845dae..350c64d 100644 --- a/mdm/commands/profile.provisioning.remove.yaml +++ b/mdm/commands/profile.provisioning.remove.yaml @@ -21,6 +21,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/profile.remove.yaml b/mdm/commands/profile.remove.yaml index 16f38d6..dd5b5f8 100644 --- a/mdm/commands/profile.remove.yaml +++ b/mdm/commands/profile.remove.yaml @@ -20,6 +20,7 @@ payload: accessrights: AllowInstallationRemoval devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed diff --git a/mdm/commands/rotate.file.vault.key.yaml b/mdm/commands/rotate.file.vault.key.yaml index 93244c4..8bab9fb 100644 --- a/mdm/commands/rotate.file.vault.key.yaml +++ b/mdm/commands/rotate.file.vault.key.yaml @@ -10,6 +10,7 @@ payload: accessrights: DeviceLockAndRemovePasscode devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/set.auto.admin.password.yaml b/mdm/commands/set.auto.admin.password.yaml index ec401ea..f1e4f80 100644 --- a/mdm/commands/set.auto.admin.password.yaml +++ b/mdm/commands/set.auto.admin.password.yaml @@ -11,6 +11,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: true userenrollment: mode: forbidden diff --git a/mdm/commands/settings.yaml b/mdm/commands/settings.yaml index 03662c9..3b1afdf 100644 --- a/mdm/commands/settings.yaml +++ b/mdm/commands/settings.yaml @@ -19,6 +19,7 @@ payload: accessrights: AllowSettings devicechannel: true userchannel: true + supervised: false requiresdep: false userenrollment: mode: allowed @@ -604,6 +605,40 @@ payloadkeys: presence: optional content: A unique identifier for the various services a single organization manages. + - key: DefaultApplications + supportedOS: + iOS: + introduced: '18.2' + sharedipad: + mode: forbidden + userenrollment: + mode: forbidden + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: '2.2' + userenrollment: + mode: forbidden + watchOS: + introduced: n/a + type: + presence: optional + content: A dictionary that contains default application bundle identifiers. Currently + it supports a default web browser app. + subkeys: + - key: Item + type: + presence: required + rangelist: + - DefaultApplications + content: Sets information about default applications. + - key: WebBrowser + type: + presence: optional + content: The bundle identifier of the app that will be set as the default web + browser. This app must be an eligible web browser in the region of the device. - key: MDMOptions supportedOS: iOS: @@ -761,7 +796,8 @@ payloadkeys: type: presence: optional content: The quota size, in megabytes (MB), for each user on the shared device, - or if the quota size is too small, the minimum quota size. + or if the quota size is too small, the minimum quota size. Available to Temporary + Sessions Only guest users on iOS 17+. - key: ResidentUsers type: presence: optional diff --git a/mdm/commands/system.update.available.yaml b/mdm/commands/system.update.available.yaml index e23a12f..43991e5 100644 --- a/mdm/commands/system.update.available.yaml +++ b/mdm/commands/system.update.available.yaml @@ -20,6 +20,7 @@ payload: accessrights: None devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/commands/user.unlock.yaml b/mdm/commands/user.unlock.yaml index d77d252..7ee9d2a 100644 --- a/mdm/commands/user.unlock.yaml +++ b/mdm/commands/user.unlock.yaml @@ -10,6 +10,7 @@ payload: accessrights: DeviceLockAndRemovePasscode devicechannel: true userchannel: false + supervised: false requiresdep: false userenrollment: mode: forbidden diff --git a/mdm/profiles/CommonPayloadKeys.yaml b/mdm/profiles/CommonPayloadKeys.yaml index 55be3c2..e2f0685 100644 --- a/mdm/profiles/CommonPayloadKeys.yaml +++ b/mdm/profiles/CommonPayloadKeys.yaml @@ -19,6 +19,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/GlobalPreferences.yaml b/mdm/profiles/GlobalPreferences.yaml index 6b2007c..d90b548 100644 --- a/mdm/profiles/GlobalPreferences.yaml +++ b/mdm/profiles/GlobalPreferences.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/TopLevel.yaml b/mdm/profiles/TopLevel.yaml index 16629fd..db7f868 100644 --- a/mdm/profiles/TopLevel.yaml +++ b/mdm/profiles/TopLevel.yaml @@ -19,6 +19,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.ADCertificate.managed.yaml b/mdm/profiles/com.apple.ADCertificate.managed.yaml index 4182289..1a64358 100644 --- a/mdm/profiles/com.apple.ADCertificate.managed.yaml +++ b/mdm/profiles/com.apple.ADCertificate.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.AIM.account.yaml b/mdm/profiles/com.apple.AIM.account.yaml index 2b36a70..ab1ce12 100644 --- a/mdm/profiles/com.apple.AIM.account.yaml +++ b/mdm/profiles/com.apple.AIM.account.yaml @@ -12,6 +12,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.Dictionary.yaml b/mdm/profiles/com.apple.Dictionary.yaml index 1daffea..2e74707 100644 --- a/mdm/profiles/com.apple.Dictionary.yaml +++ b/mdm/profiles/com.apple.Dictionary.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.DiscRecording.yaml b/mdm/profiles/com.apple.DiscRecording.yaml index 2270397..f70e74b 100644 --- a/mdm/profiles/com.apple.DiscRecording.yaml +++ b/mdm/profiles/com.apple.DiscRecording.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.MCX(Mobililty).yaml b/mdm/profiles/com.apple.MCX(Mobililty).yaml index 752d110..9de8af7 100644 --- a/mdm/profiles/com.apple.MCX(Mobililty).yaml +++ b/mdm/profiles/com.apple.MCX(Mobililty).yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.MCX.FileVault2.yaml b/mdm/profiles/com.apple.MCX.FileVault2.yaml index 53f42e5..e7503ff 100644 --- a/mdm/profiles/com.apple.MCX.FileVault2.yaml +++ b/mdm/profiles/com.apple.MCX.FileVault2.yaml @@ -68,8 +68,8 @@ payloadkeys: - key: Certificate type: presence: optional - content: DER-encoded certificate data if an institutional recovery key will be added. - This key is not supported on Macs with Apple silicon. + content: The DER-encoded certificate data if the system creates an institutional + recovery key. This key isn't supported on Macs with Apple silicon. - key: PayloadCertificateUUID type: presence: optional diff --git a/mdm/profiles/com.apple.ManagedClient.preferences.yaml b/mdm/profiles/com.apple.ManagedClient.preferences.yaml index 6143c17..785facf 100644 --- a/mdm/profiles/com.apple.ManagedClient.preferences.yaml +++ b/mdm/profiles/com.apple.ManagedClient.preferences.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.NSExtension.yaml b/mdm/profiles/com.apple.NSExtension.yaml index 50e77cd..96919a4 100644 --- a/mdm/profiles/com.apple.NSExtension.yaml +++ b/mdm/profiles/com.apple.NSExtension.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.SetupAssistant.managed.yaml b/mdm/profiles/com.apple.SetupAssistant.managed.yaml index 630dcaf..c14ed0a 100644 --- a/mdm/profiles/com.apple.SetupAssistant.managed.yaml +++ b/mdm/profiles/com.apple.SetupAssistant.managed.yaml @@ -19,6 +19,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.ShareKitHelper.yaml b/mdm/profiles/com.apple.ShareKitHelper.yaml index 786ddb7..d4b627a 100644 --- a/mdm/profiles/com.apple.ShareKitHelper.yaml +++ b/mdm/profiles/com.apple.ShareKitHelper.yaml @@ -11,6 +11,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.airplay.yaml b/mdm/profiles/com.apple.airplay.yaml index b9fff45..a5045d0 100644 --- a/mdm/profiles/com.apple.airplay.yaml +++ b/mdm/profiles/com.apple.airplay.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true @@ -77,9 +78,9 @@ payloadkeys: format: ^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$ content: |- The device ID of the AirPlay destination in the format 'xx:xx:xx:xx:xx:xx'. This field isn't case-sensitive. - The list of visible AirPlay destinations will be limited to devices that are present in the `AllowList` field of all installed AirPlay payloads. - Specifying the same MACAddress more than once, whether in the same payload across different payloads, will result in undefined behavior. - As of iOS 18 and macOS 15, `DeviceID` isn't supported, as tvOS 18 AirPlay destinations do not support it. + The system limits the list of visible AirPlay destinations to devices that are present in the 'AllowList' field of all installed AirPlay payloads. + Specifying the same MACAddress more than once, whether in the same payload across different payloads, results in undefined behavior. + As of tvOS 18, 'DeviceID' isn't supported. - key: DeviceName title: Device Name supportedOS: @@ -91,7 +92,7 @@ payloadkeys: presence: optional content: |- The name of the AirPlay device. - The list of visible AirPlay destinations will be limited to devices that are present in the AllowList field of all installed AirPlay payloads. + The system limits the list of visible AirPlay destinations to devices that are present in the 'AllowList' field of all installed AirPlay payloads. - key: Passwords title: Passwords type: diff --git a/mdm/profiles/com.apple.airprint.yaml b/mdm/profiles/com.apple.airprint.yaml index 768ae37..e47ef25 100644 --- a/mdm/profiles/com.apple.airprint.yaml +++ b/mdm/profiles/com.apple.airprint.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.applicationaccess.new.yaml b/mdm/profiles/com.apple.applicationaccess.new.yaml index 90b98fe..11cdf6b 100644 --- a/mdm/profiles/com.apple.applicationaccess.new.yaml +++ b/mdm/profiles/com.apple.applicationaccess.new.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.applicationaccess.yaml b/mdm/profiles/com.apple.applicationaccess.yaml index e0229a0..d5af8fc 100644 --- a/mdm/profiles/com.apple.applicationaccess.yaml +++ b/mdm/profiles/com.apple.applicationaccess.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true @@ -362,9 +363,9 @@ payloadkeys: type: presence: optional default: true - content: If false, disables the ability for the user to hide apps. It does not affect - the user's ability to leave it in the App Library, while removing it from the - home screen. + content: If 'false', disables the ability for the user to hide apps. It doesn't + affect the user's ability to leave it in the App Library, while removing it from + the home screen. Available in iOS 18 and later. - key: allowAppsToBeLocked title: Allow Locking Apps supportedOS: @@ -384,8 +385,9 @@ payloadkeys: type: presence: optional default: true - content: If false, disables the ability for the user to lock apps. Because hiding - apps also requires locking them, disallowing locking also disallows hiding. + content: If 'false', disables the ability for the user to lock apps. Because hiding + apps also requires locking them, disallowing locking also disallows hiding. Available + in iOS 18 and later. - key: allowARDRemoteManagementModification title: Allow modifying Remote Management Sharing setting supportedOS: @@ -491,6 +493,8 @@ payloadkeys: iOS: introduced: '17.4' supervised: true + sharedipad: + mode: forbidden userenrollment: mode: forbidden macOS: @@ -620,7 +624,9 @@ payloadkeys: userenrollment: mode: forbidden macOS: - introduced: n/a + introduced: '15.0' + userenrollment: + mode: forbidden tvOS: introduced: n/a visionOS: @@ -631,7 +637,7 @@ payloadkeys: presence: optional default: true content: If 'false', the system removes the Book Store tab from the Books app. Requires - a supervised device. Available in iOS 6 and later. + a supervised device. Available in iOS 6 and later and macOS 15 and later. - key: allowBookstoreErotica title: Allow Bookstore Erotica supportedOS: @@ -640,7 +646,9 @@ payloadkeys: userenrollment: mode: forbidden macOS: - introduced: n/a + introduced: '15.0' + userenrollment: + mode: forbidden tvOS: introduced: '11.3' deprecated: '17.0' @@ -652,8 +660,9 @@ payloadkeys: presence: optional default: true content: If 'false', the system prevents the user from downloading Apple Books media - that's tagged as erotica. Available in iOS 6 and later, and tvOS 11.3 and later. - Support for this restriction on unsupervised devices is deprecated. + that's tagged as erotica. Available in iOS 4.0 and later, macOS 15 and later, + and tvOS 17 and later. Support for this restriction on unsupervised devices is + deprecated. - key: allowCallRecording title: Allow Call Recording supportedOS: @@ -675,7 +684,7 @@ payloadkeys: type: presence: optional default: true - content: If false, call recording is disabled. + content: If 'false', disables call recording. Available in iOS 18 and later. - key: allowCamera title: Allow Camera Use supportedOS: @@ -996,6 +1005,8 @@ payloadkeys: visionOS: introduced: '2.0' supervised: true + userenrollment: + mode: forbidden watchOS: introduced: n/a type: @@ -1065,6 +1076,31 @@ payloadkeys: default: true content: If 'false', the system disables QuickPath keyboard. Requires a supervised device. Available in iOS 13 and later. +- key: allowDefaultBrowserModification + title: Allow default browser modification + supportedOS: + iOS: + introduced: '18.2' + supervised: true + userenrollment: + mode: forbidden + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: '2.2' + supervised: true + userenrollment: + mode: forbidden + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If 'false', disables default browser preference modification. The MDM Settings + command to set the default browser preference will still work when this is applied. + Available in iOS 18.2 and later, and visionOS 2.2 and later. - key: allowDefinitionLookup title: Allow Define supportedOS: @@ -1366,7 +1402,9 @@ payloadkeys: userenrollment: mode: forbidden macOS: - introduced: n/a + introduced: '15.0' + userenrollment: + mode: forbidden tvOS: introduced: '11.3' supervised: true @@ -1377,11 +1415,64 @@ payloadkeys: type: presence: optional default: true - content: If 'false', the system hides explicit music or video content purchased - from the iTunes Store. The system marks explicit content as such by content providers, - such as record labels, when sold through the iTunes Store. Available in iOS 4 - and later, and tvOS 11.3 and later. Requires a supervised device in iOS 13 and - later. Support for this restriction on unsupervised devices is deprecated. + content: |- + If 'false', the system hides explicit music or video content purchased from the iTunes Store. The system marks explicit content as such by content providers, such as record labels, when sold through the iTunes Store. Explicit content in the News and Podcast apps is also hidden. + Available in iOS 4.0 and later, macOS 15 and later, and tvOS 11.3 and later. Requires a supervised device in iOS 13 and later. Support for this restriction on unsupervised devices is deprecated. +- key: allowExternalIntelligenceIntegrations + title: Allow external intelligence integrations + supportedOS: + iOS: + introduced: '18.2' + supervised: false + sharedipad: + mode: forbidden + userenrollment: + mode: allowed + macOS: + introduced: '15.2' + userenrollment: + mode: forbidden + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If 'false', disables the use of external, cloud-based intelligence services + with Siri. On iOS, this restriction is temporarily allowed on unsupervised and + user enrollments. In a future release, this restriction will require supervision, + and will be ignored on non-supervised devices. Available in iOS 18.2 and later, + and macOS 15.2 and later. +- key: allowExternalIntelligenceIntegrationsSignIn + title: Allow external intelligence integrations sign-in + supportedOS: + iOS: + introduced: '18.2' + supervised: true + sharedipad: + mode: forbidden + userenrollment: + mode: forbidden + macOS: + introduced: '15.2' + userenrollment: + mode: forbidden + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If 'false', forces external intelligence providers into anonymous mode. + If a user is already signed in to an external intelligence provider, applying + this restriction will cause them to be signed out when the next request is attempted. + Available in iOS 18.2 and later, and macOS 15.2 and later. - key: allowFileSharingModification title: Allow modifying File Sharing setting supportedOS: @@ -1998,6 +2089,8 @@ payloadkeys: iOS: introduced: '18.1' supervised: true + sharedipad: + mode: forbidden userenrollment: mode: forbidden macOS: @@ -2013,8 +2106,9 @@ payloadkeys: type: presence: optional default: true - content: If false, disables the ability to create summaries of email messages manually. - This does not affect automatic summary generation. + content: If 'false', disables the ability to create summaries of email messages + manually. This doesn't affect automatic summary generation. Available in iOS 18.1 + and later. - key: allowManagedAppsCloudSync title: Allow iCloud Sync for Managed Apps supportedOS: @@ -2098,7 +2192,8 @@ payloadkeys: type: presence: optional default: true - content: If false, prevents modification of Media Sharing settings. + content: If 'false', prevents modification of Media Sharing settings. Available + in macOS 15.1 and later. - key: allowMultiplayerGaming title: Allow Multiplayer Gaming supportedOS: @@ -2649,7 +2744,8 @@ payloadkeys: type: presence: optional default: true - content: If false, prevents the use of RCS messaging. + content: If 'false', prevents the use of RCS messaging. Available in iOS 18.1 and + later. - key: allowRemoteAppleEventsModification title: Allow modifying Remote Apple Events Sharing setting supportedOS: @@ -2732,6 +2828,28 @@ payloadkeys: removes its icon from the Home screen. This setting also prevents users from opening web clips. As of iOS 13, requires a supervised device. Available in iOS 4 and later. +- key: allowSatelliteConnection + title: Allow use of satellite connectivity + supportedOS: + iOS: + introduced: '18.2' + supervised: true + sharedipad: + mode: forbidden + userenrollment: + mode: forbidden + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If false, the connection to and use of satellite services is prohibited. - key: allowScreenShot title: Allow Screenshots and Screen Recording supportedOS: @@ -3023,6 +3141,8 @@ payloadkeys: introduced: n/a visionOS: introduced: '1.1' + userenrollment: + mode: forbidden watchOS: introduced: n/a type: @@ -3559,8 +3679,8 @@ payloadkeys: type: presence: optional default: false - content: If set to true, then the presentation of a screen capture alert will be - bypassed. + content: If 'true', then the system bypasses the presentation of a screen capture + alert. Available in macOS 15.1 and later. - key: forceClassroomAutomaticallyJoinClasses supportedOS: iOS: @@ -3571,6 +3691,7 @@ payloadkeys: macOS: introduced: 10.14.4 supervised: true + allowmanualinstall: false userenrollment: mode: forbidden tvOS: @@ -3595,6 +3716,7 @@ payloadkeys: macOS: introduced: 10.14.4 supervised: true + allowmanualinstall: false userenrollment: mode: forbidden tvOS: @@ -3619,6 +3741,7 @@ payloadkeys: macOS: introduced: 10.14.4 supervised: true + allowmanualinstall: false userenrollment: mode: forbidden tvOS: @@ -3643,6 +3766,7 @@ payloadkeys: macOS: introduced: 10.14.4 supervised: true + allowmanualinstall: false userenrollment: mode: forbidden tvOS: @@ -3833,7 +3957,7 @@ payloadkeys: presence: optional default: false content: |- - If 'true', the system preserves eSIM when it erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset. Available in iOS 17.2 and later. + If 'true', the system preserves eSIM when it erases the device due to too many failed password attempts or the Erase All Content and Settings option in Settings > General > Reset. Requires a supervised device. Available in iOS 17.2 and later. The system doesn't preserve eSIM if Find My initiates erasing the device. - key: forceWatchWristDetection title: Force Apple Watch Wrist Detection @@ -3926,7 +4050,9 @@ payloadkeys: userenrollment: mode: forbidden macOS: - introduced: n/a + introduced: '15.0' + userenrollment: + mode: forbidden tvOS: introduced: '11.3' visionOS: @@ -3940,7 +4066,7 @@ payloadkeys: max: 1000 default: 1000 content: |- - The maximum level of app content allowed on the device. Preinstalled (first party) apps ignore this restriction. Available in iOS 4 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated. + The maximum level of app content allowed on the device. Preinstalled (first party) apps ignore this restriction. Available in iOS 4.0 and later, macOS 15 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated. Possible values, with the US description of the rating level: * '1000': All @@ -3956,7 +4082,9 @@ payloadkeys: userenrollment: mode: forbidden macOS: - introduced: n/a + introduced: '15.0' + userenrollment: + mode: forbidden tvOS: introduced: '11.3' visionOS: @@ -3970,7 +4098,7 @@ payloadkeys: max: 1000 default: 1000 content: |- - The maximum level of movie content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated. + The maximum level of movie content allowed on the device. Available in iOS 4.0 and later, macOS 15 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated. Possible values, with the US description of the rating level: * '1000': All @@ -4000,7 +4128,8 @@ payloadkeys: - nz - gb content: The two-letter key that profile tools use to display the proper ratings - for the given region. The client doesn't recognize or report this data. + for the given region. The client doesn't recognize or report this data. Available + in iOS 4.0 and later, macOS 10.7 and later, and tvOS 9 and later. - key: ratingTVShows title: TV Shows Ranking Number supportedOS: @@ -4008,7 +4137,9 @@ payloadkeys: userenrollment: mode: forbidden macOS: - introduced: n/a + introduced: '15.0' + userenrollment: + mode: forbidden tvOS: introduced: '11.3' visionOS: @@ -4022,7 +4153,7 @@ payloadkeys: max: 1000 default: 1000 content: |- - The maximum level of TV content allowed on the device. Available in iOS 4 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated. + The maximum level of TV content allowed on the device. Available in iOS 4.0 and later, macOS 15 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated. Possible values, with the US description of the rating level: * '1000': All diff --git a/mdm/profiles/com.apple.appstore.yaml b/mdm/profiles/com.apple.appstore.yaml index 8fe557b..7e4a2f4 100644 --- a/mdm/profiles/com.apple.appstore.yaml +++ b/mdm/profiles/com.apple.appstore.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.associated-domains.yaml b/mdm/profiles/com.apple.associated-domains.yaml index 947ad6b..db15cce 100644 --- a/mdm/profiles/com.apple.associated-domains.yaml +++ b/mdm/profiles/com.apple.associated-domains.yaml @@ -11,6 +11,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: true allowmanualinstall: true diff --git a/mdm/profiles/com.apple.caldav.account.yaml b/mdm/profiles/com.apple.caldav.account.yaml index ac65195..a38d144 100644 --- a/mdm/profiles/com.apple.caldav.account.yaml +++ b/mdm/profiles/com.apple.caldav.account.yaml @@ -20,6 +20,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.carddav.account.yaml b/mdm/profiles/com.apple.carddav.account.yaml index c1e3aae..b84aa57 100644 --- a/mdm/profiles/com.apple.carddav.account.yaml +++ b/mdm/profiles/com.apple.carddav.account.yaml @@ -20,6 +20,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.configurationprofile.identification.yaml b/mdm/profiles/com.apple.configurationprofile.identification.yaml index c5ea719..260c105 100644 --- a/mdm/profiles/com.apple.configurationprofile.identification.yaml +++ b/mdm/profiles/com.apple.configurationprofile.identification.yaml @@ -9,6 +9,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.dashboard.yaml b/mdm/profiles/com.apple.dashboard.yaml index e531995..703f0b1 100644 --- a/mdm/profiles/com.apple.dashboard.yaml +++ b/mdm/profiles/com.apple.dashboard.yaml @@ -12,6 +12,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.declarations.yaml b/mdm/profiles/com.apple.declarations.yaml index 39efa10..2ac919c 100644 --- a/mdm/profiles/com.apple.declarations.yaml +++ b/mdm/profiles/com.apple.declarations.yaml @@ -17,6 +17,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.desktop.yaml b/mdm/profiles/com.apple.desktop.yaml index 100f643..397061d 100644 --- a/mdm/profiles/com.apple.desktop.yaml +++ b/mdm/profiles/com.apple.desktop.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.dock.yaml b/mdm/profiles/com.apple.dock.yaml index 0f352c7..63a41d0 100644 --- a/mdm/profiles/com.apple.dock.yaml +++ b/mdm/profiles/com.apple.dock.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.domains.yaml b/mdm/profiles/com.apple.domains.yaml index 7a894dd..9056c48 100644 --- a/mdm/profiles/com.apple.domains.yaml +++ b/mdm/profiles/com.apple.domains.yaml @@ -19,6 +19,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true @@ -104,3 +105,24 @@ payloadkeys: subkeys: - key: CrossSiteTrackingPreventionRelaxedDomainItem type: +- key: CrossSiteTrackingPreventionRelaxedApps + title: Cross-Site Tracking Prevention Relaxed Apps + supportedOS: + iOS: + introduced: '18.0' + supervised: true + allowmanualinstall: false + userenrollment: + mode: forbidden + macOS: + introduced: '15.0' + allowmanualinstall: false + type: + presence: optional + content: An array of up to 10 strings representing app bundle-ids. Apps matching + the bundle-ids listed here will have relaxed enforcement of cross-site tracking + prevention for the domains listed in the 'CrossSiteTrackingPreventionRelaxedDomains' + key. + subkeys: + - key: CrossSiteTrackingPreventionRelaxedAppsItem + type: diff --git a/mdm/profiles/com.apple.education.yaml b/mdm/profiles/com.apple.education.yaml index e928205..39af208 100644 --- a/mdm/profiles/com.apple.education.yaml +++ b/mdm/profiles/com.apple.education.yaml @@ -19,6 +19,7 @@ payload: multiple: false devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.ews.account.yaml b/mdm/profiles/com.apple.ews.account.yaml index 6fa59ad..af0ca26 100644 --- a/mdm/profiles/com.apple.ews.account.yaml +++ b/mdm/profiles/com.apple.ews.account.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.extensiblesso(kerberos).yaml b/mdm/profiles/com.apple.extensiblesso(kerberos).yaml index 18bdb31..ad0cf54 100644 --- a/mdm/profiles/com.apple.extensiblesso(kerberos).yaml +++ b/mdm/profiles/com.apple.extensiblesso(kerberos).yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: true allowmanualinstall: false diff --git a/mdm/profiles/com.apple.extensiblesso.yaml b/mdm/profiles/com.apple.extensiblesso.yaml index 8680a11..7e0ef6f 100644 --- a/mdm/profiles/com.apple.extensiblesso.yaml +++ b/mdm/profiles/com.apple.extensiblesso.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: true allowmanualinstall: false diff --git a/mdm/profiles/com.apple.familycontrols.contentfilter.yaml b/mdm/profiles/com.apple.familycontrols.contentfilter.yaml index e4214fd..02ef68d 100644 --- a/mdm/profiles/com.apple.familycontrols.contentfilter.yaml +++ b/mdm/profiles/com.apple.familycontrols.contentfilter.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.familycontrols.timelimits.v2.yaml b/mdm/profiles/com.apple.familycontrols.timelimits.v2.yaml index 7a3600c..7fdecd1 100644 --- a/mdm/profiles/com.apple.familycontrols.timelimits.v2.yaml +++ b/mdm/profiles/com.apple.familycontrols.timelimits.v2.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.fileproviderd.yaml b/mdm/profiles/com.apple.fileproviderd.yaml index 73b4ddc..b706a5a 100644 --- a/mdm/profiles/com.apple.fileproviderd.yaml +++ b/mdm/profiles/com.apple.fileproviderd.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: true allowmanualinstall: false @@ -28,3 +29,41 @@ payloadkeys: default: false content: If 'true', enables file providers access to the path of the requesting process. +- key: ManagementAllowsKnownFolderSyncing + supportedOS: + macOS: + introduced: '15.2' + devicechannel: true + userchannel: false + userenrollment: + mode: forbidden + type: + presence: optional + default: true + content: If 'false', the device prevents the File Provider extension using desktop + and documents synchronization in any app. If 'true', the device allows File Provider + extension desktop and documents synchronization. This does not impact the ability + for apps to utilize the File Provider extension for file and folder syncing with + remote storage. +- key: ManagementKnownFolderSyncingAllowList + supportedOS: + macOS: + introduced: '15.2' + devicechannel: true + userchannel: false + userenrollment: + mode: forbidden + type: + presence: optional + content: An array of app identifiers for apps that are allowed to utilize File Provider + extension desktop and documents synchronization. If present, and `ManagementAllowsKnownFolderSyncing` + is set to `true`, the device allows only the apps in this list to use desktop + and documents synchronization. This key is ignored if `ManagementAllowsKnownFolderSyncing` + is set to `false`. This setting does not impact the ability for apps to utilize + File Provider extension for volume access. The format of the app identifiers is + "Bundle.Identifier (TeamIdentifier)". + subkeys: + - key: AllowListItem + type: + presence: required + content: A composed app identifier. The format is "Bundle.Identifier (TeamIdentifier)". diff --git a/mdm/profiles/com.apple.finder.yaml b/mdm/profiles/com.apple.finder.yaml index 35ef053..4e9414c 100644 --- a/mdm/profiles/com.apple.finder.yaml +++ b/mdm/profiles/com.apple.finder.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.firstactiveethernet.managed.yaml b/mdm/profiles/com.apple.firstactiveethernet.managed.yaml index 0fd65f4..aaab640 100644 --- a/mdm/profiles/com.apple.firstactiveethernet.managed.yaml +++ b/mdm/profiles/com.apple.firstactiveethernet.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.firstethernet.managed.yaml b/mdm/profiles/com.apple.firstethernet.managed.yaml index b8068f6..91f3402 100644 --- a/mdm/profiles/com.apple.firstethernet.managed.yaml +++ b/mdm/profiles/com.apple.firstethernet.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.font.yaml b/mdm/profiles/com.apple.font.yaml index f76fe87..9dbe05d 100644 --- a/mdm/profiles/com.apple.font.yaml +++ b/mdm/profiles/com.apple.font.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.gamed.yaml b/mdm/profiles/com.apple.gamed.yaml index 6c65de6..da53152 100644 --- a/mdm/profiles/com.apple.gamed.yaml +++ b/mdm/profiles/com.apple.gamed.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.globalethernet.managed.yaml b/mdm/profiles/com.apple.globalethernet.managed.yaml index 5c83209..971db14 100644 --- a/mdm/profiles/com.apple.globalethernet.managed.yaml +++ b/mdm/profiles/com.apple.globalethernet.managed.yaml @@ -19,6 +19,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.ironwood.support.yaml b/mdm/profiles/com.apple.ironwood.support.yaml index 74aeb78..56b89a7 100644 --- a/mdm/profiles/com.apple.ironwood.support.yaml +++ b/mdm/profiles/com.apple.ironwood.support.yaml @@ -11,6 +11,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.jabber.account.yaml b/mdm/profiles/com.apple.jabber.account.yaml index bf564cc..306fd7b 100644 --- a/mdm/profiles/com.apple.jabber.account.yaml +++ b/mdm/profiles/com.apple.jabber.account.yaml @@ -13,6 +13,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.ldap.account.yaml b/mdm/profiles/com.apple.ldap.account.yaml index 9db4e7d..5cf6374 100644 --- a/mdm/profiles/com.apple.ldap.account.yaml +++ b/mdm/profiles/com.apple.ldap.account.yaml @@ -20,6 +20,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.loginitems.managed.yaml b/mdm/profiles/com.apple.loginitems.managed.yaml index b842f5b..22dc85e 100644 --- a/mdm/profiles/com.apple.loginitems.managed.yaml +++ b/mdm/profiles/com.apple.loginitems.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.mail.managed.yaml b/mdm/profiles/com.apple.mail.managed.yaml index f4060a6..b43c779 100644 --- a/mdm/profiles/com.apple.mail.managed.yaml +++ b/mdm/profiles/com.apple.mail.managed.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.mcxMenuExtras.yaml b/mdm/profiles/com.apple.mcxMenuExtras.yaml index bf263ac..6e27e80 100644 --- a/mdm/profiles/com.apple.mcxMenuExtras.yaml +++ b/mdm/profiles/com.apple.mcxMenuExtras.yaml @@ -9,6 +9,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.mcxprinting.yaml b/mdm/profiles/com.apple.mcxprinting.yaml index ded8ed8..893abc6 100644 --- a/mdm/profiles/com.apple.mcxprinting.yaml +++ b/mdm/profiles/com.apple.mcxprinting.yaml @@ -9,6 +9,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.mobiledevice.passwordpolicy.yaml b/mdm/profiles/com.apple.mobiledevice.passwordpolicy.yaml index 98c4777..ae409cc 100644 --- a/mdm/profiles/com.apple.mobiledevice.passwordpolicy.yaml +++ b/mdm/profiles/com.apple.mobiledevice.passwordpolicy.yaml @@ -17,6 +17,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.notificationsettings.yaml b/mdm/profiles/com.apple.notificationsettings.yaml index 817e43a..49157d3 100644 --- a/mdm/profiles/com.apple.notificationsettings.yaml +++ b/mdm/profiles/com.apple.notificationsettings.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false allowmanualinstall: true userenrollment: diff --git a/mdm/profiles/com.apple.preference.security.yaml b/mdm/profiles/com.apple.preference.security.yaml index 4b777a4..5a5c045 100644 --- a/mdm/profiles/com.apple.preference.security.yaml +++ b/mdm/profiles/com.apple.preference.security.yaml @@ -9,6 +9,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.preferences.users.yaml b/mdm/profiles/com.apple.preferences.users.yaml index 0615e68..ef49ca5 100644 --- a/mdm/profiles/com.apple.preferences.users.yaml +++ b/mdm/profiles/com.apple.preferences.users.yaml @@ -9,6 +9,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.profileRemovalPassword.yaml b/mdm/profiles/com.apple.profileRemovalPassword.yaml index 5398666..c4fc563 100644 --- a/mdm/profiles/com.apple.profileRemovalPassword.yaml +++ b/mdm/profiles/com.apple.profileRemovalPassword.yaml @@ -17,6 +17,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.relay.managed.yaml b/mdm/profiles/com.apple.relay.managed.yaml index 91894a3..48d7b50 100644 --- a/mdm/profiles/com.apple.relay.managed.yaml +++ b/mdm/profiles/com.apple.relay.managed.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.screensaver.user.yaml b/mdm/profiles/com.apple.screensaver.user.yaml index 0d07e22..7c9d64c 100644 --- a/mdm/profiles/com.apple.screensaver.user.yaml +++ b/mdm/profiles/com.apple.screensaver.user.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.secondactiveethernet.managed.yaml b/mdm/profiles/com.apple.secondactiveethernet.managed.yaml index 07cacec..8bf200b 100644 --- a/mdm/profiles/com.apple.secondactiveethernet.managed.yaml +++ b/mdm/profiles/com.apple.secondactiveethernet.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.secondethernet.managed.yaml b/mdm/profiles/com.apple.secondethernet.managed.yaml index da06a38..509e101 100644 --- a/mdm/profiles/com.apple.secondethernet.managed.yaml +++ b/mdm/profiles/com.apple.secondethernet.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.acme.yaml b/mdm/profiles/com.apple.security.acme.yaml index 1149792..180ebee 100644 --- a/mdm/profiles/com.apple.security.acme.yaml +++ b/mdm/profiles/com.apple.security.acme.yaml @@ -20,6 +20,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.certificatepreference.yaml b/mdm/profiles/com.apple.security.certificatepreference.yaml index a741354..22a593c 100644 --- a/mdm/profiles/com.apple.security.certificatepreference.yaml +++ b/mdm/profiles/com.apple.security.certificatepreference.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.firewall.yaml b/mdm/profiles/com.apple.security.firewall.yaml index 279633e..e1b60e5 100644 --- a/mdm/profiles/com.apple.security.firewall.yaml +++ b/mdm/profiles/com.apple.security.firewall.yaml @@ -66,8 +66,8 @@ payloadkeys: removed: '15.0' type: presence: optional - content: If 'true', the system enables logging. Available in macOS 12 and later. - Removed in macOS 15. + content: If 'true', the system enables logging. Available in macOS 12 through macOS + 14.6. - key: LoggingOption supportedOS: macOS: @@ -80,8 +80,7 @@ payloadkeys: - throttled - brief - detail - content: The type of logging. Available in macOS 12 and later. Removed in macOS - 15. + content: The type of logging. Available in macOS 12 and through macOS 14.6. - key: AllowSigned supportedOS: macOS: diff --git a/mdm/profiles/com.apple.security.identitypreference.yaml b/mdm/profiles/com.apple.security.identitypreference.yaml index 3483529..9a12079 100644 --- a/mdm/profiles/com.apple.security.identitypreference.yaml +++ b/mdm/profiles/com.apple.security.identitypreference.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.pem.yaml b/mdm/profiles/com.apple.security.pem.yaml index 7aeb218..4298131 100644 --- a/mdm/profiles/com.apple.security.pem.yaml +++ b/mdm/profiles/com.apple.security.pem.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.pkcs1.yaml b/mdm/profiles/com.apple.security.pkcs1.yaml index 7157ad0..102ee92 100644 --- a/mdm/profiles/com.apple.security.pkcs1.yaml +++ b/mdm/profiles/com.apple.security.pkcs1.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.pkcs12.yaml b/mdm/profiles/com.apple.security.pkcs12.yaml index ec4a5ce..2c54081 100644 --- a/mdm/profiles/com.apple.security.pkcs12.yaml +++ b/mdm/profiles/com.apple.security.pkcs12.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.root.yaml b/mdm/profiles/com.apple.security.root.yaml index 723c4e1..f9c4131 100644 --- a/mdm/profiles/com.apple.security.root.yaml +++ b/mdm/profiles/com.apple.security.root.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.security.scep.yaml b/mdm/profiles/com.apple.security.scep.yaml index 8c28717..bf264b9 100644 --- a/mdm/profiles/com.apple.security.scep.yaml +++ b/mdm/profiles/com.apple.security.scep.yaml @@ -20,6 +20,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.system-extension-policy.yaml b/mdm/profiles/com.apple.system-extension-policy.yaml index 91477e5..dfa236c 100644 --- a/mdm/profiles/com.apple.system-extension-policy.yaml +++ b/mdm/profiles/com.apple.system-extension-policy.yaml @@ -111,7 +111,7 @@ payloadkeys: presence: optional content: A dictionary of system extensions on the computer. The dictionary maps the team identifiers (keys) to arrays of bundle identifiers, where the bundle - identifier defines the system extension which cannot be disabled or uninstalled + identifier defines the system extension which can't be disabled or uninstalled when SIP is enabled. It's an error for the same mapping to appear in the dictionary values corresponding to 'RemovableSystemExtensions' and 'NonRemovableSystemExtensions' keys. @@ -133,9 +133,9 @@ payloadkeys: presence: optional content: A dictionary of system extensions on the computer. The dictionary maps the team identifiers (keys) to arrays of bundle identifiers, where the bundle - identifier defines the system extension which cannot be disabled or uninstalled + identifier defines the system extension which can't be disabled or uninstalled from System Settings or Finder. The set of system extensions between 'RemovableSystemExtensions' - and 'NonRemovableFromUISystemExtensions' are allowed to overlap. + and 'NonRemovableFromUISystemExtensions' can to overlap. subkeys: - key: ANY type: diff --git a/mdm/profiles/com.apple.system.logging.yaml b/mdm/profiles/com.apple.system.logging.yaml index ab821e0..7a0b1d9 100644 --- a/mdm/profiles/com.apple.system.logging.yaml +++ b/mdm/profiles/com.apple.system.logging.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.systempolicy.control.yaml b/mdm/profiles/com.apple.systempolicy.control.yaml index 2cef1cc..9b3bd66 100644 --- a/mdm/profiles/com.apple.systempolicy.control.yaml +++ b/mdm/profiles/com.apple.systempolicy.control.yaml @@ -27,13 +27,13 @@ payloadkeys: - key: EnableAssessment type: presence: optional - content: If 'true', enables Gatekeeper. + content: If 'true', enables Gatekeeper. If 'false', disables Gatekeeper. - key: AllowIdentifiedDevelopers type: presence: optional content: |- - If 'true', enables Gatekeeper's 'Mac App Store and identified developers' option. - If 'false', enables Gatekeeper's 'Mac App Store' option. + If 'true', enables Gatekeeper's “Mac App Store and identified developers” option. + If 'false', enables Gatekeeper's “Mac App Store” option. If the value of 'EnableAssessment' isn't set to 'true', this key has no effect. - key: EnableXProtectMalwareUpload supportedOS: diff --git a/mdm/profiles/com.apple.systempolicy.managed.yaml b/mdm/profiles/com.apple.systempolicy.managed.yaml index 6f5a6cd..eee826a 100644 --- a/mdm/profiles/com.apple.systempolicy.managed.yaml +++ b/mdm/profiles/com.apple.systempolicy.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.systempreferences.yaml b/mdm/profiles/com.apple.systempreferences.yaml index 16bd13c..c72f766 100644 --- a/mdm/profiles/com.apple.systempreferences.yaml +++ b/mdm/profiles/com.apple.systempreferences.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.systemuiserver.yaml b/mdm/profiles/com.apple.systemuiserver.yaml index 8949b42..755a7c6 100644 --- a/mdm/profiles/com.apple.systemuiserver.yaml +++ b/mdm/profiles/com.apple.systemuiserver.yaml @@ -11,6 +11,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.thirdactiveethernet.managed.yaml b/mdm/profiles/com.apple.thirdactiveethernet.managed.yaml index d97992d..575d8db 100644 --- a/mdm/profiles/com.apple.thirdactiveethernet.managed.yaml +++ b/mdm/profiles/com.apple.thirdactiveethernet.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.thirdethernet.managed.yaml b/mdm/profiles/com.apple.thirdethernet.managed.yaml index 33a07f6..6400875 100644 --- a/mdm/profiles/com.apple.thirdethernet.managed.yaml +++ b/mdm/profiles/com.apple.thirdethernet.managed.yaml @@ -10,6 +10,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.universalaccess.yaml b/mdm/profiles/com.apple.universalaccess.yaml index 28b74db..c8c9ed1 100644 --- a/mdm/profiles/com.apple.universalaccess.yaml +++ b/mdm/profiles/com.apple.universalaccess.yaml @@ -9,6 +9,7 @@ payload: multiple: false devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.vpn.managed.applayer.yaml b/mdm/profiles/com.apple.vpn.managed.applayer.yaml index 3b9ba17..523387c 100644 --- a/mdm/profiles/com.apple.vpn.managed.applayer.yaml +++ b/mdm/profiles/com.apple.vpn.managed.applayer.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.vpn.managed.yaml b/mdm/profiles/com.apple.vpn.managed.yaml index 7205f53..1f392d2 100644 --- a/mdm/profiles/com.apple.vpn.managed.yaml +++ b/mdm/profiles/com.apple.vpn.managed.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.webClip.managed.yaml b/mdm/profiles/com.apple.webClip.managed.yaml index a17e3e2..f99f9f5 100644 --- a/mdm/profiles/com.apple.webClip.managed.yaml +++ b/mdm/profiles/com.apple.webClip.managed.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: false userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/mdm/profiles/com.apple.wifi.managed.yaml b/mdm/profiles/com.apple.wifi.managed.yaml index 68093ad..6ff21b6 100644 --- a/mdm/profiles/com.apple.wifi.managed.yaml +++ b/mdm/profiles/com.apple.wifi.managed.yaml @@ -19,6 +19,7 @@ payload: multiple: true devicechannel: true userchannel: true + supervised: false requiresdep: false userapprovedmdm: false allowmanualinstall: true diff --git a/other/skipkeys.yaml b/other/skipkeys.yaml index 5529fa9..294ed33 100644 --- a/other/skipkeys.yaml +++ b/other/skipkeys.yaml @@ -114,8 +114,8 @@ payloadkeys: introduced: n/a type: presence: optional - content: If the key is included in the SkipSetup array the Camera Control pane will - be skipped. + content: The key to skip the Camera Button pane. This key is available in iOS 18 + and later. - key: DeviceToDeviceMigration title: Skip Device To Device Migration pane supportedOS: @@ -162,7 +162,7 @@ payloadkeys: type: presence: optional content: The key to skip the Lockdown Mode pane if an Apple Account is set up. Available - in macOS 14 and later, and iOS 17.1 and later. + in iOS 17.1 and later, and macOS 14 and later. - key: FileVault title: Skip configuration of FileVault supportedOS: @@ -255,9 +255,9 @@ payloadkeys: introduced: n/a type: presence: optional - content: If the key is included in the SkipSetup array the Keyboard pane will be - skipped. This pane isn't always skippable because it appears before the device - retrieves the Cloud Configuration from the server. + content: The key to skip the Keyboard pane. This pane isn't always skippable because + it appears before the device retrieves the Cloud Configuration from the server. + This key is available in iOS 13 and later. - key: Location title: Disables Location Services supportedOS: @@ -435,9 +435,9 @@ payloadkeys: introduced: n/a type: presence: optional - content: If the key is included in the SkipSetup array the Dictation pane will be - skipped. This pane isn't always skippable because it appears before the device - retrieves the Cloud Configuration from the server. + content: The key to skip the Dictation pane. This pane isn't always skippable because + it appears before the device retrieves the Cloud Configuration from the server. + This key is available in iOS 13 and later. - key: TapToSetup title: Skips simplified tap setup supportedOS: @@ -552,6 +552,19 @@ payloadkeys: presence: optional content: The key to skip the screen for watch migration. This key is available in iOS 11 and later. +- key: WebContentFiltering + title: Skip web content filtering pane + supportedOS: + iOS: + introduced: '18.2' + macOS: + introduced: n/a + tvOS: + introduced: n/a + type: + presence: optional + content: If the key is included in the SkipSetup array the Web Content Filtering + pane will be skipped. - key: Welcome title: Skip Get Started pane supportedOS: @@ -564,7 +577,7 @@ payloadkeys: type: presence: optional content: The key to skip the Get Started pane. This key is available in iOS 13 and - later. + later and macOS 15 and later. - key: Zoom title: Skips setting zoom configuration supportedOS: