From 67045e2fa06f528b196c01edee6a8bf88b844beb Mon Sep 17 00:00:00 2001 From: Cyrus Daboo Date: Wed, 25 Mar 2026 10:10:17 -0400 Subject: [PATCH] Release-v26.4 --- LICENSE.txt | 2 +- README.md | 10 +- .../external-intelligence.settings.yaml | 61 ++++++ .../configurations/intelligence.settings.yaml | 179 ++++++++++++++++++ .../configurations/keyboard.settings.yaml | 102 ++++++++++ .../configurations/math.settings.yaml | 3 +- .../migration-assistant.settings.yaml | 71 +++++++ .../configurations/siri.settings.yaml | 84 ++++++++ .../status/migration-assistant.report.yaml | 77 ++++++++ .../status/migration-assistant.state.yaml | 39 ++++ .../status/softwareupdate.device-id.yaml | 2 +- docs/errata.md | 18 ++ mdm/checkin/returntoservice.yaml | 11 ++ mdm/profiles/com.apple.applicationaccess.yaml | 104 ++++++++-- ...om.apple.familycontrols.contentfilter.yaml | 24 +-- mdm/profiles/com.apple.fileproviderd.yaml | 86 +++++++++ other/skipkeys.yaml | 28 --- 17 files changed, 841 insertions(+), 60 deletions(-) create mode 100644 declarative/declarations/configurations/external-intelligence.settings.yaml create mode 100644 declarative/declarations/configurations/intelligence.settings.yaml create mode 100644 declarative/declarations/configurations/keyboard.settings.yaml create mode 100644 declarative/declarations/configurations/migration-assistant.settings.yaml create mode 100644 declarative/declarations/configurations/siri.settings.yaml create mode 100644 declarative/status/migration-assistant.report.yaml create mode 100644 declarative/status/migration-assistant.state.yaml diff --git a/LICENSE.txt b/LICENSE.txt index b899c1a..72d6a41 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,4 +1,4 @@ -Copyright © 2022-2025 Apple Inc. +Copyright © 2022-2026 Apple Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index d0ac4ef..5def0b7 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,11 @@ This release corresponds to the following OS versions | OS | Version | |----------|---------| -| iOS | 26.2 | -| macOS | 26.2 | -| tvOS | 26.2 | -| visionOS | 26.2 | -| watchOS | 26.2 | +| iOS | 26.4 | +| macOS | 26.4 | +| tvOS | 26.4 | +| visionOS | 26.4 | +| watchOS | 26.4 | ## What's Available diff --git a/declarative/declarations/configurations/external-intelligence.settings.yaml b/declarative/declarations/configurations/external-intelligence.settings.yaml new file mode 100644 index 0000000..6144994 --- /dev/null +++ b/declarative/declarations/configurations/external-intelligence.settings.yaml @@ -0,0 +1,61 @@ +title: External Intelligence Settings +description: The declaration to configure External Intelligence Integrations settings. +payload: + declarationtype: com.apple.configuration.external-intelligence.settings + supportedOS: + iOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + sharedipad: + allowed-scopes: [] + macOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + - user + tvOS: + introduced: n/a + visionOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + watchOS: + introduced: n/a + apply: combined + content: Configures External Intelligence Integrations settings. +payloadkeys: +- key: Enabled + title: Allow External Intelligence Integrations + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables external intelligence integrations. +- key: AllowSignIn + title: Allow External Intelligence Integrations Sign In + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables sign-in for external intelligence integrations. +- key: AllowedWorkspaceIDs + title: Allowed External Intelligence Workspace IDs + type: + presence: optional + combinetype: set-intersection + content: An array of strings, but currently restricted to a single element. If present, + Apple Intelligence allows use of only the given external integration workspace + ID, and requires a sign-in to make requests. The user is required to sign in to + integrations that support signing in. Multiple values combine using an intersect + operation. + subkeys: + - key: workspaceID + title: Allowed Workspace ID + type: diff --git a/declarative/declarations/configurations/intelligence.settings.yaml b/declarative/declarations/configurations/intelligence.settings.yaml new file mode 100644 index 0000000..9093340 --- /dev/null +++ b/declarative/declarations/configurations/intelligence.settings.yaml @@ -0,0 +1,179 @@ +title: Intelligence Settings +description: The declaration to configure Apple Intelligence settings. +payload: + declarationtype: com.apple.configuration.intelligence.settings + supportedOS: + iOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + sharedipad: + allowed-scopes: [] + macOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + - user + tvOS: + introduced: n/a + visionOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + watchOS: + introduced: n/a + apply: combined + content: Configures Apple Intelligence settings. +payloadkeys: +- key: AllowAppleIntelligenceReport + title: Allow Apple Intelligence Report + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Apple Intelligence Report. +- key: AllowGenmoji + title: Allow Genmoji + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Genmoji. +- key: AllowImagePlayground + title: Allow Image Playground + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Image Playground. +- key: AllowImageWand + title: Allow Image Wand + supportedOS: + macOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Image Wand. +- key: AllowPersonalizedHandwritingResults + title: Allow Personalized Handwriting Results + supportedOS: + macOS: + introduced: n/a + visionOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Personalized Handwriting Results. +- key: AllowVisualIntelligenceSummary + title: Allow Visual Intelligence Summary + supportedOS: + macOS: + introduced: n/a + visionOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Visual Intelligence Summary. +- key: AllowWritingTools + title: Allow Writing Tools + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Writing Tools. +- key: Apps + title: Apps + type: + presence: optional + content: If present, configures app-specific Intelligence features. + subkeys: + - key: Mail + title: Mail + type: + presence: optional + content: If present, configures Mail Intelligence features. + subkeys: + - key: AllowSmartReplies + title: Allow Smart Replies + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Mail Smart Replies. + - key: AllowSummary + title: Allow Summary + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Mail Summary. + - key: Notes + title: Notes + type: + presence: optional + content: If present, configures Notes Intelligence features. + subkeys: + - key: AllowTranscription + title: Allow Transcription + supportedOS: + visionOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Notes Transcription. + - key: AllowTranscriptionSummary + title: Allow Transcription Summary + supportedOS: + visionOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Notes Transcription Summary. + - key: Safari + title: Safari + type: + presence: optional + content: If present, configures Safari intelligence features. + subkeys: + - key: AllowSummary + title: Allow Summary + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Safari Summary. +- key: ForceOnDeviceOnlyDictation + title: Force On-Device Only Dictation + type: + presence: optional + default: false + combinetype: boolean-or + content: If `true`, forces On-Device Only Dictation. +- key: ForceOnDeviceOnlyTranslation + title: Force On-Device Only Translation + supportedOS: + macOS: + introduced: n/a + visionOS: + introduced: n/a + type: + presence: optional + default: false + combinetype: boolean-or + content: If `true`, forces On-Device Only Translation. diff --git a/declarative/declarations/configurations/keyboard.settings.yaml b/declarative/declarations/configurations/keyboard.settings.yaml new file mode 100644 index 0000000..7edbf53 --- /dev/null +++ b/declarative/declarations/configurations/keyboard.settings.yaml @@ -0,0 +1,102 @@ +title: Keyboard Settings +description: The declaration to configure keyboard settings. +payload: + declarationtype: com.apple.configuration.keyboard.settings + supportedOS: + iOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + sharedipad: + allowed-scopes: + - user + macOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + - user + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + apply: combined + content: Configures keyboard settings. +payloadkeys: +- key: AllowAutoCorrection + title: Allow Auto-Correction + supportedOS: + macOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables auto-correction. +- key: AllowDefinitionLookup + title: Allow Definition Lookup + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables definition lookup. +- key: AllowDictation + title: Allow Dictation + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables dictation. +- key: AllowMathKeyboardSuggestions + title: Allow Math Keyboard Suggestions + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables keyboard suggestions that include math solutions. + This key is also supported by the math.settings configuration. +- key: AllowPredictiveText + title: Allow Predictive Text + supportedOS: + macOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables predictive text. +- key: AllowSlideToType + title: Allow Slide to Type + supportedOS: + macOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables slide to type. +- key: AllowSpellCheck + title: Allow Spell Check + supportedOS: + macOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables spell check. +- key: AllowTextReplacement + title: Allow Text Replacement + supportedOS: + macOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables text replacement. diff --git a/declarative/declarations/configurations/math.settings.yaml b/declarative/declarations/configurations/math.settings.yaml index 27bbda5..4593003 100644 --- a/declarative/declarations/configurations/math.settings.yaml +++ b/declarative/declarations/configurations/math.settings.yaml @@ -109,7 +109,8 @@ payloadkeys: type: presence: required combinetype: boolean-and - content: Controls whether keyboard suggestions include math solutions. + content: Controls whether keyboard suggestions include math solutions. This key + is also supported by the keyboard.settings configuration. - key: MathNotes type: presence: required diff --git a/declarative/declarations/configurations/migration-assistant.settings.yaml b/declarative/declarations/configurations/migration-assistant.settings.yaml new file mode 100644 index 0000000..8c11056 --- /dev/null +++ b/declarative/declarations/configurations/migration-assistant.settings.yaml @@ -0,0 +1,71 @@ +title: Migration Assistant Settings +description: The declaration to configure Migration Assistant settings. +payload: + declarationtype: com.apple.configuration.migration-assistant.settings + supportedOS: + iOS: + introduced: n/a + macOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + apply: combined + content: Configures the managed migration functions of Migration Assistant. +payloadkeys: +- key: ShouldDoManagedMigration + type: + presence: required + combinetype: boolean-or + content: If `true`, the device manages Migration Assistant. +- key: ExcludedAccounts + type: + presence: optional + combinetype: set-union + content: An array of strings that represent the user account short names the system + excludes from migration. + subkeys: + - key: _Accounts + type: +- key: ExcludedPaths + type: + presence: optional + combinetype: set-union + content: An array of strings that represent files and directories relative to the + user's home directory that the system excludes from migration. Directory paths + need to include a trailing "/". For example, to exclude the "Excluded" directory + in the "Documents" folder of a user's home directory, use "Documents/Excluded/". + subkeys: + - key: _ExcludedPaths + type: +- key: RequiredPaths + type: + presence: optional + combinetype: set-union + content: An array of strings that represent files and directories relative to the + user's home directory that the system needs to migrate. Directory paths need to + include a trailing "/". For example, to require the "Required" directory in the + "Documents" folder of a user's home directory, use "Documents/Required/". + subkeys: + - key: _RequiredPaths + type: +- key: ShouldMigrateSecurityPrivacySettings + type: + presence: required + combinetype: boolean-or + content: If `true`, the system migrates Security & Privacy settings. +notes: +- title: '' + content: |- + This declaration allows the device management service to configure Migration Assistant when it runs during Setup Assistant on a Mac. This makes it easy for users to do Mac-to-Mac migrations of enterprise devices when they setup a new Mac. + + Configure the device to use the `AwaitingConfiguration` state after it enrolls with the server. The server needs to send the configuration and verify the configuration as both active and valid using the Declarative Device Management status, before it sends the `DeviceConfiguredCommand` command to exit that state. + + The device reports Migration Assistant progress using the `StatusMigrationAssistantState` status item, and provides a report when migration completes using the `StatusMigrationAssistantReport` status item. diff --git a/declarative/declarations/configurations/siri.settings.yaml b/declarative/declarations/configurations/siri.settings.yaml new file mode 100644 index 0000000..703c970 --- /dev/null +++ b/declarative/declarations/configurations/siri.settings.yaml @@ -0,0 +1,84 @@ +title: Siri Settings +description: The declaration to configure Siri settings. +payload: + declarationtype: com.apple.configuration.siri.settings + supportedOS: + iOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + sharedipad: + allowed-scopes: + - user + macOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + - user + tvOS: + introduced: n/a + visionOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + watchOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + apply: combined + content: Configures Siri settings. +payloadkeys: +- key: Enabled + title: Enabled + supportedOS: + watchOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Siri. +- key: AllowUserGeneratedContent + title: Allow User Generated Content + supportedOS: + macOS: + introduced: n/a + visionOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Siri user-generated content. +- key: AllowWhileLocked + title: Allow While Locked + supportedOS: + macOS: + introduced: n/a + visionOS: + introduced: n/a + type: + presence: optional + default: true + combinetype: boolean-and + content: If `false`, disables Siri while locked. +- key: ForceProfanityFilter + title: Force Profanity Filter + supportedOS: + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: false + combinetype: boolean-or + content: If `true`, forces Siri profanity filter. diff --git a/declarative/status/migration-assistant.report.yaml b/declarative/status/migration-assistant.report.yaml new file mode 100644 index 0000000..4112a35 --- /dev/null +++ b/declarative/status/migration-assistant.report.yaml @@ -0,0 +1,77 @@ +title: Status Migration Assistant Report +description: Reports the status of a completed migration. +payload: + statusitemtype: migration-assistant.report + supportedOS: + iOS: + introduced: n/a + macOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a +payloadkeys: +- key: migration-assistant.report + title: Migration Assistant Report + type: + presence: required + content: The Migration Assistant migration status. + subkeys: + - key: completed-data-size + title: Migration Completed Data Size + type: + presence: optional + content: The total amount of data the system successfully migrated from the source + system. + - key: completed-file-count + title: Migration Completed File Count + type: + presence: optional + content: The number of files successfully migrated from the source system. + - key: completion-time + title: Migration Completion Time + type: + presence: optional + content: The RFC 3339 timestamp for when the system completed migration. + - key: source-user + title: Migration Source User + type: + presence: optional + content: The username of the user that the system migrated from the source system. + - key: start-time + title: Migration Start Time + type: + presence: optional + content: The RFC 3339 timestamp for when the system started migration. + - key: target-user + title: Migration Target User + type: + presence: optional + content: The username of the target user account on the destination system. + - key: total-data-size + title: Migration Total Data Size + type: + presence: optional + content: The total amount of data the system considers in scope for migration + from the source system. + - key: total-file-count + title: Migration Total File Count + type: + presence: optional + content: The number of files the system considers in scope for migration from + the source system. + - key: errors + title: Migration Errors + type: + presence: optional + content: The descriptions of migration errors that the system reports. + subkeys: + - key: _errors + type: diff --git a/declarative/status/migration-assistant.state.yaml b/declarative/status/migration-assistant.state.yaml new file mode 100644 index 0000000..5c04f12 --- /dev/null +++ b/declarative/status/migration-assistant.state.yaml @@ -0,0 +1,39 @@ +title: Status Migration Assistant State +description: The current migration state of the system. +payload: + statusitemtype: migration-assistant.state + supportedOS: + iOS: + introduced: n/a + macOS: + introduced: '26.4' + allowed-enrollments: + - supervised + allowed-scopes: + - system + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a +payloadkeys: +- key: migration-assistant.state + title: Migration Assistant State + type: + presence: required + rangelist: + - waiting + - migrating + - completed + - failed + - cancelled + - unknown + content: |- + The current migration state of the system, which has the following possible values: + - `none`: Migration has not started yet or no migration has taken place. + - `migrating`: Migration is in progress. + - `completed`: Migration has completed successfully. + - `failed`: Migration has failed. + - `cancelled`: The user cancelled migration. + - `unknown`: Migration status is unknown. diff --git a/declarative/status/softwareupdate.device-id.yaml b/declarative/status/softwareupdate.device-id.yaml index 427b927..f2418c2 100644 --- a/declarative/status/softwareupdate.device-id.yaml +++ b/declarative/status/softwareupdate.device-id.yaml @@ -27,7 +27,7 @@ payload: allowed-scopes: - system visionOS: - introduced: '26.0' + introduced: '26.4' allowed-enrollments: - supervised - device diff --git a/docs/errata.md b/docs/errata.md index 73ea487..be5b720 100644 --- a/docs/errata.md +++ b/docs/errata.md @@ -2,6 +2,24 @@ This document lists errata for the YAML schema. This is used when older versions of the schema are incorrect, and a fix was made in later schema to correct the problem. +## iOS 26.4 + +### other/skipkeys.yaml + +AgeAssurance and AgeBasedSafetySettings are not a valid skip key, these panes are always skipped on managed devices. + +## visionOS 26.4 + +### declarative/status/softwareupdate.device-id.yaml + +This status item was incorrectly marked as supported in 26.0. + +## macOS 26.4 + +### mdm/profiles/com.apple.familycontrols.contentfilter + +The capitalization of several keys was incorrect. + ## macOS 26.2 ### mdm/commands/remove-application.yaml diff --git a/mdm/checkin/returntoservice.yaml b/mdm/checkin/returntoservice.yaml index d8e9d17..96463f4 100644 --- a/mdm/checkin/returntoservice.yaml +++ b/mdm/checkin/returntoservice.yaml @@ -35,6 +35,17 @@ payloadkeys: content: The device's UDID (unique device identifier). The system requires this value if the enrollment type is a device enrollment. responsekeys: +- key: PreserveDataPlan + supportedOS: + iOS: + introduced: '26.4' + visionOS: + introduced: n/a + type: + presence: optional + default: false + content: If `true`, the device preserves the data plan on an iPhone or iPad with + eSIM functionality, if one exists. This value is available in iOS 26.4 and later. - key: ReturnToService type: presence: required diff --git a/mdm/profiles/com.apple.applicationaccess.yaml b/mdm/profiles/com.apple.applicationaccess.yaml index 41580f3..ade62cc 100644 --- a/mdm/profiles/com.apple.applicationaccess.yaml +++ b/mdm/profiles/com.apple.applicationaccess.yaml @@ -295,6 +295,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.4' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -302,6 +303,7 @@ payloadkeys: mode: forbidden macOS: introduced: '15.4' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: @@ -432,14 +434,17 @@ payloadkeys: supportedOS: iOS: introduced: '5.0' + deprecated: '26.4' macOS: introduced: '14.0' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: introduced: n/a visionOS: introduced: '2.0' + deprecated: '26.4' watchOS: introduced: n/a type: @@ -450,6 +455,7 @@ payloadkeys: supportedOS: iOS: introduced: '7.0' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -460,6 +466,7 @@ payloadkeys: visionOS: introduced: n/a watchOS: + deprecated: '26.4' supervised: true type: presence: optional @@ -471,12 +478,15 @@ payloadkeys: supportedOS: iOS: introduced: '5.1' + deprecated: '26.4' macOS: introduced: n/a tvOS: introduced: n/a visionOS: introduced: n/a + watchOS: + deprecated: '26.4' type: presence: optional default: true @@ -487,6 +497,7 @@ payloadkeys: supportedOS: iOS: introduced: 8.1.3 + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -1059,6 +1070,7 @@ payloadkeys: supportedOS: iOS: introduced: '13.0' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -1144,11 +1156,13 @@ payloadkeys: supportedOS: iOS: introduced: 8.1.3 + deprecated: '26.4' supervised: true userenrollment: mode: forbidden macOS: introduced: '10.11' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: @@ -1250,11 +1264,13 @@ payloadkeys: supportedOS: iOS: introduced: '10.3' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden macOS: introduced: '10.13' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: @@ -1302,6 +1318,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.3' + deprecated: '26.4' supervised: true allowmanualinstall: false sharedipad: @@ -1310,6 +1327,7 @@ payloadkeys: mode: forbidden macOS: introduced: '15.3' + deprecated: '26.4' allowmanualinstall: false userenrollment: mode: forbidden @@ -1317,6 +1335,7 @@ payloadkeys: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true allowmanualinstall: false userenrollment: @@ -1519,18 +1538,21 @@ payloadkeys: supportedOS: iOS: introduced: '18.2' + deprecated: '26.4' sharedipad: mode: forbidden userenrollment: mode: allowed macOS: introduced: '15.2' + deprecated: '26.4' userenrollment: mode: allowed tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' userenrollment: mode: allowed watchOS: @@ -1547,18 +1569,21 @@ payloadkeys: supportedOS: iOS: introduced: '18.2' + deprecated: '26.4' sharedipad: mode: forbidden userenrollment: mode: allowed macOS: introduced: '15.2' + deprecated: '26.4' userenrollment: mode: allowed tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' userenrollment: mode: allowed watchOS: @@ -1777,6 +1802,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.0' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -1784,12 +1810,14 @@ payloadkeys: mode: forbidden macOS: introduced: '15.0' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -1846,6 +1874,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.0' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -1853,12 +1882,14 @@ payloadkeys: mode: forbidden macOS: introduced: '15.0' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -1873,6 +1904,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.0' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -1884,6 +1916,7 @@ payloadkeys: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -2025,6 +2058,7 @@ payloadkeys: supportedOS: iOS: introduced: '9.0' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -2183,6 +2217,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.4' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -2190,12 +2225,14 @@ payloadkeys: mode: forbidden macOS: introduced: '15.4' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -2209,6 +2246,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.1' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -2216,12 +2254,14 @@ payloadkeys: mode: forbidden macOS: introduced: '15.1' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -2407,6 +2447,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.4' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -2414,6 +2455,7 @@ payloadkeys: mode: forbidden macOS: introduced: '15.4' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: @@ -2430,6 +2472,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.3' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -2437,6 +2480,7 @@ payloadkeys: mode: forbidden macOS: introduced: '15.3' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: @@ -2641,6 +2685,7 @@ payloadkeys: tvOS: introduced: '12.0' deprecated: '17.4' + removed: '26.4' supervised: true visionOS: introduced: n/a @@ -2700,6 +2745,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.0' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -2761,6 +2807,7 @@ payloadkeys: supportedOS: iOS: introduced: 8.1.3 + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -2817,6 +2864,8 @@ payloadkeys: presence: optional default: true content: If `false`, disables the prompt to set up new devices that are nearby. + Starting with iOS 26.3, this also prevents exporting iOS data to set up new Android + devices. - key: allowRadioService title: Allow iTunes Radio supportedOS: @@ -2964,6 +3013,29 @@ payloadkeys: is `false`, the Classroom app doesn't observe remote screens. Requires a supervised device until iOS 13 and macOS 10.15. Allowed for user enrollments in macOS 12 and later. +- key: allowRosettaUsageAwareness + supportedOS: + iOS: + introduced: n/a + macOS: + introduced: '26.4' + allowmanualinstall: false + userenrollment: + mode: forbidden + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If `false`, disables Rosetta usage awareness. When Rosetta usage awareness + is active, a pop-up dialog is displayed to the user when an app that is using + Rosetta is launched. The pop-up dialog indicates that Rosetta will be removed + in a future version of the operating system so that the user can contact the app + vendor regarding a replacement for the current app. - key: allowSafari title: Allow use of Safari supportedOS: @@ -3045,6 +3117,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.4' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -3052,12 +3125,14 @@ payloadkeys: mode: forbidden macOS: introduced: '15.4' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -3153,6 +3228,7 @@ payloadkeys: supportedOS: iOS: introduced: 8.1.3 + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -3462,6 +3538,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.3' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -3573,6 +3650,7 @@ payloadkeys: supportedOS: iOS: introduced: '18.0' + deprecated: '26.4' supervised: true sharedipad: mode: forbidden @@ -3580,12 +3658,14 @@ payloadkeys: mode: forbidden macOS: introduced: '15.0' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: introduced: n/a visionOS: introduced: '2.4' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden @@ -3922,11 +4002,13 @@ payloadkeys: supportedOS: iOS: introduced: '5.0' + deprecated: '26.4' supervised: true userenrollment: mode: forbidden macOS: introduced: '10.13' + deprecated: '26.4' userenrollment: mode: forbidden tvOS: @@ -4235,12 +4317,17 @@ payloadkeys: supportedOS: iOS: introduced: '14.5' + deprecated: '26.4' macOS: introduced: '14.0' + deprecated: '26.4' tvOS: introduced: n/a visionOS: introduced: '2.0' + deprecated: '26.4' + watchOS: + deprecated: '26.4' type: presence: optional default: false @@ -4250,12 +4337,15 @@ payloadkeys: supportedOS: iOS: introduced: '15.0' + deprecated: '26.4' macOS: introduced: n/a tvOS: introduced: n/a visionOS: introduced: n/a + watchOS: + deprecated: '26.4' type: presence: optional default: false @@ -4391,21 +4481,11 @@ payloadkeys: max: 1000 default: 1000 content: |- - The maximum level of app content allowed on the device. Preinstalled (first-party) apps ignore this restriction. - - Possible values, with the U.S. description of the rating level: - - - `1000`: All - - `600`: 17+ - - `300`: 12+ - - `200`: 9+ - - `100`: 4+ - - `0`: None + The maximum level of app content allowed on the device. Starting with iOS 26.2, this rating may apply to certain system apps. Age bands and the number of discrete age values vary by region, but the values are consistent across regions. For example, in a region that defines rating level 14+, its value is guaranteed to be larger than 300 (12+) and smaller than 600 (17+). Also, the value of rating level 15+ is guaranteed to be larger than the assigned value of rating level 14+. For more information about age ratings, see [Age ratings values and definitions](https://developer.apple.com/help/app-store-connect/reference/age-ratings-values-and-definitions). - Examples of values in other regions include: - + Below is the complete list of age rating values used across all App Store regions. - `1000`: All - `621`: 21+ - `620`: 20+ diff --git a/mdm/profiles/com.apple.familycontrols.contentfilter.yaml b/mdm/profiles/com.apple.familycontrols.contentfilter.yaml index fa4e316..05174f6 100644 --- a/mdm/profiles/com.apple.familycontrols.contentfilter.yaml +++ b/mdm/profiles/com.apple.familycontrols.contentfilter.yaml @@ -33,7 +33,7 @@ payloadkeys: presence: optional default: false content: If `true`, filters content automatically. -- key: allowlistEnabled +- key: allowListEnabled supportedOS: macOS: introduced: '15.2' @@ -48,8 +48,8 @@ payloadkeys: type: presence: optional default: false - content: Use `allowlistEnabled` instead. -- key: siteAllowlist + content: Use `allowListEnabled` instead. +- key: siteAllowList supportedOS: macOS: introduced: '15.2' @@ -58,9 +58,9 @@ payloadkeys: content: |- An array of sites that defines an allow list. If specified, this defines additional allowed sites besides those in the automated allow list and deny list, including disallowed adult sites. - This key is required if `allowlistEnabled` is `true`. + This key is required if `allowListEnabled` is `true`. subkeys: - - key: siteAllowlistItem + - key: siteAllowListItem type: content: A dictionary defining a site for the allow list. subkeys: @@ -78,7 +78,7 @@ payloadkeys: deprecated: '15.2' type: presence: optional - content: Use `siteAllowlist` instead. + content: Use `siteAllowList` instead. subkeys: - key: siteWhitelistItem type: @@ -92,7 +92,7 @@ payloadkeys: type: presence: optional content: The site page title. -- key: filterAllowlist +- key: filterAllowList supportedOS: macOS: introduced: '15.2' @@ -101,7 +101,7 @@ payloadkeys: content: The array of URLs that defines an allow list. When `restrictWeb` and `useContentFilter` are enabled, only URLs in the allow list are available to the user. subkeys: - - key: filterAllowlistItem + - key: filterAllowListItem type: presence: required content: An allowed site. @@ -111,13 +111,13 @@ payloadkeys: deprecated: '15.2' type: presence: optional - content: Use `filterAllowlist` instead. + content: Use `filterAllowList` instead. subkeys: - key: filterWhitelistItem type: presence: required content: An allowed site. -- key: filterDenylist +- key: filterDenyList supportedOS: macOS: introduced: '15.2' @@ -126,7 +126,7 @@ payloadkeys: content: The array of URLs that defines a deny list. When `restrictWeb` and `useContentFilter` are enabled, no URLs in the deny list are available to the user. subkeys: - - key: filterDenylistItem + - key: filterDenyListItem type: presence: required content: A disallowed site. @@ -136,7 +136,7 @@ payloadkeys: deprecated: '15.2' type: presence: optional - content: Use `filterDenylist` instead. + content: Use `filterDenyList` instead. subkeys: - key: filterBlacklistItem type: diff --git a/mdm/profiles/com.apple.fileproviderd.yaml b/mdm/profiles/com.apple.fileproviderd.yaml index da8b3ea..a0fbbfd 100644 --- a/mdm/profiles/com.apple.fileproviderd.yaml +++ b/mdm/profiles/com.apple.fileproviderd.yaml @@ -23,6 +23,38 @@ payload: watchOS: introduced: n/a payloadkeys: +- key: ManagementAllowsRemoteSyncing + supportedOS: + macOS: + introduced: '26.4' + devicechannel: true + userchannel: false + type: + presence: optional + default: true + content: If `false`, the device prevents the File Provider extension from using + synchronization in any app. Also, none of the other options will be evaluated. + Synchronization will be totally disabled for any application. +- key: ManagementRemoteSyncingAllowList + supportedOS: + macOS: + introduced: '26.4' + devicechannel: true + userchannel: false + type: + presence: optional + content: An array of strings representing the composed identifiers of apps. The + device allows the corresponding apps to use File Provider extension synchronization. + If present, and `ManagementAllowsRemoteSyncing` is set to `true`, the device allows + only the apps in this list to use synchronization. This key is ignored if `ManagementAllowsRemoteSyncing` + is set to `false`. If present, the other options will only be evaluated for the + apps in this list. The format of the app identifiers is "Bundle-ID (Team-ID)", + for example `com.example.app (ABCD1234)`. + subkeys: + - key: AllowListItem + type: + presence: required + content: A composed app identifier. The format is "Bundle.Identifier (TeamIdentifier)". - key: AllowManagedFileProvidersToRequestAttribution type: presence: optional @@ -63,3 +95,57 @@ payloadkeys: type: presence: required content: A composed app identifier. The format is "Bundle.Identifier (TeamIdentifier)". +- key: ManagementAllowsExternalVolumeSyncing + supportedOS: + macOS: + introduced: '26.4' + devicechannel: true + userchannel: false + type: + presence: optional + default: true + content: If `false`, the device only allows File Provider extension volume synchronization + for the system "home" volume and any data separated volume, and prevents synchronization + with any other volumes. If `true``, the device allows File Provider extension + volume synchronization for the system "home" volume, any data separated volume, + and any encrypted APFS volumes (on either internal or external media). +- key: ManagementExternalVolumeSyncingAllowList + supportedOS: + macOS: + introduced: '26.4' + devicechannel: true + userchannel: false + type: + presence: optional + content: An array of strings representing the composed identifiers of apps. The + device allows the corresponding apps to use File Provider extension volume synchronization. + If present, and `ManagementAllowsExternalVolumeSyncing` is set to `true`, the + device allows only the apps in this list to use volume synchronization. This key + is ignored if `ManagementAllowsExternalVolumeSyncing` is set to `false`. The format + of the app identifiers is "Bundle-ID (Team-ID)", for example `com.example.app + (ABCD1234)`. + subkeys: + - key: AllowListItem + type: + presence: required + content: A composed app identifier. The format is "Bundle.Identifier (TeamIdentifier)". +- key: ManagementDomainAutoEnablementList + supportedOS: + macOS: + introduced: '26.4' + devicechannel: true + userchannel: false + type: + presence: optional + content: An array of strings representing the composed identifiers of apps. The + device automatically enables the File Provider domains for the corresponding apps. + The device doesn't enable existing domains if enrollment happens after they are + created. The device doesn't prevent the user from disabling these File Provider + domains. Users need to manually enable File Provider domains in the Finder if + their corresponding apps aren't listed here. The format of the app identifiers + is "Bundle-ID (Team-ID)", for example `com.example.app (ABCD1234)`. + subkeys: + - key: AllowListItem + type: + presence: required + content: A composed app identifier. The format is "Bundle.Identifier (TeamIdentifier)". diff --git a/other/skipkeys.yaml b/other/skipkeys.yaml index 89b8df9..963a24e 100644 --- a/other/skipkeys.yaml +++ b/other/skipkeys.yaml @@ -51,34 +51,6 @@ payloadkeys: type: presence: optional content: The key to skip the Action Button configuration pane. -- key: AgeAssurance - title: Skip Age Assurance pane - supportedOS: - iOS: - introduced: '26.2' - macOS: - introduced: n/a - tvOS: - introduced: n/a - visionOS: - introduced: n/a - type: - presence: optional - content: The key to skip the Age Assurance pane. -- key: AgeBasedSafetySettings - title: Skip Age Based Safety Settings pane - supportedOS: - iOS: - introduced: '26.1' - macOS: - introduced: n/a - tvOS: - introduced: n/a - visionOS: - introduced: n/a - type: - presence: optional - content: The key to skip the Age Based Safety Settings pane. - key: Android title: Prevents migration from Android device supportedOS: