CalvinBackup/apple_device-management
1
0
Fork 0
mirror of https://github.com/apple/device-management.git synced 2026-05-27 01:32:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release_iOS-18-4_macOS-15-4

Browse Source
This commit is contained in:
Cyrus Daboo
2025-04-02 20:05:30 -04:00
parent 2e6673873e
commit 7d4ba1a2bd
35 changed files with 755 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+5 -5
View File
@@ -8,11 +8,11 @@ This release corresponds to the following OS versions
| OS | Version |
|----------|---------|
| iOS | 18.3 |
| macOS | 15.3 |
| tvOS | 18.3 |
| visionOS | 2.3 |
| watchOS | 11.3 |
| iOS | 18.4 |
| macOS | 15.4 |
| tvOS | 18.4 |
| visionOS | 2.4 |
| watchOS | 11.4 |
## Important Release Notes
declarative/declarations/configurations/account.exchange.yaml
+1 -3
View File
@@ -75,9 +75,7 @@ payloadkeys:
title: Server Host Name
type: <string>
presence: optional
content: The hostname of the EWS server (or IP address). This is a required field
on iOS and visionOS, unless the declaration contains an 'OAuth' property, with
'Enabled' set to 'true' and without a 'SignInURL'.
content: Specifies the Exchange server host name (or IP address).
- key: Port
title: Server Port
supportedOS:
declarative/declarations/configurations/app.managed.yaml
+194 -2
View File
@@ -19,11 +19,16 @@ payload:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
allowed-enrollments:
- supervised
- device
- user
allowed-scopes:
- system
watchOS:
introduced: n/a
apply: multiple
beta: true
payloadkeys:
- key: AppStoreID
title: App Store ID
@@ -90,6 +95,8 @@ payloadkeys:
removed: '18.0'
macOS:
removed: '15.0'
visionOS:
introduced: n/a
type: <string>
presence: optional
rangelist:
@@ -136,6 +143,9 @@ payloadkeys:
content: If 'true', the system enables direct downloads for the 'AssociatedDomains'.
- key: CellularSliceUUID
title: Cellular Slice UUID
supportedOS:
visionOS:
introduced: n/a
type: <string>
presence: optional
content: The cellular slice identifier, which can be the data network name (DNN)
@@ -152,6 +162,31 @@ payloadkeys:
type: <string>
presence: optional
content: The UUID of the DNS proxy to associate with the app.
- key: Hideable
title: Hideable
supportedOS:
iOS:
introduced: '18.1'
visionOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the user cannot hide the app. It does not affect the user's
ability to leave it in the App Library, while removing it from the home screen.
- key: Lockable
title: Lockable
supportedOS:
iOS:
introduced: '18.1'
visionOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If `false`, the user cannot lock or hide the app. Because hiding an app
also requires locking it, disallowing the user from locking the app will also
prevent the user from hiding it.
- key: RelayUUID
title: Relay UUID
type: <string>
@@ -159,6 +194,9 @@ payloadkeys:
content: The UUID of the relay to associate with the app.
- key: TapToPayScreenLock
title: Tap to Pay Screen Lock
supportedOS:
visionOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
@@ -169,6 +207,160 @@ payloadkeys:
type: <string>
presence: optional
content: The UUID of the VPN to associate with the app.
- key: AppConfig
title: App Config
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary of app config data and credentials.
subkeytype: AppConfigDictionary
subkeys: &id001
- key: DataAssetReference
title: App/Extension Config Data Asset Reference
type: <string>
assettypes:
- com.apple.asset.data
asset-content-types:
- application/plist
- application/x-plist
- application/xml
- text/xml
presence: optional
content: Specifies the identifier of an asset declaration containing a reference
to the app/extension config data. The corresponding asset must be of type "com.apple.asset.data".
The referenced data must be a property list file, and the asset's "ContentType"
value should be set to match the data type.
- key: Passwords
title: Password App/Extension Configs.
type: <array>
presence: optional
content: Provides passwords to the managed app/extension. Each element in the
array contains a password asset reference and an associated identifier, which
the app/extension may use to look up the password.
subkeytype: CredentialConfig
subkeys:
- key: PasswordAppConfigItem
type: <dictionary>
presence: required
subkeys:
- key: Identifier
title: Password Identifier
type: <string>
presence: required
content: The app/extension uses this identifier to fetch the corresponding
password using the ManagedApp framework. App developers will define what
values can be used for these identifiers.
- key: AssetReference
title: Asset Reference
type: <string>
assettypes:
- com.apple.asset.credential.userpassword
presence: required
content: Specifies the identifier of an asset declaration containing a user
name and password. The password is made available to the managed app/extension.
The user name is ignored.
- key: Identities
title: Identity App/Extension Configs.
type: <array>
presence: optional
content: Provides identities to the managed app/extension. Each element in the
array contains an identity asset reference and an associated identifier, which
the app/extension may use to look up the identity.
subkeytype: CredentialConfig
subkeys:
- key: IdentityAppConfigItem
type: <dictionary>
presence: required
subkeys:
- key: Identifier
title: Identity Identifier
type: <string>
presence: required
content: The app/extension uses this identifier to fetch the corresponding
identity using the ManagedApp framework. App developers will define what
values can be used for these identifiers.
- key: AssetReference
title: Asset Reference
type: <string>
assettypes:
- com.apple.asset.credential.identity
- com.apple.asset.credential.scep
- com.apple.asset.credential.acme
presence: required
content: Specifies the identifier of an asset declaration containing an identity
that is made available to the managed app/extension.
- key: Certificates
title: Certificate App/Extension Configs.
type: <array>
presence: optional
content: Provides certificates to the managed app/extension. Each element in the
array contains a certificate asset reference and an associated identifier, which
the app/extension may use to look up the certificate.
subkeytype: CredentialConfig
subkeys:
- key: CertificateAppConfigItem
type: <dictionary>
presence: required
subkeys:
- key: Identifier
title: Certificate Identifier
type: <string>
presence: required
content: The app/extension uses this identifier to fetch the corresponding
certificate using the ManagedApp framework. App developers will define what
values can be used for these identifiers.
- key: AssetReference
title: Asset Reference
type: <string>
assettypes:
- com.apple.asset.credential.certificate
presence: required
content: Specifies the identifier of an asset declaration containing a certificate
that is made available to the managed app/extension.
- key: ExtensionConfigs
title: Extension Configs
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: n/a
type: <dictionary>
presence: optional
content: A dictionary of extension config data and credentials.
subkeys:
- key: ANY
title: Extension Composed Identifier
type: <dictionary>
presence: optional
content: A dictionary mapping extension composed identifiers to the extension
config data and credentials. The expected format is "Identifier (TeamIdentifier)".
subkeytype: AppConfigDictionary
subkeys: *id001
- key: LegacyAppConfigAssetReference
title: App Config MDMv1 Asset Reference
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: n/a
type: <string>
assettypes:
- com.apple.asset.data
asset-content-types:
- application/plist
- application/x-plist
- application/xml
- text/xml
presence: optional
content: Specifies the identifier of an asset declaration containing a reference
to the app config data. This app config data is applied and made available to
the app using the traditional MDMv1 behavior. The corresponding asset must be
of type "com.apple.asset.data". The referenced data must be a property list file,
and the asset's "ContentType" value should be set to match the data type.
related-status-items:
- status-items:
- app.managed.list
declarative/declarations/configurations/softwareupdate.enforcement.specific.yaml
+6 -1
View File
@@ -20,7 +20,12 @@ payload:
allowed-scopes:
- system
tvOS:
introduced: n/a
introduced: '18.4'
allowed-enrollments:
- supervised
- device
allowed-scopes:
- system
visionOS:
introduced: n/a
watchOS:
declarative/declarations/configurations/softwareupdate.settings.yaml
+35 -1
View File
@@ -20,7 +20,12 @@ payload:
allowed-scopes:
- system
tvOS:
introduced: n/a
introduced: '18.4'
allowed-enrollments:
- supervised
- device
allowed-scopes:
- system
visionOS:
introduced: n/a
watchOS:
@@ -42,6 +47,9 @@ payloadkeys:
iOS:
allowed-enrollments:
- supervised
tvOS:
allowed-enrollments:
- supervised
type: <dictionary>
presence: optional
content: This object configures the deferral of software updates. Rapid Security
@@ -66,6 +74,8 @@ payloadkeys:
supportedOS:
iOS:
introduced: n/a
tvOS:
introduced: n/a
type: <integer>
presence: optional
range:
@@ -80,6 +90,8 @@ payloadkeys:
supportedOS:
iOS:
introduced: n/a
tvOS:
introduced: n/a
type: <integer>
presence: optional
range:
@@ -95,6 +107,8 @@ payloadkeys:
supportedOS:
iOS:
introduced: n/a
tvOS:
introduced: n/a
type: <integer>
presence: optional
range:
@@ -109,6 +123,8 @@ payloadkeys:
supportedOS:
macOS:
introduced: n/a
tvOS:
introduced: n/a
type: <string>
presence: optional
rangelist:
@@ -127,12 +143,18 @@ payloadkeys:
iOS:
allowed-enrollments:
- supervised
tvOS:
allowed-enrollments:
- supervised
type: <dictionary>
presence: optional
content: This object configures various automatic Software Update functionality.
subkeys:
- key: Download
title: Automatic downloads of available updates.
supportedOS:
tvOS:
introduced: n/a
type: <string>
presence: optional
rangelist:
@@ -166,6 +188,8 @@ payloadkeys:
supportedOS:
iOS:
introduced: n/a
tvOS:
introduced: n/a
type: <string>
presence: optional
rangelist:
@@ -185,6 +209,8 @@ payloadkeys:
iOS:
allowed-enrollments:
- supervised
tvOS:
introduced: n/a
type: <dictionary>
presence: optional
content: These configurations set user access to interacting with Rapid Security
@@ -213,6 +239,8 @@ payloadkeys:
supportedOS:
iOS:
introduced: n/a
tvOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
@@ -223,6 +251,12 @@ payloadkeys:
- key: Beta
supportedOS:
macOS:
introduced: '15.4'
allowed-enrollments:
- supervised
allowed-scopes:
- system
tvOS:
introduced: n/a
type: <dictionary>
presence: optional
declarative/status/app.managed.list.yaml
+73 -17
View File
@@ -19,10 +19,15 @@ payload:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
allowed-enrollments:
- supervised
- device
- user
allowed-scopes:
- system
watchOS:
introduced: n/a
beta: true
payloadkeys:
- key: app.managed.list
title: Status item value.
@@ -121,8 +126,57 @@ payloadkeys:
* 'prompting-for-update-login': The system is displaying an App Store sign-in prompt to the user to allow app installation.
* 'updating': The app is updating.
* 'failed': The app update failed.
This key is only present if 'state' is 'managed' and an update is available.
- key: config-state
title: Managed application configuration status
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: n/a
type: <dictionary>
presence: optional
content: The status of app or extension managed configurations. This key is
only present when managed configurations are available for the managed app
or any of its extensions.
subkeytype: ManagedConfiguration
subkeys:
- key: app-config-state
title: Application managed configuration status
type: <dictionary>
presence: optional
content: The status of any app managed configuration. This key is only present
when the managed app has a managed configuration.
subkeytype: ManagedConfigurationState
subkeys: &id001
- key: state
title: Managed configuration status
type: <string>
presence: required
rangelist:
- unknown
- invalid
- valid
content: |-
The managed configuration status.
* 'unknown' - the managed configuration has not been read
* 'invalid' - the managed configuration was read and deemed to be invalid
* 'valid' - the managed configuration was read and deemed to be valid
- key: extension-config-state
title: Extensions managed configuration status
type: <dictionary>
presence: optional
content: The status of any app extension managed configuration. This key's
value is a dictionary whose keys are the bundle identifiers of app extensions
that have a managed configuration. The values of each key represent the
status of the corresponding app extension's managed configuration.
subkeys:
- key: ANY
type: <dictionary>
presence: optional
content: The bundle identifier of the managed app extension.
subkeytype: ManagedConfigurationState
subkeys: *id001
- key: reasons
title: Status Reasons
type: <array>
@@ -158,34 +212,36 @@ payloadkeys:
presence: optional
content: Additional keys may be present.
reasons:
- value: Error.UnmanagedAppAlreadyInstalled
description: An unmanaged app is already installed and cannot be managed.
- value: Error.DuplicateConfiguredApp
description: The app is already being managed.
- value: Error.UserRejected
description: The user rejected management of the app.
- value: Error.AppStoreDisabled
description: The App Store is disabled.
- value: Error.LicenseNotFound
description: A license for the app was not available.
- value: Error.InvalidAppID
description: The app id could not be found.
- value: Error.NotAnApp
description: The downloaded data is not a valid app.
- value: Error.NotSupported
description: The app is not supported on this device.
- value: Error.DownloadFailed
description: The app download failed.
details:
- key: Timestamp
type: <string>
description: The RFC 3339 timestamp of the last download failure.
- value: Error.DuplicateConfiguredApp
description: The app is already being managed.
- value: Error.InstallFailed
description: The app install failed.
details:
- key: Timestamp
type: <string>
description: The RFC 3339 timestamp of the last install failure.
- value: Error.InvalidAppID
description: The app id could not be found.
- value: Error.IsSystemApp
description: The app is a system app that cannot be managed.
- value: Error.LicenseNotFound
description: A license for the app was not available.
- value: Error.NotAnApp
description: The downloaded data is not a valid app.
- value: Error.NotSupported
description: The app is not supported on this device.
- value: Error.UnmanagedAppAlreadyInstalled
description: An unmanaged app is already installed and cannot be managed.
- value: Error.UserRejected
description: The user rejected management of the app.
- value: Info.UpdateAvailable
description: An update is available for the app.
- value: Error.UpdateFailed
declarative/status/device.power.battery-health.yaml
+1 -1
View File
@@ -47,4 +47,4 @@ payloadkeys:
* 'unknown': The system couldn't determine battery health information.
* 'unsupported': The device doesn't support battery health reporting.
Available in iOS 17 and later on iPhone only, and macOS 14.4 and later on Apple silicon Mac computers. iPad and Intel-based Macs return 'unsupported'.
Available in iOS 17 and later on iPhone, iPadOS 18.4 and later on supported iPad models, and macOS 14.4 and later on Apple silicon Mac computers.
declarative/status/softwareupdate.device-id.yaml
+6 -1
View File
@@ -20,7 +20,12 @@ payload:
allowed-scopes:
- system
tvOS:
introduced: n/a
introduced: '18.4'
allowed-enrollments:
- supervised
- device
allowed-scopes:
- system
visionOS:
introduced: n/a
watchOS:
declarative/status/softwareupdate.failure-reason.yaml
+6 -1
View File
@@ -20,7 +20,12 @@ payload:
allowed-scopes:
- system
tvOS:
introduced: n/a
introduced: '18.4'
allowed-enrollments:
- supervised
- device
allowed-scopes:
- system
visionOS:
introduced: n/a
watchOS:
declarative/status/softwareupdate.install-reason.yaml
+6 -1
View File
@@ -20,7 +20,12 @@ payload:
allowed-scopes:
- system
tvOS:
introduced: n/a
introduced: '18.4'
allowed-enrollments:
- supervised
- device
allowed-scopes:
- system
visionOS:
introduced: n/a
watchOS:
declarative/status/softwareupdate.install-state.yaml
+6 -1
View File
@@ -20,7 +20,12 @@ payload:
allowed-scopes:
- system
tvOS:
introduced: n/a
introduced: '18.4'
allowed-enrollments:
- supervised
- device
allowed-scopes:
- system
visionOS:
introduced: n/a
watchOS:
declarative/status/softwareupdate.pending-version.yaml
+6 -1
View File
@@ -20,7 +20,12 @@ payload:
allowed-scopes:
- system
tvOS:
introduced: n/a
introduced: '18.4'
allowed-enrollments:
- supervised
- device
allowed-scopes:
- system
visionOS:
introduced: n/a
watchOS:
docs/errata.md
+13
View File
@@ -2,6 +2,19 @@
This document lists errata for the YAML schema. This is used when older versions of the schema are incorrect, and a fix was made in later schema to correct the problem.
## iOS 18.4 / macOS 15.4
Added AuthName, AuthPassword and RemoteAddress keys to VPN subkey that were previously missing
Removed Password key from VPN subkey that was incorrectly added
## iOS 18.4
Adjusted supportedOS information for Shared iPad for a number of restrictions
Hideable and Lockable attributes in the app.managed configuration were missing - originally added in 18.1.
## macOS 15.2
Added missing supervised key to macOS across profiles and commands
docs/schema.md
+1 -1
View File
@@ -267,6 +267,6 @@ The `subkeys` sequence in a `<array>` container defines the type of items in the
* if the single item's type is a scalar type, then the array is a list of items with elements matching the scalar type (e.g. an array of `<string>` values). In some cases the scalar type may have a `subkeys` key, and each element of that sequence defines a possible value for the scalar type in the array.
* if the single item's type is `<dictionary>`, then the array is a list of dictionary items, with each dictionary conforming to the schema defined by the `subkeys` item of the single item (e.g., an array of `<dictionary>` values). Note that the single item `<dictionary>` is only a place holder for the keys used in the `<dictionary>` array items, and as such does not itself appear as the an array item.
* if the single item's type is `<dictionary>`, then the array is a list of dictionary items, with each dictionary conforming to the schema defined by the `subkeys` item of the single item (e.g., an array of `<dictionary>` values). Note that the single item `<dictionary>` is only a place holder for the keys used in the `<dictionary>` array items, and as such does not itself appear as an array item.
* if the single item's type is `<array>`, then the array is a list of array items, with each array item conforming to the schema defined for an `<array>` container as described in this section.
mdm/commands/application.install.yaml
-2
View File
@@ -105,11 +105,9 @@ payloadkeys:
- 5
content: |-
A bitwise OR of the management flags. The possible values are:
* '1': If 'InstallAsManaged' is 'true', remove the app upon removal of the MDM profile.
* '4': Prevent backup of app data.
* '5': Both '1' and '4'.
Available in iOS 5 and later, macOS 11 and later, and tvOS 10.2 and later.
- key: Configuration
supportedOS:
mdm/commands/application.managed.list.yaml
+6 -3
View File
@@ -52,9 +52,12 @@ payloadkeys:
introduced: '7.0'
type: <array>
presence: optional
content: |-
The bundle identifiers of the managed apps to include in the response.
For a watchOS app, the identifier needs to be the watch's bundle identifier, which differs from the main bundle identifier for the iPhone to which the watch is paired. Obtain the watch's bundle identifier for an app with a watch bundle, in the 'watchBundleId' key that's part of the Content Metadata query. For more information on this query, see Getting App and Book Information (Legacy).
content: The bundle identifiers of the managed apps to include in the response.
For a watchOS app, the identifier needs to be the watch's bundle identifier, which
differs from the main bundle identifier for the iPhone to which the watch is paired.
Obtain the watch's bundle identifier for an app with a watch bundle, in the 'watchBundleId'
key that's part of the Content Metadata query. For more information on this query,
see Getting App and Book Information (Legacy).
subkeys:
- key: IdentifiersItem
type: <string>
mdm/commands/information.device.yaml
+2 -5
View File
@@ -2085,12 +2085,10 @@ responsekeys:
- 3
content: |-
The cellular technology type, which is one of the following values:
* '0': None
* '1': GSM
* '2': CDMA
* '3': GSM and CDMA
Requires the Device Information access right. Available in iOS 4.2.6 and later.
- key: BatteryLevel
supportedOS:
@@ -2315,9 +2313,8 @@ responsekeys:
removed: '15.0'
type: <string>
presence: optional
content: The result code of last software update scan; '”0”' = success. This
value is available in macOS 10.11 and later. This key was removed in macOS
15 as it has been unsupported since macOS 11.
content: The result code of last software update scan; '0' = success. This value
is available in macOS 10.11 and no longer available in macOS 15 and later.
- key: PerformPeriodicCheck
type: <boolean>
content: If 'true', start a new scan. This value is available in macOS 10.11
mdm/commands/settings.yaml
+18 -2
View File
@@ -92,11 +92,9 @@ payloadkeys:
- 3
content: |-
A number that indicates where to use the wallpaper, which is one of the following values:
* '1': Lock screen
* '2': Home screen
* '3': Both lock and home screens.
In iOS 16 and later, and iPadOS 17 and later, when you set the wallpaper for the first time, the system sets both the lock screen and home screen. After that, you can separately set each location.
- key: DataRoaming
supportedOS:
@@ -723,6 +721,24 @@ payloadkeys:
here overrides the value specified in MDM, and only applies when 'BootstrapTokenAllowedForAuthentication'
is 'true' in the SecurityInfoResponse.SecurityInfo response. This value
is available for Apple silicon in macOS 11 and later.
- key: IdleRebootAllowed
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If true, device will automatically reboot while locked after several
days of inactivity. This will be turned off by default upon enrollment on
supervised devices.
- key: MaximumResidentUsers
supportedOS:
iOS:
mdm/profiles/com.apple.DiscRecording.yaml
+1 -1
View File
@@ -34,5 +34,5 @@ payloadkeys:
Configure disc-burn. Allowed values:
* 'off': The system disables disc burning.
* 'on': The system allows normal default operation. Setting this key to 'on' doesn't enable disc burn support if other mechanisms or preferences disabled it. Needs to be enabled with the Finder profile
* 'on': The system allows normal default operation. Setting this key to 'on' doesn't enable disc burn support if other mechanisms or preferences disabled it. Needs to be enabled with the Finder profile.
* 'authenticate': The system requires authentication.
mdm/profiles/com.apple.MCX.FileVault2.yaml
+1 -1
View File
@@ -100,7 +100,7 @@ payloadkeys:
content: The maximum number of times users can bypass enabling FileVault before
the system requires the user to enable it to log in. If the value is '0', the
system requires the user to enable FileVault the next time they attempt to log
in. Set this key to '1' to disable this feature.
in. Set this key to '-1' to disable this feature.
- key: DeferDontAskAtUserLogout
supportedOS:
macOS:
mdm/profiles/com.apple.applicationaccess.yaml
+244 -26
View File
@@ -299,10 +299,37 @@ payloadkeys:
content: |-
If 'false', the system disables the App Store, and the system removes its icon from the Home screen. Users are unable to install or update their apps. This applies to App Store apps, marketplace apps, and locally installed apps (using Configurator, Xcode, etc).
In iOS 10 and later, MDM commands can override this restriction. Available in iOS 4 and later, and watchOS 10 and later. Requires a supervised device in iOS 13 and later, and watchOS.
- key: allowAppleIntelligenceReport
title: Allow Apple Intelligence Report
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If 'false', the system disables Apple Intelligence reports. Available in
iOS 18.4 and later, and macOS 15.4 and later.
- key: allowApplePersonalizedAdvertising
supportedOS:
iOS:
introduced: '14.0'
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
@@ -350,6 +377,8 @@ payloadkeys:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
@@ -372,6 +401,8 @@ payloadkeys:
iOS:
introduced: '18.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
@@ -554,6 +585,8 @@ payloadkeys:
supportedOS:
iOS:
introduced: '14.5'
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
@@ -1101,6 +1134,50 @@ payloadkeys:
content: If 'false', disables default browser preference modification. The MDM Settings
command to set the default browser preference will still work when this is applied.
Available in iOS 18.2 and later, and visionOS 2.2 and later.
- key: allowDefaultCallingAppModification
title: Allow default calling app modification
supportedOS:
iOS:
introduced: '18.4'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If 'false', disables default calling app preference modification. The MDM
Settings command to set the default calling app preference still works when this
is applied. Available in iOS 18.4 and later.
- key: allowDefaultMessagingAppModification
title: Allow default messaging app modification
supportedOS:
iOS:
introduced: '18.4'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If 'false', disables default messaging app preference modification. The
MDM Settings command to set the default messaging app preference still works when
this is applied. Available in iOS 18.4 and later.
- key: allowDefinitionLookup
title: Allow Define
supportedOS:
@@ -1255,17 +1332,21 @@ payloadkeys:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
supervised: true
allowmanualinstall: false
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <array>
presence: optional
content: Array of strings, but currently restricted to a single element. If present,
Apple Intelligence will only allow the given external integration workspace ID
to be used, and will require a sign-in in order to make requests; the user will
be required to sign in to integrations that support signing in. Multiple payloads
will combine using an intersect operation. This means the allowed set of workspace
IDs can become the empty set if conflicting values are specified in multiple payloads.
content: An array of strings, but currently restricted to a single element. If present,
Apple Intelligence only allows the given external integration workspace ID to
be used, and requires a sign-in to make requests; the user will be required to
sign in to integrations that support signing in. Multiple payloads combine using
an intersect operation. This means the allowed set of workspace IDs can become
the empty set if conflicting values are specified in multiple payloads.
subkeys:
- key: allowedWorkspaceID
title: Allowed Workspace ID
@@ -1276,6 +1357,8 @@ payloadkeys:
iOS:
introduced: '8.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
@@ -1457,7 +1540,6 @@ payloadkeys:
supportedOS:
iOS:
introduced: '18.2'
supervised: false
sharedipad:
mode: forbidden
userenrollment:
@@ -1469,7 +1551,9 @@ payloadkeys:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
userenrollment:
mode: allowed
watchOS:
introduced: n/a
type: <boolean>
@@ -1485,19 +1569,20 @@ payloadkeys:
supportedOS:
iOS:
introduced: '18.2'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
mode: allowed
macOS:
introduced: '15.2'
userenrollment:
mode: forbidden
mode: allowed
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
userenrollment:
mode: allowed
watchOS:
introduced: n/a
type: <boolean>
@@ -1575,6 +1660,8 @@ payloadkeys:
iOS:
introduced: '13.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
@@ -1597,6 +1684,8 @@ payloadkeys:
iOS:
introduced: '13.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
@@ -1692,6 +1781,8 @@ payloadkeys:
iOS:
introduced: '6.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
@@ -1727,7 +1818,10 @@ payloadkeys:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
@@ -1795,7 +1889,10 @@ payloadkeys:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
@@ -1818,7 +1915,10 @@ payloadkeys:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
@@ -2118,6 +2218,33 @@ payloadkeys:
default: true
content: If 'false', the system disables Mail Privacy Protection on the device.
Requires a supervised device. Available in iOS 15.2 and later.
- key: allowMailSmartReplies
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If 'false', disables smart replies in Mail. Available in iOS 18.2 and later,
and macOS 15.2 and later.
- key: allowMailSummary
supportedOS:
iOS:
@@ -2134,7 +2261,10 @@ payloadkeys:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
@@ -2192,6 +2322,8 @@ payloadkeys:
iOS:
introduced: '17.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
@@ -2316,6 +2448,30 @@ payloadkeys:
default: true
content: If 'false', the system disables NFC. Requires a supervised device. Available
in iOS 14.2 and later.
- key: allowNotesTranscription
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If 'false', disables transcription in Notes. Available in iOS 18.2 and
later, and macOS 15.2 and later.
- key: allowNotesTranscriptionSummary
supportedOS:
iOS:
@@ -2338,7 +2494,8 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: If false, disables transcription summarization in Notes.
content: If 'false', disables transcription summarization in Notes. Available in
iOS 18.3 and later, and macOS 15.3 and later.
- key: allowNotificationsModification
title: Allow Modifying Notifications Settings
supportedOS:
@@ -2468,6 +2625,8 @@ payloadkeys:
iOS:
introduced: '9.0'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
@@ -2533,6 +2692,7 @@ payloadkeys:
mode: forbidden
tvOS:
introduced: '12.0'
deprecated: '17.4'
supervised: true
visionOS:
introduced: n/a
@@ -2543,7 +2703,8 @@ payloadkeys:
default: true
content: If 'false', the system disables requesting passwords from nearby devices.
Available in iOS 12 and later, macOS 10.14 and later, and tvOS 12 and later. Requires
a supervised device in iOS and tvOS.
a supervised device in iOS and tvOS. Deprecated on tvOS 17.4 or later as guest
password sharing is no longer supported.
- key: allowPasswordSharing
supportedOS:
iOS:
@@ -2701,6 +2862,8 @@ payloadkeys:
iOS:
introduced: '11.0'
supervised: true
sharedipad:
mode: ignored
userenrollment:
mode: forbidden
macOS:
@@ -2885,6 +3048,33 @@ payloadkeys:
removes its icon from the Home screen. This setting also prevents users from opening
web clips. As of iOS 13, requires a supervised device. Available in iOS 4 and
later.
- key: allowSafariSummary
supportedOS:
iOS:
introduced: '18.4'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
introduced: '15.4'
userenrollment:
mode: forbidden
tvOS:
introduced: n/a
visionOS:
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If 'false', the system disables the ability to summarize content in Safari.
Available in iOS 18.2 and later, and macOS 15.2 and later.
- key: allowSatelliteConnection
title: Allow use of satellite connectivity
supportedOS:
@@ -2906,7 +3096,8 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: If false, the connection to and use of satellite services is prohibited.
content: If 'false', the system prohibits the connection to and use of satellite
services. Available in iOS 18.2 and later.
- key: allowScreenShot
title: Allow Screenshots and Screen Recording
supportedOS:
@@ -2930,6 +3121,8 @@ payloadkeys:
iOS:
introduced: '13.4'
supervised: true
sharedipad:
mode: required
userenrollment:
mode: forbidden
macOS:
@@ -3256,6 +3449,27 @@ payloadkeys:
default: true
content: If 'false', the system hides the FaceTime app. Available in iOS 4 and later.
Requires a supervised device in iOS 13 and later.
- key: allowVideoConferencingRemoteControl
title: Allow Video Conferencing Remote Control
supportedOS:
iOS:
introduced: '18.4'
supervised: true
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: When false, disables the ability for a remote FaceTime session to request
control of the device.
- key: allowVisualIntelligenceSummary
title: Allow Visual Intelligence Summary
supportedOS:
@@ -3277,7 +3491,8 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: When false, disables visual intelligence summarization.
content: If 'false', the system disables visual intelligence summarization. Available
in iOS 18.3 and later.
- key: allowVoiceDialing
title: Allow Voice Dialing While Device is Locked
supportedOS:
@@ -3351,6 +3566,8 @@ payloadkeys:
iOS:
introduced: '17.5'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
@@ -3383,7 +3600,10 @@ payloadkeys:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.4'
supervised: true
userenrollment:
mode: forbidden
watchOS:
introduced: n/a
type: <boolean>
@@ -4022,6 +4242,8 @@ payloadkeys:
iOS:
introduced: '17.2'
supervised: true
sharedipad:
mode: forbidden
userenrollment:
mode: forbidden
macOS:
@@ -4147,7 +4369,6 @@ payloadkeys:
content: |-
The maximum level of app content allowed on the device. Preinstalled (first party) apps ignore this restriction. Available in iOS 4.0 and later, macOS 15 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated.
Possible values, with the US description of the rating level:
* '1000': All
* '600': 17+
* '300': 12+
@@ -4179,7 +4400,6 @@ payloadkeys:
content: |-
The maximum level of movie content allowed on the device. Available in iOS 4.0 and later, macOS 15 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated.
Possible values, with the US description of the rating level:
* '1000': All
* '500': NC-17
* '400': R
@@ -4234,7 +4454,6 @@ payloadkeys:
content: |-
The maximum level of TV content allowed on the device. Available in iOS 4.0 and later, macOS 15 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated.
Possible values, with the US description of the rating level:
* '1000': All
* '600': TV-MA
* '500': TV-14
@@ -4284,7 +4503,6 @@ payloadkeys:
default: 2.0
content: |-
Defines the conditions under which the device accepts cookies. The user-facing settings changed in iOS 11, although the possible values remain the same. Available in iOS 4 and later. Support for this restriction on unsupervised devices is deprecated. Allowed values:
* '0': Enables Prevent Cross-Site Tracking and Block All Cookies, and the user canʼt disable either setting.
* '1' or '1.5': Enables Prevent Cross-Site Tracking, and the user canʼt disable it. Doesn't enable Block All Cookies, but the user can enable it.
* '2': Enables Prevent Cross-Site Tracking but doesn't enable Block All Cookies. The user can toggle either setting.
mdm/profiles/com.apple.cellular.yaml
-5
View File
@@ -72,7 +72,6 @@ payloadkeys:
- 3
content: |-
The Internet Protocol versions that the system supports. Allowed values:
* '1': IPv4
* '2': IPv6
* '3': Both
@@ -135,7 +134,6 @@ payloadkeys:
- 3
content: |-
The default Internet Protocol versions. Available in iOS 10.3 but no longer used in iOS 11 and later. Allowed values:
* '1': IPv4
* '2': IPv6
* '3': Both
@@ -152,7 +150,6 @@ payloadkeys:
- 3
content: |-
The Internet Protocol versions that the system supports. Available in iOS 10.3 and later. Allowed values:
* '1': IPv4
* '2': IPv6
* '3': Both
@@ -169,7 +166,6 @@ payloadkeys:
- 3
content: |-
The Internet Protocol versions that the system supports while roaming. Available in iOS 10.3 and later. Allowed values:
* '1': IPv4
* '2': IPv6
* '3': Both
@@ -186,7 +182,6 @@ payloadkeys:
- 3
content: |-
The Internet Protocol versions that the system supports while roaming. Available in iOS 10.3 and later. Allowed values:
* '1': IPv4
* '2': IPv6
* '3': Both
mdm/profiles/com.apple.configurationprofile.identification.yaml
+1
View File
@@ -6,6 +6,7 @@ payload:
introduced: n/a
macOS:
introduced: '10.7'
deprecated: '15.4'
multiple: false
devicechannel: true
userchannel: true
mdm/profiles/com.apple.dnsSettings.managed.yaml
-1
View File
@@ -111,7 +111,6 @@ payloadkeys:
- EvaluateConnection
content: |-
The action to take if this dictionary matches the current network. Allowed values:
* 'Connect': Apply DNS Settings when the dictionary matches.
* 'Disconnect': Don't apply DNS Settings when the dictionary matches.
* 'EvaluateConnection': Apply DNS Settings with per-domain exceptions when the dictionary matches.
mdm/profiles/com.apple.eas.account.yaml
+1 -3
View File
@@ -41,9 +41,7 @@ payloadkeys:
title: Exchange ActiveSync Host
type: <string>
presence: optional
content: |-
The Exchange server host name or IP address.
If using OAuth without an OAuthSignInURL, the host name is ignored.
content: The Exchange server host name or IP address.
- key: SSL
title: Use SSL
type: <boolean>
mdm/profiles/com.apple.extensiblesso(kerberos).yaml
+1 -2
View File
@@ -381,8 +381,7 @@ payloadkeys:
* 'always': The system always uses the credential if the SPN matches the Kerberos Extension 'Hosts' array and the caller hasn't specified another credential. However, the system won't use the credential if the calling app isn't in the 'credentialBundleIDACL'.
* 'whenNotSpecified': The system only uses the extension credential if the SPN matches the Kerberos Extension 'Hosts' array. However, the system won't use the credential if the calling app isn't in the 'credentialBundleIDACL'.
* 'kerberosDefault': The system uses the default Kerberos processes to select credentials, and normally uses the default Kerberos credential. This is the same as turning off this capability.
* 'kerberosDefault': The system uses the default Kerberos processes to select credentials, and normally uses the default Kerberos credential. This is the same as turning off this capabiliity.
Available in macOS 11 and later.
- key: preferredKDCs
supportedOS:
mdm/profiles/com.apple.extensiblesso.yaml
+9
View File
@@ -440,3 +440,12 @@ payloadkeys:
type: <string>
presence: required
content: A local account username.
- key: AllowDeviceIdentifiersInAttestation
supportedOS:
macOS:
introduced: '15.4'
type: <boolean>
presence: optional
default: false
content: If set to true, the device UDID and serial number will be included in
Platform SSO attestations.
mdm/profiles/com.apple.relay.managed.yaml
+44
View File
@@ -119,6 +119,50 @@ payloadkeys:
- key: ExcludedDomainsElement
title: Excluded Domains Element
type: <string>
- key: MatchFQDNs
title: Match FQDNs
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: '15.4'
tvOS:
introduced: '18.4'
visionOS:
introduced: '2.4'
type: <array>
presence: optional
content: A list of Fully Qualified Domain Names (FQDNs), also known as hostnames,
that should be routed through the servers contained in Relays. Any connection
that matches this exact FQDN or hostname will use the relays. If no FQDNs and
no 'MatchDomains' are listed, traffic to all domains, except those matching an
excluded domain or excluded FQDN, will be routed to the relay servers.
subkeys:
- key: MatchFQDNsElement
title: Match FQDNs Element
type: <string>
- key: Excluded FQDNs
title: Excluded FQDNs
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: '15.4'
tvOS:
introduced: '18.4'
visionOS:
introduced: '2.4'
type: <array>
presence: optional
content: A list of Fully Qualified Domain Names (FQDNs), also known as hostnames,
that should not be routed through the servers contained in Relays. Any connection
that matches the FQDN exactly will not use the relay server. When 'MatchDomains'
are also specified any FQDN listed here in 'ExcludedFQDNs' should be a subdomain
of at least one MatchDomain otherwise it will not have any effect.
subkeys:
- key: ExcludedFQDNsElement
title: Excluded FQDNs Element
type: <string>
- key: RelayUUID
type: <string>
presence: optional
mdm/profiles/com.apple.security.acme.yaml
+2 -3
View File
@@ -87,7 +87,6 @@ payloadkeys:
- ECSECPrimeRandom
content: |-
The type of key pair to generate. Allowed values:
* 'RSA': Specifies an RSA key pair. RSA key pairs need to have a 'KeySize' that's a multiple of 8 in the range of 1024 through 4096 (inclusive), and 'HardwareBound' needs to be 'false'.
* 'ECSECPrimeRandom': Specifies a key pair on the P-192, P-256, P-384, or P-521 curves as defined in FIPS Pub 186-4. 'KeySize' defines the particular curve, which needs to be '192', '256', '384', or '521'. Hardware bound keys only support values of '256' and '384'.
Note that the key size is '521', not '512', even though the other key sizes are multiples of 64.
@@ -107,7 +106,7 @@ payloadkeys:
content: |-
The device requests this subject for the certificate that the ACME server issues. The ACME server may override or ignore this field in the certificate it issues.
The representation of a X.500 name represented as an array of OID and value. For example, '/C=US/O=Apple Inc./CN=foo/1.2.5.3=bar' corresponds to:
'[ [ [”C”, US] ], [ [”O”, Apple Inc.] ], ..., [ [ 1.2.5.3, bar ] ] ]'
'[ [ ['C', 'US'] ], [ ['O', 'Apple Inc.'] ], ..., [ [ '1.2.5.3', 'bar' ] ] ]'
Dotted numbers can represent OIDs , with shortcuts for country (C), locality (L), state (ST), organization (O), organizational unit (OU), and common name (CN).
subkeys:
- key: ACMESubjectArrayInnerArray
@@ -166,7 +165,7 @@ payloadkeys:
type: <array>
presence: optional
content: |-
The value is an array of strings. Each string is an OID in dotted notation. For instance, '[1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.4]' indicates client authentication and email protection.
The value is an array of strings. Each string is an OID in dotted notation. For instance, '['1.3.6.1.5.5.7.3.2', '1.3.6.1.5.5.7.3.4']' indicates client authentication and email protection.
The device requests this field for the certificate that the ACME server issues. The ACME server may override or ignore this field in the certificate it issues.
subkeys:
- key: OID
mdm/profiles/com.apple.security.scep.yaml
+3 -5
View File
@@ -72,7 +72,7 @@ payloadkeys:
presence: optional
content: |-
The representation of an X.500 name as an array of OID and value.
For example, '/C=US/O=Apple Inc./CN=foo/1.2.5.3=bar' translates to '[ [ [“C”, US] ], [ [“O”, Apple Inc.'] ], …, [ [ 1.2.5.3, bar ] ] ]'.
For example, '/C=US/O=Apple Inc./CN=foo/1.2.5.3=bar' translates to '[ [ ['C', 'US'] ], [ ['O', 'Apple Inc.'] ], …, [ [ '1.2.5.3', 'bar' ] ] ]'.
OIDs can be represented as dotted numbers, with shortcuts for country (C), locality (L), state (ST), organization (O), organizational unit (OU), and common name (CN).
subkeys:
- key: SCEPSubjectArrayInnerArray
@@ -120,10 +120,8 @@ payloadkeys:
default: 0
content: |-
A bitmask indicating the use of the key. Possible values:
* 1: Signing
* 4: Encryption
* '1': Signing
* '4': Encryption
Some certificate authorities, such as Windows CA, support only encryption or signing, but not both at the same time.
- key: CAFingerprint
title: Fingerprint
mdm/profiles/com.apple.security.smartcard.yaml
-1
View File
@@ -48,7 +48,6 @@ payloadkeys:
default: 0
content: |-
Configures the certificate trust check and has one of the following possible values:
* '0': Turns off certificate trust check.
* '1': Turns on certificate trust check. A standard validity check is performed but doesn't include additional revocation checks.
* '2': Turns on certificate trust check. A soft revocation check is also performed. Until the certificate is explicitly rejected by CRL/OCSP, it's considered valid. This setting means that unavailable or unreachable CRL/OCSP allow this check to succeed.
mdm/profiles/com.apple.vpn.managed.yaml
+15 -5
View File
@@ -113,6 +113,21 @@ payloadkeys:
presence: optional
content: The VPN dictionary is used when VPNType is VPN.
subkeys:
- key: AuthName
title: Account Username
type: <string>
presence: optional
content: The VPN account username.
- key: AuthPassword
title: Account Password
type: <string>
presence: optional
content: The VPN account password. Only used if AuthenticationMethod is Password.
- key: RemoteAddress
title: RemoteAddress
type: <string>
presence: required
content: IP address or hostname of the VPN server.
- key: AuthenticationMethod
title: Authentication Method
type: <string>
@@ -129,11 +144,6 @@ payloadkeys:
presence: optional
content: The UUID of the certificate payload within the same profile to use for
account credentials.
- key: Password
title: Account Password
type: <string>
presence: optional
content: The VPN user password.
- key: ProviderBundleIdentifier
title: Provider Bundle Identifier
type: <string>
mdm/profiles/com.apple.xsan.yaml
+8 -6
View File
@@ -22,6 +22,7 @@ payload:
watchOS:
introduced: n/a
content: Sets up Xsan clients and controls certain Xsan volume mount behaviors.
The payload should include either sanConfigURLs or fsnameservers, but not both.
payloadkeys:
- key: sanName
type: <string>
@@ -30,9 +31,9 @@ payloadkeys:
exactly match the name of the SAN defined in the metadata server.
- key: sanConfigURLs
type: <array>
presence: required
presence: optional
content: |-
An array of LDAP URLs where Xsan systems can obtain SAN configuration updates. This key is required for all Xsan SANs. There should be one entry for each Xsan MDC.
This key is required for all Xsan SANs. Each string in this array contains an LDAP URL where Xsan systems can obtain SAN configuration updates. There should be one entry for each Xsan MDC.
Example URL: 'ldaps://mdc1.example.com:389'.
subkeys:
- key: sanConfigURLsItem
@@ -41,10 +42,11 @@ payloadkeys:
content: A URL.
- key: fsnameservers
type: <array>
presence: required
content: |-
An array of storage area network (SAN) File System Name Server coordinators. The list should contain the same addresses in the same order as the metadata controller (MDC) '/Library/Preferences/Xsan/fsnameservers' file. Xsan SAN clients automatically receive updates to the 'fsnameservers' list from the SAN configuration servers whenever this list changes. StorNext administrators should update their profile whenever the 'fsnameservers' list changes.
This key is required for StorNext SANs.
presence: optional
content: This key is required for StorNext SANs. This array contains one string
value for each of the SAN's File System Name Server coordinators. The list should
contain the same addresses in the same order as the MDC's /Library/Preferences/Xsan/fsnameservers
file.
subkeys:
- key: fsnameserversItem
type: <string>
other/esso.yaml
+23 -2
View File
@@ -10,7 +10,7 @@ payload:
tvOS:
introduced: n/a
visionOS:
introduced: n/a
introduced: '2.0'
watchOS:
introduced: n/a
payloadkeys:
@@ -53,7 +53,28 @@ payloadkeys:
- key: ConfigurationProfile
title: Configuration Profile
type: <data>
presence: required
presence: optional
content: The profile containing an ExtensibleSingleSignOn payload that specifies
the SSO extension in the downloaded app prior to enrollment. This profile may
contain certificate payloads.
- key: Declarations
title: Declarations
supportedOS:
iOS:
introduced: '18.4'
visionOS:
introduced: '2.4'
type: <array>
presence: optional
content: The set of declarative device management declarations used to specify the
managed app and its configuration (including any certificates or identities).
The set of declarations must include one `com.apple.configuration.app.managed`
configuration, and one activation declaration that references the configuration.
Asset declarations may be present if required by the app config. The app configuration
must include `AppStoreID` when developer mode is not being used, or it must include
`BundleID` when developer mode is used. One of `ConfigurationProfile` and `Declarations`
must be present.
subkeys:
- key: Declaration
title: Declaration Domain
type: <data>
other/skipkeys.yaml
+17 -3
View File
@@ -375,6 +375,19 @@ payloadkeys:
type: <string>
presence: optional
content: The key to skip the Safety pane. This key is available in iOS 16 and later.
- key: SafetyAndHandling
title: Skips Safety and Handling pane
supportedOS:
iOS:
introduced: '18.4'
macOS:
introduced: n/a
tvOS:
introduced: n/a
type: <string>
presence: optional
content: If the key is included in the SkipSetup array the Safety and Handling pane
will be skipped.
- key: ScreenTime
title: Skip Screen Time pane
supportedOS:
@@ -399,8 +412,9 @@ payloadkeys:
introduced: n/a
type: <string>
presence: optional
content: The key to skip the add cellular plan pane. This key is available in iOS
12 and later.
content: The key to skip the add cellular plan pane. Skipping this pane prevents
automatic eSIM setup during Setup Assistant. This key is available in iOS 12 and
later.
- key: Siri
title: Disables Siri
supportedOS:
@@ -416,7 +430,7 @@ payloadkeys:
iOS:
introduced: '12.0'
macOS:
introduced: n/a
introduced: '15.4'
tvOS:
introduced: n/a
type: <string>