CalvinBackup/apple_device-management
1
0
Fork 0
mirror of https://github.com/apple/device-management.git synced 2026-02-12 12:52:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Release_iOS-18-3_macOS-15-3

Browse Source
This commit is contained in:
Cyrus Daboo
2025-01-28 14:49:18 -05:00
parent 1fa842739c
commit 2e6673873e
25 changed files with 144 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
LICENSE.txt
View File

@@ -1,4 +1,4 @@
Copyright © 2022-2024 Apple Inc.
Copyright © 2022-2025 Apple Inc.
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the

10
README.md
View File

@@ -8,11 +8,11 @@ This release corresponds to the following OS versions
| OS | Version |
|----------|---------|
| iOS | 18.2 |
| macOS | 15.2 |
| tvOS | 18.2 |
| visionOS | 2.2 |
| watchOS | 11.2 |
| iOS | 18.3 |
| macOS | 15.3 |
| tvOS | 18.3 |
| visionOS | 2.3 |
| watchOS | 11.3 |
## Important Release Notes

8
mdm/commands/information.contentcaching.yaml
View File

@@ -560,8 +560,8 @@ responsekeys:
content: |-
The status of the content cache's registration with Apple, which is one of the following values:
* '-1:' Failed
* ' 0:' Pending
* ' 1:' Succeeded
* '0:' Pending
* '1:' Succeeded
- key: RestrictedMedia
type: <boolean>
presence: optional
@@ -590,8 +590,8 @@ responsekeys:
content: |-
The status of tethered caching, which is content caching with a shared internet connection, which is one of the following values:
* '-1:' Unknown
* ' 0:' Disabled
* ' 1:' Enabled
* '0:' Disabled
* '1:' Enabled
- key: TotalBytesAreSince
type: <date>
presence: optional

4
mdm/commands/settings.yaml
View File

@@ -625,8 +625,8 @@ payloadkeys:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary that contains default application bundle identifiers. Currently
it supports a default web browser app.
content: A dictionary that contains default application bundle identifiers for
each default application type that can be set.
subkeys:
- key: Item
type: <string>

1
mdm/commands/system.update.schedule.yaml
View File

@@ -86,7 +86,6 @@ payloadkeys:
* 'InstallLater': Download the software update and install it at a later time. This value is available in macOS 10.11 and later.
* 'InstallForceRestart': Perform the 'Default' action, and then force a restart if the update requires it. This value is available in macOS 11 and later.
'InstallForceRestart' may result in data loss.
- key: MaxUserDeferrals
supportedOS:

6
mdm/profiles/com.apple.ADCertificate.managed.yaml
View File

@@ -60,9 +60,9 @@ payloadkeys:
* CN=<your CA Name>
* CN='Certification Authorities'
* CN='Public Key Services'
* ''CN='Services'
* ''CN='Configuration'
* ''CN=<your base Domain Name>
* CN='Services'
* CN='Configuration'
* CN=<your base Domain Name>
- key: CertificateAcquisitionMechanism
title: Certificate Acquisition Mechanism
supportedOS:

2
mdm/profiles/com.apple.DirectoryService.managed.yaml
View File

@@ -265,7 +265,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADTrustChangePassIntervalDays 'key.
content: If 'true', the system enables the 'ADTrustChangePassIntervalDays' key.
- key: ADTrustChangePassIntervalDays
title: ADTrustChangePassIntervalDays
type: <integer>

6
mdm/profiles/com.apple.MCX(EnergySaver).yaml
View File

@@ -75,21 +75,21 @@ payloadkeys:
rangelist:
- 0
- 1
content: If 'true', enables 'Wake for network access.'
content: If 'true', enables Wake for network access.
- key: Wake On Modem Ring
type: <integer>
presence: optional
rangelist:
- 0
- 1
content: If 'true', enables 'Wake for modem ring.'
content: If 'true', enables Wake for modem ring.
- key: Automatic Restart On Power Loss
type: <integer>
presence: optional
rangelist:
- 0
- 1
content: If 'true', enables 'Start up automatically after a power failure.'
content: If 'true', enables Start up automatically after a power failure.
- key: com.apple.EnergySaver.portable.ACPower
type: <dictionary>
presence: optional

12
mdm/profiles/com.apple.SoftwareUpdate.yaml
View File

@@ -60,7 +60,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: If 'false', restricts the 'Install macOS Updates' option and prevents the
content: If 'false', restricts the Install macOS Updates option and prevents the
user from changing the option.
- key: AutomaticallyInstallAppUpdates
supportedOS:
@@ -69,7 +69,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: If 'false', deselects the 'Install app updates from the App Store' option
content: If 'false', deselects the Install app updates from the App Store option
and prevents the user from changing the option.
- key: AutomaticCheckEnabled
supportedOS:
@@ -78,7 +78,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: If 'false', deselects the 'Check for updates' option and prevents the user
content: If 'false', deselects the Check for updates option and prevents the user
from changing the option.
- key: AutomaticDownload
supportedOS:
@@ -87,8 +87,8 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: If 'false', deselects the 'Download new updates when available from the
App Store' option and prevents the user from changing the option.
content: If 'false', deselects the Download new updates when available from the
App Store option and prevents the user from changing the option.
- key: CriticalUpdateInstall
supportedOS:
macOS:
@@ -97,7 +97,7 @@ payloadkeys:
presence: optional
default: true
content: If 'false', disables the automatic installation of critical updates and
prevents the user from changing the 'Install system data files and security updates'
prevents the user from changing the Install system data files and security updates
option.
- key: ConfigDataInstall
supportedOS:

2
mdm/profiles/com.apple.TCC.configuration-profile-policy.yaml
View File

@@ -55,7 +55,7 @@ payloadkeys:
- key: CodeRequirement
type: <string>
presence: required
content: Obtained via the command ''codesign -display -r -''.
content: Obtained via the command 'codesign -display -r -'.
- key: StaticCode
type: <boolean>
presence: optional

81
mdm/profiles/com.apple.applicationaccess.yaml
View File

@@ -1236,6 +1236,40 @@ payloadkeys:
default: true
content: If 'false', the system disallows dictation input. Available in iOS 10.3
and later, and macOS 10.13 and later. Requires a supervised device in iOS.
- key: allowedExternalIntelligenceWorkspaceIDs
title: Allowed External Intelligence Workspace IDs
supportedOS:
iOS:
introduced: '18.3'
supervised: true
allowmanualinstall: false
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.3'
allowmanualinstall: false
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <array>
presence: optional
content: Array of strings, but currently restricted to a single element. If present,
Apple Intelligence will only allow the given external integration workspace ID
to be used, and will require a sign-in in order to make requests; the user will
be required to sign in to integrations that support signing in. Multiple payloads
will combine using an intersect operation. This means the allowed set of workspace
IDs can become the empty set if conflicting values are specified in multiple payloads.
subkeys:
- key: allowedWorkspaceID
title: Allowed Workspace ID
type: <string>
- key: allowEnablingRestrictions
title: Allow Configuring Restrictions or ScreenTime
supportedOS:
@@ -1431,7 +1465,7 @@ payloadkeys:
macOS:
introduced: '15.2'
userenrollment:
mode: forbidden
mode: allowed
tvOS:
introduced: n/a
visionOS:
@@ -2282,6 +2316,29 @@ payloadkeys:
default: true
content: If 'false', the system disables NFC. Requires a supervised device. Available
in iOS 14.2 and later.
- key: allowNotesTranscriptionSummary
supportedOS:
iOS:
introduced: '18.3'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.3'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If false, disables transcription summarization in Notes.
- key: allowNotificationsModification
title: Allow Modifying Notifications Settings
supportedOS:
@@ -3199,6 +3256,28 @@ payloadkeys:
default: true
content: If 'false', the system hides the FaceTime app. Available in iOS 4 and later.
Requires a supervised device in iOS 13 and later.
- key: allowVisualIntelligenceSummary
title: Allow Visual Intelligence Summary
supportedOS:
iOS:
introduced: '18.3'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: When false, disables visual intelligence summarization.
- key: allowVoiceDialing
title: Allow Voice Dialing While Device is Locked
supportedOS:

2
mdm/profiles/com.apple.associated-domains.yaml
View File

@@ -46,7 +46,7 @@ payloadkeys:
type: <array>
presence: required
content: The domains to associate with the app. Each string is in the form of
''service:domain''. Use fully qualified hostnames, such as 'www.example.com'.
“'service:domain'. Use fully qualified hostnames, such as 'www.example.com'.
See Supporting associated domains for more information.
subkeys:
- key: AssociatedDomain

29
mdm/profiles/com.apple.dock.yaml
View File

@@ -81,7 +81,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', locks 'Minimize windows using.'
content: If 'true', locks Minimize windows using.
- key: windowtabbing
supportedOS:
macOS:
@@ -92,7 +92,7 @@ payloadkeys:
- manual
- always
- fullscreen
content: Set the 'Prefer tabs when opening documents' to the provided value.
content: Set the Prefer tabs when opening documents to the provided value.
- key: windowtabbing-immutable
supportedOS:
macOS:
@@ -100,7 +100,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', disables 'Prefer tabs when opening documents' checkbox.
content: If 'true', disables Prefer tabs when opening documents checkbox.
- key: dblclickbehavior
supportedOS:
macOS:
@@ -119,12 +119,12 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', locks 'Double-click a window's title bar.'
content: If 'true', locks Double-click a window's title bar.
- key: minimize-to-application
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Minimize windows into application icon.'
content: If 'true', enables Minimize windows into application icon.
- key: minintoapp-immutable
supportedOS:
macOS:
@@ -132,27 +132,27 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', disables the 'Minimize windows into application icon' checkbox.
content: If 'true', disables the Minimize windows into application icon checkbox.
- key: launchanim
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Animate opening applications.'
content: If 'true', enables Animate opening applications.
- key: launchanim-immutable
type: <boolean>
presence: optional
default: false
content: If 'true', locks 'Animate opening applications.'
content: If 'true', locks Animate opening applications.
- key: autohide
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Automatically hide and show the dock.'
content: If 'true', enables Automatically hide and show the dock.
- key: autohide-immutable
type: <boolean>
presence: optional
default: false
content: If 'true', locks 'Automatically hide.'
content: If 'true', locks Automatically hide.
- key: show-process-indicators
type: <boolean>
presence: optional
@@ -162,7 +162,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', locks 'Show indicators.'
content: If 'true', locks Show indicators.
- key: show-recents
supportedOS:
macOS:
@@ -170,7 +170,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Show recent items.'
content: If 'true', enables Show recent items.
- key: showrecents-immutable
supportedOS:
macOS:
@@ -178,7 +178,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', disables 'Show recent applications' checkbox.
content: If 'true', disables Show recent applications checkbox.
- key: contents-immutable
type: <boolean>
presence: optional
@@ -189,8 +189,7 @@ payloadkeys:
presence: optional
content: |-
One or more special folders that may be created at user login time and placed in the dock.
The 'My Applications' item is only used for Simple Finder environments. The 'Original Network Home' item is only used for mobile account users.
The “My Applications” item is only used for Simple Finder environments. The “Original Network Home” item is only used for mobile account users.
subkeys:
- key: MCXDockSpecialFoldersItems
type: <string>

2
mdm/profiles/com.apple.extensiblesso(kerberos).yaml
View File

@@ -243,7 +243,7 @@ payloadkeys:
presence: optional
default: false
content: If 'true', the system requires passwords to meet Active Directory's definition
of 'complex'. Available in macOS 10.15 and later.
of complex. Available in macOS 10.15 and later.
- key: pwReqMinAge
supportedOS:
iOS:

4
mdm/profiles/com.apple.extensiblesso.yaml
View File

@@ -121,8 +121,8 @@ payloadkeys:
content: If set to 'Cancel', the system cancels authentication requests when the
screen is locked. If set to 'DoNotHandle', the request continues without SSO instead.
This doesn't apply to requests where 'userInterfaceEnabled' is 'false', or for
background NSURLSession requests. Available in iOS 15 and later, and macOS 12
and later.
background URLSession requests. Available in iOS 15 and later, and macOS 12 and
later.
- key: DeniedBundleIdentifiers
supportedOS:
iOS:

1
mdm/profiles/com.apple.familycontrols.contentfilter.yaml
View File

@@ -43,7 +43,6 @@ payloadkeys:
presence: optional
content: |-
An array of sites that defines an allow list. If specified, this defines additional allowed sites besides those in the automated allow list and deny list, including disallowed adult sites.
This key is required if 'whiteListEnabled' is 'true'.
subkeys:
- key: siteWhitelistItem

1
mdm/profiles/com.apple.font.yaml
View File

@@ -48,7 +48,6 @@ payloadkeys:
default: ''
content: |-
The user-visible name for the font. This field is replaced by the actual name of the font after installation. Each payload must contain exactly one font file in trueType (.ttf) or OpenType (.otf) format. Collection formats (.ttc or .otc) are not supported.
Fonts are identified by their embedded PostScript names. Two fonts with the same PostScript name are considered to be the same font even if their contents differ. Installing two different fonts with the same PostScript name isn't supported, and the resulting behavior is undefined.
- key: Font
title: Font

2
mdm/profiles/com.apple.loginwindow.yaml
View File

@@ -50,7 +50,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', the system displays “Other...” when it shows a list of users.
content: If 'true', the system displays “Other” when it shows a list of users.
- key: AdminHostInfo
type: <string>
presence: optional

1
mdm/profiles/com.apple.networkusagerules.yaml
View File

@@ -39,7 +39,6 @@ payloadkeys:
presence: optional
content: |-
A list of managed app identifiers, as strings, that must follow the associated rules. If this key is missing, the rules apply to all managed apps on the device.
Each string in the 'AppIdentifierMatches' array may either be an exact app identifier match (for example, 'com.mycompany.myapp') or it may specify a prefix match for the bundle ID by using the * wildcard character. If used, this character must appear after a period (.) and may only appear once, at the end of the string; for example, 'com.mycompany.*'.
subkeys:
- key: AppIdentifierMatchesItem

2
mdm/profiles/com.apple.notificationsettings.yaml
View File

@@ -167,6 +167,4 @@ payloadkeys:
* '0' - Always: Previews will be shown when the device is locked and unlocked
* '1' - When Unlocked: Previews will only be shown when the device is unlocked
* '2' - Never: Previews will never be shown
Available in iOS 14 and later.

1
mdm/profiles/com.apple.systemuiserver.yaml
View File

@@ -108,7 +108,6 @@ payloadkeys:
presence: optional
content: |-
A string or an array of media action strings. Internally installed SD cards and USB flash drives are included in the hard disk-external category.
This key is the default for media types that don't fall into other categories.
subkeytype: ActionStringItem
subkeys: *id001

18
mdm/profiles/com.apple.universalaccess.yaml
View File

@@ -30,7 +30,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Use keyboard shortcuts' in the Zoom options.
content: If 'true', enables Use keyboard shortcuts in the Zoom options.
- key: closeViewNearPoint
type: <integer>
presence: optional
@@ -39,7 +39,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Use scroll gesture' in the Zoom options.
content: If 'true', enables Use scroll gesture in the Zoom options.
- key: closeViewShowPreview
supportedOS:
macOS:
@@ -48,13 +48,13 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Show preview rectangle' in the Zoom options. Only available
content: If 'true', enables Show preview rectangle in the Zoom options. Only available
in macOS 10.15 and earlier.
- key: closeViewSmoothImages
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Smooth images' in the Zoom options.
content: If 'true', enables Smooth images in the Zoom options.
- key: contrast
type: <real>
presence: optional
@@ -66,7 +66,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Flash the screen' in the Audio options.
content: If 'true', enables Flash the screen in the Audio options.
- key: grayscale
supportedOS:
macOS:
@@ -75,7 +75,7 @@ payloadkeys:
presence: optional
default: false
content: |-
If 'true', enables 'Use grayscale' in the Display options.
If 'true', enables Use grayscale in the Display options.
This option is deprecated in macOS 11.
- key: mouseDriver
type: <boolean>
@@ -103,12 +103,12 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Slow Keys' in the Keyboard options.
content: If 'true', enables Slow Keys in the Keyboard options.
- key: slowKeyBeepOn
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'click key sounds' for Slow Keys.
content: If 'true', enables click key sounds for Slow Keys.
- key: slowKeyDelay
type: <integer>
presence: optional
@@ -132,7 +132,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: false
content: If 'true', enables 'Display pressed keys on screen' for Sticky Keys.
content: If 'true', enables Display pressed keys on screen for Sticky Keys.
- key: voiceOverOnOffKey
type: <boolean>
presence: optional

14
mdm/profiles/com.apple.vpn.managed.yaml
View File

@@ -61,7 +61,13 @@ payloadkeys:
presence: optional
content: |-
An identifier for a vendor-specified configuration dictionary when the value for 'VPNType' is 'VPN'.
If 'VPNType' is 'VPN', the system requires this field. If the configuration targets a VPN solution that uses a network extension provider, then this field contains the bundle identifier of the app that contains the provider. Contact the VPN solution vendor for the value of the identifier.
If 'VPNType' is 'VPN', the system requires this field. If the configuration targets a VPN solution that uses a VPN plugin, then this field contains the bundle identifier of the plugin. Here are some examples:
* Cisco AnyConnect: 'com.cisco.anyconnect.applevpn.plugin'
* Juniper SSL: 'net.juniper.sslvpn'
* F5 SSL: 'com.f5.F5-Edge-Client.vpnplugin'
* SonicWALL Mobile Connect: 'com.sonicwall.SonicWALL-SSLVPN.vpnplugin'
* ``Aruba VIA: 'com.arubanetworks.aruba-via.vpnplugin'
If the configuration targets a VPN solution that uses a network extension provider, then this field contains the bundle identifier of the app that contains the provider. Contact the VPN solution vendor for the value of the identifier.
If 'VPNType' is 'IKEv2', then the 'VPNSubType' field is optional and reserved for future use. If it's specified, it needs to contain an empty string.
Not available in watchOS.
- key: UserDefinedName
@@ -673,7 +679,7 @@ payloadkeys:
type: <string>
presence: optional
content: |-
The name of the group. For hybrid authentication, the string needs to end with 'hybrid'.
The name of the group. For hybrid authentication, the string needs to end with hybrid.
Present only for Cisco IPSec if 'AuthenticationMethod' is 'SharedSecret'.
- key: LocalIdentifierType
title: Local Identifier Type
@@ -1744,8 +1750,8 @@ payloadkeys:
type: <array>
presence: optional
content: The array of captive networking apps whose traffic is allowed outside
the VPN tunnel, to perform captive network handling. Used only when 'AllowAllCaptiveNetworkPlugins
'is 'false'.
the VPN tunnel, to perform captive network handling. Used only when 'AllowAllCaptiveNetworkPlugins'
is 'false'.
subkeys:
- key: AllowedCaptiveNetworkPluginElement
title: An AllowedCaptiveNetworkPlugin Element

1
mdm/profiles/com.apple.wifi.managed.yaml
View File

@@ -521,7 +521,6 @@ payloadkeys:
default: true
content: |-
If 'true', disables L3 marking and only uses L2 marking for traffic that goes to the Wi-Fi network.
If 'false', the system behaves as if Wi-Fi doesn't have an association with a Cisco QoS fast lane network.
- key: SetupModes
supportedOS:

3
mdm/profiles/com.apple.xsan.yaml
View File

@@ -33,7 +33,6 @@ payloadkeys:
presence: required
content: |-
An array of LDAP URLs where Xsan systems can obtain SAN configuration updates. This key is required for all Xsan SANs. There should be one entry for each Xsan MDC.
Example URL: 'ldaps://mdc1.example.com:389'.
subkeys:
- key: sanConfigURLsItem
@@ -45,7 +44,6 @@ payloadkeys:
presence: required
content: |-
An array of storage area network (SAN) File System Name Server coordinators. The list should contain the same addresses in the same order as the metadata controller (MDC) '/Library/Preferences/Xsan/fsnameservers' file. Xsan SAN clients automatically receive updates to the 'fsnameservers' list from the SAN configuration servers whenever this list changes. StorNext administrators should update their profile whenever the 'fsnameservers' list changes.
This key is required for StorNext SANs.
subkeys:
- key: fsnameserversItem
@@ -59,7 +57,6 @@ payloadkeys:
- auth_secret
content: |-
The authentication method for the SAN. This key is required for all Xsan SANs. It's optional for StorNext SANs but should be set if the StorNext SAN uses an 'auth_secret' file.
Only one value is accepted: 'auth_secret'
- key: sharedSecret
type: <string>