CalvinBackup/apple-device-management-mdm
1
0
Fork 0
mirror of https://github.com/apple/device-management.git synced 2026-02-12 17:52:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
release
apple-device-management-mdm/mdm/commands/settings.yaml
Cyrus Daboo 8d9958d9b5 Release-v26.0
2025-09-15 20:38:03 -04:00

1346 lines
43 KiB
YAML
Raw Permalink Blame History

title: Settings Command
description: Configure settings on a device.
payload:
requesttype: Settings
supportedOS:
iOS:
introduced: '5.0'
accessrights: AllowSettings
supervised: false
requiresdep: false
sharedipad:
mode: allowed
devicechannel: true
userchannel: true
userenrollment:
mode: allowed
macOS:
introduced: '10.9'
accessrights: AllowSettings
devicechannel: true
userchannel: true
supervised: false
requiresdep: false
userenrollment:
mode: allowed
tvOS:
introduced: '9.0'
accessrights: AllowSettings
supervised: false
visionOS:
introduced: '1.1'
accessrights: AllowSettings
supervised: false
requiresdep: false
userenrollment:
mode: allowed
watchOS:
introduced: '10.0'
accessrights: AllowSettings
supervised: false
content: This command allows the server to set settings on the device. These settings
take effect on a one-time basis. The user may still be able to change the settings
at a later time. This command requires the ApplySettings right.
payloadkeys:
- key: Settings
type: <array>
presence: required
content: An array of dictionaries that contains the settings.
subkeys:
- key: Wallpaper
supportedOS:
iOS:
introduced: '8.0'
supervised: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains wallpaper settings. This setting doesn't support
user enrollment. Available in iOS 8 and later. Starting in iOS 16 and iPadOS
17, when setting the wallpaper for the first time, both locations update. After
that, you can set either location separately.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- Wallpaper
content: A string that identifies this setting.
- key: Image
type: <data>
presence: required
content: A Base64-encoded image in either PNG or JPG format to use for wallpaper.
- key: Where
type: <integer>
presence: required
rangelist:
- 1
- 2
- 3
content: |-
A number that indicates where to use the wallpaper, which is one of the following values:
- `1`: Lock Screen
- `2`: Home Screen
- `3`: Both Lock and Home Screens.
In iOS 16 and later, and iPadOS 17 and later, when you set the wallpaper for the first time, the system sets both the Lock Screen and Home Screen. After that, you can separately set each location.
- key: DataRoaming
supportedOS:
iOS:
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains data roaming settings. This setting requires
the Network Information access right, and doesn't support user enrollment. Available
in iOS 5 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- DataRoaming
content: A string that identifies this setting.
- key: Enabled
type: <boolean>
presence: required
content: If `true`, enable data roaming, which also enables voice roaming. If
`false`, disable data roaming.
- key: VoiceRoaming
supportedOS:
iOS:
deprecated: '16.0'
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains voice roaming settings. This setting requires
the Network Information access right, and doesn't support user enrollment. Available
in iOS 5 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- VoiceRoaming
content: A string that identifies this setting.
- key: Enabled
type: <boolean>
presence: required
content: If `true`, enable voice roaming. If `false`, disable voice roaming,
which also disables data roaming. The setting is only available for certain
carriers.
- key: PersonalHotspot
supportedOS:
iOS:
accessrights: AllowQueryNetworkInformation
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains Personal Hotspot settings. This setting requires
the Network Information access right, and doesn't support user enrollment. Available
in iOS 5 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- PersonalHotspot
content: A string that identifies this setting.
- key: Enabled
type: <boolean>
presence: required
content: If `true`, enable Personal Hotspot. If `false`, disable Personal Hotspot.
- key: Bluetooth
supportedOS:
iOS:
introduced: '11.3'
supervised: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: 10.13.4
userchannel: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains Bluetooth settings. This setting requires
the Network Information access right, doesn't support user enrollment, and is
available only on supervised devices. Available in iOS 11.3 and later, and macOS
10.13.4 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- Bluetooth
content: A string that identifies this setting.
- key: Enabled
type: <boolean>
presence: required
content: If `true`, enable the Bluetooth setting. If `false`, disable the Bluetooth
setting.
- key: ApplicationConfiguration
supportedOS:
iOS:
introduced: '7.0'
accessrights: AllowAppInstallation
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
macOS:
introduced: '10.15'
accessrights: AllowAppInstallation
userchannel: false
tvOS:
introduced: '10.2'
accessrights: AllowAppInstallation
visionOS:
accessrights: AllowAppInstallation
watchOS:
accessrights: AllowAppInstallation
type: <dictionary>
presence: optional
content: A dictionary that contains the configurations to apply to the app. Omit
this setting to remove existing configurations. This setting requires the App
Management access right, supports user enrollment, and is available in iOS 7
and later, macOS 10.15 and later, and tvOS 10.2 and later. This setting fails
for apps that Declarative Device Management manages.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- ApplicationConfiguration
content: A string that identifies this setting.
- key: Identifier
type: <string>
presence: required
content: |-
The bundle identifier of the managed app.
> Important:
> For a watchOS app, the identifier needs to be the watch's bundle identifier, which differs from the main bundle identifier for the iPhone to which the watch is paired. Obtain the watch's bundle identifier for an app with a watch bundle, in the `watchBundleId` key that's part of the Content Metadata query. For more information on this query, see `Getting App and Book Information`.
- key: Configuration
type: <dictionary>
presence: optional
content: A dictionary that contains the configurations to apply to the app.
Omit this setting to remove existing configurations.
subkeys:
- key: ANY
type: <any>
presence: optional
content: A dictionary that contains configurations.
- key: ApplicationAttributes
supportedOS:
iOS:
introduced: '7.0'
accessrights: AllowAppInstallation
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
macOS:
introduced: n/a
tvOS:
introduced: '10.2'
accessrights: AllowAppInstallation
visionOS:
accessrights: AllowAppInstallation
watchOS:
accessrights: AllowAppInstallation
type: <dictionary>
presence: optional
content: A dictionary that contains the attributes to apply to the app. Omit this
setting to remove existing attributes. This setting supports user enrollment,
is available in iOS 7 and later, and tvOS 10.2 and later. This setting fails
for apps that Declarative Device Management manages.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- ApplicationAttributes
content: A string that identifies this setting.
- key: Identifier
type: <string>
presence: required
content: |-
The bundle identifier of the app.
> Important:
> For a watchOS app, the identifier needs to be the watch's bundle identifier, which differs from the main bundle identifier for the iPhone to which the watch is paired. Obtain the watch's bundle identifier for an app with a watch bundle, in the `watchBundleId` key that's part of the Content Metadata query. For more information on this query, see `Getting App and Book Information`.
- key: Attributes
type: <dictionary>
presence: optional
content: A dictionary that contains the attributes to apply to the app. Omit
this setting to remove existing attributes. This setting is available in iOS
7 and later, and tvOS 10.2 and later.
subkeys:
- key: VPNUUID
supportedOS:
tvOS:
introduced: n/a
type: <string>
presence: optional
content: A per-app VPN unique identifier for this app. Available in iOS 7
and later.
- key: ContentFilterUUID
supportedOS:
iOS:
introduced: '16.0'
tvOS:
introduced: n/a
watchOS:
introduced: n/a
type: <string>
presence: optional
content: The content filter UUID for this app. Available in iOS 16 and later.
- key: DNSProxyUUID
supportedOS:
iOS:
introduced: '16.0'
tvOS:
introduced: n/a
watchOS:
introduced: n/a
type: <string>
presence: optional
content: The DNS proxy UUID for this app. Available in iOS 16 and later.
- key: RelayUUID
supportedOS:
iOS:
introduced: '17.0'
tvOS:
introduced: n/a
watchOS:
introduced: n/a
type: <string>
presence: optional
content: The relay UUID for this app. Available in iOS 17 and later.
- key: AssociatedDomains
supportedOS:
iOS:
introduced: '13.0'
tvOS:
introduced: n/a
type: <array>
presence: optional
content: An array that contains the associated domains to add to this app.
Available in iOS 13 and later.
subkeys:
- key: AssociatedDomain
type: <string>
- key: AssociatedDomainsEnableDirectDownloads
supportedOS:
iOS:
introduced: '14.0'
tvOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, perform claimed site association verification directly
at the domain, instead of on Apple's servers. Only set this to `true` for
domains that can't access the internet. Available in iOS 14 and later.
- key: Removable
supportedOS:
iOS:
introduced: '14.0'
tvOS:
introduced: '14.0'
type: <boolean>
presence: optional
default: true
content: If `false`, this app isn't removable while it's managed. Available
in iOS 14 and later, and tvOS 14 and later.
- key: TapToPayScreenLock
supportedOS:
iOS:
introduced: '16.4'
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: |-
If true, the system require Tap to Pay on iPhone users to use Face ID or a passcode to unlock their device after every transaction that requires a customer's card PIN. If `false`, the user can configure this setting on their device.
Available in iOS 16.4 and later.
- key: CellularSliceUUID
supportedOS:
iOS:
introduced: '17.0'
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <string>
presence: optional
content: |-
The data network name (DNN) or app category. For DNN, the value is `DNN:name`, where `name` is the carrier-provided DNN name. For app category, the value is `AppCategory:category`, where `category` is a carrier-provided string like "Enterprise1"`.`
Available in iOS 17 and later.
- key: Hideable
supportedOS:
iOS:
introduced: '18.1'
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents the user from hiding the app. It
doesn't affect the user's ability to leave it in the App Library, while
removing it from the Home Screen.
- key: Lockable
supportedOS:
iOS:
introduced: '18.1'
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the system prevents the user from locking the app. This
also prevents the user from hiding the app.
- key: DeviceName
supportedOS:
iOS:
supervised: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: '10.10'
userchannel: false
userenrollment:
mode: forbidden
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains device name settings. This setting doesn't
support user enrollment, and is available only on supervised devices. Available
in iOS 5 and later, macOS 10.10 and later, and visionOS 2 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- DeviceName
content: A string that identifies this setting.
- key: DeviceName
type: <string>
presence: required
content: The device's name.
- key: HostName
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.11'
userchannel: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains hostname settings. This setting doesn't support
user enrollment, and is available in macOS 10.11 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- HostName
content: The string that defines this setting type.
- key: HostName
type: <string>
presence: required
content: The hostname for the device.
- key: OrganizationInfo
supportedOS:
iOS:
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
macOS:
introduced: '10.9'
userchannel: false
type: <dictionary>
presence: optional
content: A dictionary that contains settings about the organization operating
the MDM server. This setting supports user enrollment. Available in iOS 5 and
later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- OrganizationInfo
content: The string that defines this setting type.
- key: OrganizationInfo
type: <dictionary>
presence: optional
content: A dictionary that contains information about the organization operating
the MDM server. Omit this setting to remove existing information.
subkeys:
- key: OrganizationName
type: <string>
presence: required
content: A string that describes the organization operating the MDM server
for display to the user during certain operations, such as purchasing or
installing apps.
- key: OrganizationShortName
supportedOS:
iOS:
introduced: '13.0'
macOS:
introduced: '10.15'
tvOS:
introduced: '13.0'
type: <string>
presence: optional
content: A shorter version of `OrganizationName`, preferably a single word
or abbreviation, suitable for display to the user in places where a very
short name is necessary.
- key: OrganizationAddress
type: <string>
presence: optional
content: The organization's address. Use the LF character (`&#10`) to insert
line breaks.
- key: OrganizationPhone
type: <string>
presence: optional
content: The organization's phone number.
- key: OrganizationEmail
type: <string>
presence: optional
content: The organization's support email address.
- key: OrganizationMagic
type: <string>
presence: optional
content: A unique identifier for the various services a single organization
manages.
- key: DefaultApplications
supportedOS:
iOS:
introduced: '18.2'
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '2.2'
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains default application bundle identifiers for
each default application type that can be set.
subkeys:
- key: WebBrowser
type: <string>
presence: optional
content: The bundle identifier of the app the system sets as the default web
browser. This app must be an eligible web browser for the region of the device.
- key: Calling
supportedOS:
iOS:
introduced: '26.0'
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <string>
presence: optional
content: The bundle identifier of the app that the system sets as the default
calling app. This app must be an eligible calling app.
- key: Messaging
supportedOS:
iOS:
introduced: '26.0'
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <string>
presence: optional
content: The bundle identifier of the app that the system sets as the default
messaging app. This app must be an eligible messaging app.
- key: MDMOptions
supportedOS:
iOS:
introduced: '7.0'
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
macOS:
introduced: '10.15'
userchannel: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.0'
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains settings related to the MDM protocol. This
setting doesn't support user enrollment. Available in iOS 7 and later, macOS
10.15 and later, and visionOS 2 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- MDMOptions
content: The string that defines this setting type.
- key: MDMOptions
type: <dictionary>
presence: required
content: A dictionary of MDM options.
subkeys:
- key: ActivationLockAllowedWhileSupervised
type: <boolean>
presence: optional
default: false
content: If `true`, a supervised device registers itself with Activation Lock
when the user enables Find My. This setting is available for supervised
devices in iOS 7 and later, and macOS 10.15 and later.
- key: BootstrapTokenAllowed
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.15'
deprecated: '11.0'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the server supports the Bootstrap Token commands.
- key: PromptUserToAllowBootstrapTokenForAuthentication
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '11.0'
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, warn the user that they need to reboot into RecoveryOS
and allow the MDM server to use the Bootstrap Token for authentication for
certain sensitive operations; for example, enabling kernel extensions or
installing certain types of software updates. Set this value to `false`
if your MDM server doesn't need to perform these operations. The value provided
here overrides the value specified in MDM, and only applies when `BootstrapTokenAllowedForAuthentication`
is `true` in the `SecurityInfo` response. This value is available for a
Mac with Apple silicon in macOS 11 and later.
- key: IdleRebootAllowed
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the device automatically reboots while locked after several
days of inactivity. This is set to `false` by default when a supervised
device enrolls.
- key: MaximumResidentUsers
supportedOS:
iOS:
introduced: '9.3'
deprecated: '13.4'
sharedipad:
mode: required
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains settings for maximum resident users. Apple
deprecated this setting in iOS 13.4. Use 'SharedDeviceConfiguration` instead.
This setting is available only for Shared iPad.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- MaximumResidentUsers
content: A string that identifies this setting.
- key: MaximumResidentUsers
type: <integer>
presence: required
content: |-
The maximum number of users that can use the device. If this value is greater than the value for the maximum possible number of users that the device supports, the MDM server uses that value instead.
This setting requires that the device is in the `AwaitingConfiguration` phase before it receives the `DeviceConfiguredCommand` message.
When a device reaches the maximum number of resident users and a new user tries to sign in, the MDM server removes a synchronized user to make space for the new user. If there are no synchronized users, the new user sign-in fails. A synchronized user is a user that has completed syncing their data.
- key: SharedDeviceConfiguration
supportedOS:
iOS:
introduced: '13.4'
sharedipad:
mode: required
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains shared device configuration settings. This
setting is available only for Shared iPad in iOS 13.4 and later.
subkeys:
- key: Item
supportedOS:
visionOS:
introduced: '26.0'
supervised: true
type: <string>
presence: required
rangelist:
- SharedDeviceConfiguration
content: A string that identifies this setting.
- key: QuotaSize
type: <integer>
presence: optional
content: The quota size, in megabytes (MB), for each user on the shared device,
or if the quota size is too small, the minimum quota size. Available to Temporary
Sessions Only guest users on iOS 17+.
- key: ResidentUsers
type: <integer>
presence: optional
content: The expected number of users. If this value is greater than the value
for the maximum possible number of users that the device supports, the MDM
server uses that value instead.
- key: UserSessionTimeout
supportedOS:
iOS:
introduced: '14.5'
type: <integer>
presence: optional
content: |-
The timeout, in seconds, for the user session. The user session logs out automatically after the specified period of inactivity. The minimum value is 30 seconds. Setting this value to `0` removes the timeout.
Available in iOS 14.5 and later.
- key: TemporarySessionTimeout
supportedOS:
iOS:
introduced: '14.5'
visionOS:
introduced: '26.0'
supervised: true
type: <integer>
presence: optional
content: |-
The timeout, in seconds, for the temporary session. The temporary session logs out automatically after the specified period of inactivity. The minimum value is 30 seconds. Setting this value to `0` removes the timeout.
Available in iOS 14.5 and later.
- key: TemporarySessionOnly
supportedOS:
iOS:
introduced: '14.5'
type: <boolean>
presence: optional
default: false
content: |-
If `true`, the user only sees the Guest Welcome pane and can only log in as a guest user.
If `false`, the user can sign in with a Managed Apple Account (the existing behavior).
Available in iOS 14.5 and later.
- key: ManagedAppleIDDefaultDomains
supportedOS:
iOS:
introduced: '16.0'
type: <array>
presence: optional
content: |-
A list of domains that the Shared iPad login screen displays. The user can pick a domain from the list to complete their Managed Apple Account.
If this list contains more than 3 domains, the system picks 3 at random for display. Available in iOS 16 and later.
subkeys:
- key: AppleID domain
type: <string>
- key: OnlineAuthenticationGracePeriod
supportedOS:
iOS:
introduced: '16.0'
type: <integer>
presence: optional
content: |-
A grace period (in days) for Shared iPad online authentication. The Shared iPad only verifies the user's passcode locally during login for users that already exist on the device. However, the system requires an online authentication (against Apple's identity server) after the number of days specified by this setting.
Setting this value to 0 enforces online authentication every time.
Available in iOS 16 and later.
- key: SkipLanguageAndLocaleSetupForNewUsers
supportedOS:
iOS:
introduced: '16.2'
type: <boolean>
presence: optional
default: false
content: |-
If `true`, the system picks the system language and locale automatically for the new Shared iPad user.
Available in iOS 16.2 and later.
- key: AwaitUserConfiguration
supportedOS:
iOS:
introduced: '17.0'
type: <dictionary>
presence: optional
content: |-
If enabled, the Shared iPad device enters Setup Assistant after the user triggers a login. The MDM server has a chance to configure the device and user. After configuration, the server needs to send a `User-Configured-Command` command to the user channel to unblock the login. This feature requires the device to have network access during the login process.
Available in iOS 17 and later.
subkeys:
- key: Enabled
type: <boolean>
presence: required
content: If `true`, the device stops at the Setup Assistant pane after user
login. The user can't use the device until it receives a `User-Configured-Command`
command.
- key: PasscodePolicy
supportedOS:
iOS:
introduced: '17.0'
type: <dictionary>
presence: optional
content: A dictionary that contains passcode policies.
subkeys:
- key: PasscodeLockGracePeriod
type: <integer>
presence: optional
rangelist:
- 0
- 60
- 300
- 900
- 3600
- 14400
content: |-
The number of seconds before a locked screen requires the user to enter the device passcode to unlock it. The minimum value is `0` seconds and the maximum value is `14400` seconds.
If a device has a passcode, a change to a larger value doesn't take effect until the user logs out or removes the passcode. For this reason, it's better to set this value before the user sets a passcode.
If the value is less than one of the known values, the device uses the next lowest value. For example a value of 299 results in an effective setting of 60.
This setting won't take effect if `TemporarySessionOnly` is `true` because there's no passcode for a temporary session.
- key: AutoLockTime
type: <integer>
presence: optional
content: The number of seconds before a device goes to sleep after being idle.
The minimum value for this setting is `120` seconds.
- key: DiagnosticSubmission
supportedOS:
iOS:
introduced: '9.3'
sharedipad:
mode: required
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains diagnostic submission settings. This setting
is available only for Shared iPad in iOS 9.3 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- DiagnosticSubmission
content: The string that defines this setting type.
- key: Enabled
type: <boolean>
presence: required
content: If `true`, enables diagnostic submission. If `false`, disables diagnostic
submission.
- key: AppAnalytics
supportedOS:
iOS:
introduced: 9.3.2
sharedipad:
mode: required
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains settings for sharing app analytics. This setting
is available only for Shared iPad in iOS 9.3.2 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- AppAnalytics
content: A string that identifies this setting.
- key: Enabled
type: <boolean>
presence: required
content: If `true`, enable sharing app analytics with app developers. If `false`,
disable sharing app analytics.
- key: PasscodeLockGracePeriod
supportedOS:
iOS:
introduced: 9.3.2
deprecated: '17.0'
sharedipad:
mode: required
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: |-
A dictionary that contains password lock grace period settings. This setting is available only for Shared iPad in iOS 9.3.2 and later.
This key is deprecated. Use 'PasscodeLockGracePeriod' in SettingsCommand.Command.Settings.SharedDeviceConfiguration.PasscodePolicy instead.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- PasscodeLockGracePeriod
content: A string that identifies this setting.
- key: PasscodeLockGracePeriod
type: <integer>
presence: required
rangelist:
- 0
- 60
- 300
- 900
- 3600
- 14400
content: |-
The number of seconds before a locked screen requires the user to enter the device passcode to unlock it. The minimum value is `0` seconds and the maximum value is `14400` seconds.
If a device has a passcode, a change to a larger value doesn't take effect until the user logs out or removes the passcode. For this reason, it's better to set this value before the user sets a passcode.
If the value is less than one of the known values, the device uses the next lowest value. For example a value of 299 results in an effective setting of 60.
This setting won't take effect if `TemporarySessionOnly` is `true` because there's no passcode for a temporary session.
- key: TimeZone
supportedOS:
iOS:
introduced: '14.0'
supervised: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: '14.0'
supervised: true
visionOS:
introduced: '2.0'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains time zone settings. This setting is available
only on supervised devices and doesn't support user enrollment. Available in
iOS 14 and later, tvOS 14 and later, and visionOS 2 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- TimeZone
content: A string that identifies this setting.
- key: TimeZone
type: <string>
presence: required
content: |-
The Internet Assigned Numbers Authority (IANA) time zone database name.
If the `forceAutomaticDateAndTime` restriction is set in `Restrictions`, this setting fails with an error. Otherwise, setting this value disables automatic time zone logic. The user is still be able to change the time zone; for example, by turning automatic date and time back on. The intention is to allow setting the time zone when automatic determination isn't be available, such as when Location Services are off.
- key: SoftwareUpdateSettings
supportedOS:
iOS:
introduced: '14.5'
deprecated: '26.0'
supervised: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains software update settings. This setting doesn't
support user enrollment. Available in iOS 14.5 and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- SoftwareUpdateSettings
content: A string that represents the type of updates that should appear in
the Software Update pane in Settings. Supervised only.
- key: RecommendationCadence
type: <integer>
presence: required
rangelist:
- 0
- 1
- 2
content: |-
This value defines how the system presents software updates to the user. When there's more than one available update for the user, the system behaves as follows:
- `0`: Presents both options to the user.
- `1`: Presents the lower numbered (oldest) software update version.
- `2`: Presents only the highest numbered (most recent) release available for the device.
This value has no effect when there's only one available update; the system shows the single available update to the user regardless of the value of this setting.
Available in iOS 14.5 and later.
- key: AccessibilitySettings
supportedOS:
iOS:
introduced: '16.0'
supervised: true
sharedipad:
mode: allowed
devicechannel: false
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
supervised: true
type: <dictionary>
presence: optional
content: A dictionary that contains accessibility settings. Available in iOS 16
and later.
subkeys:
- key: Item
type: <string>
presence: required
rangelist:
- AccessibilitySettings
content: Sets various accessibility settings. The system allows only keys with
explicitly provided values.
- key: BoldTextEnabled
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables bold text.
- key: IncreaseContrastEnabled
supportedOS:
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables increase contrast.
- key: ReduceMotionEnabled
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables reduced motion.
- key: ReduceTransparencyEnabled
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables reduced transparency.
- key: TextSize
type: <integer>
presence: optional
rangelist:
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
default: 4
content: The accessibility text size apps that support dynamic text use. `0`
is the smallest value, and `11` is the largest available.
- key: TouchAccommodationsEnabled
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables touch accommodations.
- key: VoiceOverEnabled
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables voiceover.
- key: ZoomEnabled
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables zoom.
- key: GrayscaleEnabled
supportedOS:
iOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If `true`, the system enables grayscale display.
responsekeys:
- key: Settings
type: <dictionary>
presence: optional
content: A dictionary that describes the results of configuring settings.
subkeys:
- key: Status
type: <string>
presence: required
content: |-
The status of the setting, which is one of the following values:
- `Acknowledged`: The device processed the command successfully.
- `Error`: An error occurred. See the `ErrorChain` for more details.
- key: ErrorChain
type: <array>
presence: optional
content: An array of dictionaries that describes any errors that occurred.
subkeys:
- key: ErrorChainItem
type: <dictionary>
content: A dictionary that describes an error chain item.
subkeys:
- key: ANY
type: <any>
presence: required
content: A dictionary that contains additional details about the error.
- key: Identifier
supportedOS:
iOS:
introduced: '7.0'
macOS:
introduced: n/a
tvOS:
introduced: '10.2'
type: <string>
presence: optional
content: |-
The app identifier to which this error applies.
> Note:
> For a watchOS app, the identifier is the watch's bundle identifier, which differs from the main bundle identifier for the iPhone to which the watch is paired.
notes:
- title: ''
content: |-
Users may be able to change the settings later if a profile isn't set to restrict such changes.
Refer to the following sections to determine supported channels and requirements, and to see an example request and response.
Reference in New Issue View Git Blame Copy Permalink