From b6202ca2fbd31286a52eb160b67a4db7b4fe1f1f Mon Sep 17 00:00:00 2001 From: Cyrus Daboo Date: Mon, 21 Oct 2024 14:54:30 -0400 Subject: [PATCH] Release_iOS-18-1_macOS-15-1 --- README.md | 10 +- .../configurations/account.exchange.yaml | 12 +- docs/errata.md | 12 + mdm/checkin/authenticate.yaml | 9 +- mdm/commands/application.install.yaml | 32 +++ .../managed.application.attributes.yaml | 32 +++ mdm/commands/settings.yaml | 32 +++ mdm/profiles/com.apple.applicationaccess.yaml | 211 ++++++++++++++---- mdm/profiles/com.apple.vpn.managed.yaml | 6 +- other/skipkeys.yaml | 13 ++ 10 files changed, 309 insertions(+), 60 deletions(-) diff --git a/README.md b/README.md index 2f68208..1f5f760 100644 --- a/README.md +++ b/README.md @@ -8,11 +8,11 @@ This release corresponds to the following OS versions | OS | Version | |----------|---------| -| iOS | 18.0 | -| macOS | 15.0 | -| tvOS | 18.0 | -| visionOS | 2.0 | -| watchOS | 11.0 | +| iOS | 18.1 | +| macOS | 15.1 | +| tvOS | 18.1 | +| visionOS | 2.1 | +| watchOS | 11.1 | ## Important Release Notes diff --git a/declarative/declarations/configurations/account.exchange.yaml b/declarative/declarations/configurations/account.exchange.yaml index 1e7e42c..8cfa194 100644 --- a/declarative/declarations/configurations/account.exchange.yaml +++ b/declarative/declarations/configurations/account.exchange.yaml @@ -76,8 +76,8 @@ payloadkeys: type: presence: optional content: The hostname of the EWS server (or IP address). This is a required field - unless the declaration contains an 'OAuth' property, with a 'SignInURL' that has - 'enabled' as 'true'. + on iOS and visionOS, unless the declaration contains an 'OAuth' property, with + 'Enabled' set to 'true' and without a 'SignInURL'. - key: Port title: Server Port supportedOS: @@ -109,9 +109,7 @@ payloadkeys: introduced: n/a type: presence: optional - content: The external hostname of the EWS server (or IP address). This is a required - field unless the declaration contains an 'OAuth' property, with a 'SignInURL' - that has 'enabled' as 'true'. + content: The external hostname of the EWS server (or IP address). - key: ExternalPort title: Server External Port supportedOS: @@ -122,7 +120,7 @@ payloadkeys: type: presence: optional content: The external port number of the EWS server. The system uses this only when - this declaration has a 'HostName' value. + this declaration has a 'ExternalHostName' value. - key: External Path title: Server External Path supportedOS: @@ -133,7 +131,7 @@ payloadkeys: type: presence: optional content: The external path of the EWS server. The system uses this only when this - declaration has a 'HostName' value. + declaration has a 'ExternalHostName' value. - key: OAuth title: Controls use of OAuth type: diff --git a/docs/errata.md b/docs/errata.md index d29cb09..2d88c90 100644 --- a/docs/errata.md +++ b/docs/errata.md @@ -2,6 +2,12 @@ This document lists errata for the YAML schema. This is used when older versions of the schema are incorrect, and a fix was made in later schema to correct the problem. +## iOS 18.1 / macOS 15.1 + +### mdm/profiles/com.apple.applicationaccess.yaml + +allowExplicitContent was incorrectly marked as supported on unsupervised devices for tvOS. + ## iOS 18 / macOS 15 ### tvOS @@ -26,6 +32,12 @@ iOS 17 supported multiple private network payloads, but the `multiple` key was s iOS 17 also mistakenly forbade multiple private network payloads in a single profile. +### mdm/checkin/authenticate.yaml + +Starting in iOS 13 and macOS 10.15 UDID is optional because User Enrollments do not return UUIDs. + +Starting is iOS 13 and macOS 10.15 Enrollment ID is optional because Device Enrollments only return UUIDs. + ## iOS 17 / macOS 14 ### mdm/profiles/com.apple.education.yaml diff --git a/mdm/checkin/authenticate.yaml b/mdm/checkin/authenticate.yaml index 1f75442..1cda84c 100644 --- a/mdm/checkin/authenticate.yaml +++ b/mdm/checkin/authenticate.yaml @@ -95,8 +95,9 @@ payloadkeys: userenrollment: mode: forbidden type: - presence: required - content: The device's UDID (Unique Device ID). + presence: optional + content: The device's UDID (Unique Device ID). This is required if the enrollment + type is not user enrollment. - key: EnrollmentID supportedOS: iOS: @@ -115,9 +116,9 @@ payloadkeys: watchOS: introduced: n/a type: - presence: required + presence: optional content: The per-enrollment identifier for the device. Available in macOS 10.15 - and iOS 13.0 and later. + and iOS 13.0 and later. This is required if the enrollment type is user enrollment. - key: OSVersion supportedOS: iOS: diff --git a/mdm/commands/application.install.yaml b/mdm/commands/application.install.yaml index d8b548b..6c478d7 100644 --- a/mdm/commands/application.install.yaml +++ b/mdm/commands/application.install.yaml @@ -245,6 +245,38 @@ payloadkeys: content: |- The data network name (DNN) or app category. For DNN, the value is 'DNN:name', where 'name' is the carrier-provided DNN name. For app category, the value is 'AppCategory:category', where 'category' is a carrier-provided string like “Enterprise1”. Available in iOS 17 and later. + - key: Hideable + supportedOS: + iOS: + introduced: '18.1' + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: Setting this to false prevents the user from hiding the app. It does + not affect the user's ability to leave it in the App Library, while removing + it from the home screen. + - key: Lockable + supportedOS: + iOS: + introduced: '18.1' + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: Setting this to false prevents the user from locking the app. Because + hiding an app also requires locking it, disallowing the user from locking the + app will also prevent the user from hiding it. - key: ChangeManagementState supportedOS: iOS: diff --git a/mdm/commands/managed.application.attributes.yaml b/mdm/commands/managed.application.attributes.yaml index abc8aae..986d9f5 100644 --- a/mdm/commands/managed.application.attributes.yaml +++ b/mdm/commands/managed.application.attributes.yaml @@ -180,3 +180,35 @@ responsekeys: where "name" is the carrier provided DNN name. For app category, the value must be encoded as "AppCategory:category", where "category" is a carrier provided string like "Enterprise1". + - key: Hideable + supportedOS: + iOS: + introduced: '18.1' + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If set to false, the user is prevented from hiding the app. It does + not affect the user's ability to leave it in the App Library, while removing + it from the home screen. + - key: Lockable + supportedOS: + iOS: + introduced: '18.1' + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If set to false, the user is prevented from locking the app. Because + hiding an app also requires locking it, disallowing the user from locking + the app will also prevent the user from hiding it. diff --git a/mdm/commands/settings.yaml b/mdm/commands/settings.yaml index 9b5bd38..03662c9 100644 --- a/mdm/commands/settings.yaml +++ b/mdm/commands/settings.yaml @@ -442,6 +442,38 @@ payloadkeys: content: |- The data network name (DNN) or app category. For DNN, the value is 'DNN:name', where 'name' is the carrier-provided DNN name. For app category, the value is 'AppCategory:category', where 'category' is a carrier-provided string like “Enterprise1”'.' Available in iOS 17 and later. + - key: Hideable + supportedOS: + iOS: + introduced: '18.1' + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: Setting this to false prevents the user from hiding the app. It does + not affect the user's ability to leave it in the App Library, while removing + it from the home screen. + - key: Lockable + supportedOS: + iOS: + introduced: '18.1' + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: Setting this to false prevents the user from locking the app. Because + hiding an app also requires locking it, disallowing the user from locking + the app will also prevent the user from hiding it. - key: DeviceName supportedOS: iOS: diff --git a/mdm/profiles/com.apple.applicationaccess.yaml b/mdm/profiles/com.apple.applicationaccess.yaml index 5505238..e0229a0 100644 --- a/mdm/profiles/com.apple.applicationaccess.yaml +++ b/mdm/profiles/com.apple.applicationaccess.yaml @@ -278,7 +278,6 @@ payloadkeys: title: Allow App Installation supportedOS: iOS: - introduced: '4.0' supervised: true userenrollment: mode: forbidden @@ -344,6 +343,49 @@ payloadkeys: content: |- If 'false', the system disables removal of apps from an iOS device. This applies to App Store apps, marketplace apps, and locally installed apps (using Configurator, Xcode, etc). Requires a supervised device. Available in iOS 4.2.1 and later, and watchOS 10 and later. +- key: allowAppsToBeHidden + title: Allow Hiding Apps + supportedOS: + iOS: + introduced: '18.0' + supervised: true + userenrollment: + mode: forbidden + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If false, disables the ability for the user to hide apps. It does not affect + the user's ability to leave it in the App Library, while removing it from the + home screen. +- key: allowAppsToBeLocked + title: Allow Locking Apps + supportedOS: + iOS: + introduced: '18.0' + supervised: true + userenrollment: + mode: forbidden + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If false, disables the ability for the user to lock apps. Because hiding + apps also requires locking them, disallowing locking also disallows hiding. - key: allowARDRemoteManagementModification title: Allow modifying Remote Management Sharing setting supportedOS: @@ -612,11 +654,32 @@ payloadkeys: content: If 'false', the system prevents the user from downloading Apple Books media that's tagged as erotica. Available in iOS 6 and later, and tvOS 11.3 and later. Support for this restriction on unsupervised devices is deprecated. +- key: allowCallRecording + title: Allow Call Recording + supportedOS: + iOS: + introduced: '18.1' + supervised: true + sharedipad: + mode: forbidden + userenrollment: + mode: forbidden + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If false, call recording is disabled. - key: allowCamera title: Allow Camera Use supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -1183,12 +1246,12 @@ payloadkeys: type: presence: optional default: true - content: If 'false', the system removes the Trust Enterprise Developer button in - Settings > General > Profiles & Device Management, which prevents provisioning - apps by universal provisioning profiles. This restriction applies to free developer - accounts. However, it doesn't apply to enterprise app developers, because they're - trusted and the system installed their apps through MDM. It also doesn't revoke - previously granted trust. Available in iOS 9 and later. + content: If 'false', the system removes the Trust Developer button in Settings > + General > VPN & Device Management, which prevents provisioning apps by universal + provisioning profiles. This restriction applies to both free developer accounts + and enterprise app developers that are not implicitly trusted by apps installed + through MDM. This restriction does not revoke previously granted trust. Available + in iOS 9 and later. - key: allowEnterpriseBookBackup title: Allow Enterprise Books Backup supportedOS: @@ -1293,12 +1356,12 @@ payloadkeys: presence: optional default: true content: If 'false', prevents the transfer of an eSIM from the device on which the - restriction is installed to a different device. Available in iOS 18 and later. + restriction is installed to a different device. Requires a supervised device. + Available in iOS 18 and later. - key: allowExplicitContent title: Allow Explicit Content supportedOS: iOS: - introduced: '4.0' supervised: true userenrollment: mode: forbidden @@ -1306,6 +1369,7 @@ payloadkeys: introduced: n/a tvOS: introduced: '11.3' + supervised: true visionOS: introduced: n/a watchOS: @@ -1544,12 +1608,12 @@ payloadkeys: type: presence: optional default: true - content: If 'false', prohibits creating new Genmoji. Available in iOS 18 and later. + content: If 'false', prohibits creating new Genmoji. Requires a supervised device. + Available in iOS 18 and later. - key: allowGlobalBackgroundFetchWhenRoaming title: Allow Automatic Sync While Roaming supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -1612,8 +1676,8 @@ payloadkeys: type: presence: optional default: true - content: If 'false', prohibits the use of image generation. Available in iOS 18 - and later and macOS 15 and later. + content: If 'false', prohibits the use of image generation. Requires a supervised + device. Available in iOS 18 and later and macOS 15 and later. - key: allowImageWand title: Allow Image Wand supportedOS: @@ -1635,12 +1699,12 @@ payloadkeys: type: presence: optional default: true - content: If 'false', prohibits the use of Image Wand. Available in iOS 18 and later. + content: If 'false', prohibits the use of Image Wand. Requires a supervised device. + Available in iOS 18 and later. - key: allowInAppPurchases title: Allow In App Purchases supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -1682,6 +1746,8 @@ payloadkeys: iOS: introduced: '18.0' supervised: true + sharedipad: + mode: forbidden userenrollment: mode: forbidden macOS: @@ -1699,8 +1765,8 @@ payloadkeys: default: true content: If 'false', prohibits the use of iPhone Mirroring. When used on macOS, this prevents the Mac from mirroring any iPhone. When used on iOS, this prevents - the iPhone from mirroring to any Mac. Available in iOS 18 and later and macOS - 15 and later. + the iPhone from mirroring to any Mac. Requires a supervised device. Available + in iOS 18 and later and macOS 15 and later. - key: allowiPhoneWidgetsOnMac title: Allow iPhone widget on Mac supportedOS: @@ -1729,7 +1795,6 @@ payloadkeys: title: Allow use of iTunes supportedOS: iOS: - introduced: '4.0' supervised: true userenrollment: mode: forbidden @@ -1928,6 +1993,28 @@ payloadkeys: default: true content: If 'false', the system disables Mail Privacy Protection on the device. Requires a supervised device. Available in iOS 15.2 and later. +- key: allowMailSummary + supportedOS: + iOS: + introduced: '18.1' + supervised: true + userenrollment: + mode: forbidden + macOS: + introduced: '15.1' + userenrollment: + mode: forbidden + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If false, disables the ability to create summaries of email messages manually. + This does not affect automatic summary generation. - key: allowManagedAppsCloudSync title: Allow iCloud Sync for Managed Apps supportedOS: @@ -1993,6 +2080,25 @@ payloadkeys: content: If 'false', the system prevents installation of alternative marketplace apps from the web and prevents any installed alternative marketplace apps from installing apps. Available in iOS 17.4 and later. Requires a supervised device. +- key: allowMediaSharingModification + title: Allow modifying Media Sharing setting + supportedOS: + iOS: + introduced: n/a + macOS: + introduced: '15.1' + userenrollment: + mode: forbidden + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If false, prevents modification of Media Sharing settings. - key: allowMultiplayerGaming title: Allow Multiplayer Gaming supportedOS: @@ -2339,6 +2445,8 @@ payloadkeys: iOS: introduced: '18.0' supervised: true + sharedipad: + mode: forbidden userenrollment: mode: forbidden macOS: @@ -2353,7 +2461,7 @@ payloadkeys: presence: optional default: true content: If false, prevents the system from generating text in the user's handwriting. - Available in iOS 18 and later. + Requires a supervised device. Available in iOS 18 and later. - key: allowPhotoStream title: Allow Photo Stream supportedOS: @@ -2523,6 +2631,25 @@ payloadkeys: default: true content: If 'false', the system prohibits removal of rapid security responses. Available in iOS 16 and later, and macOS 13 and later. +- key: allowRCSMessaging + supportedOS: + iOS: + introduced: '18.1' + supervised: true + userenrollment: + mode: forbidden + macOS: + introduced: n/a + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: true + content: If false, prevents the use of RCS messaging. - key: allowRemoteAppleEventsModification title: Allow modifying Remote Apple Events Sharing setting supportedOS: @@ -2587,7 +2714,6 @@ payloadkeys: title: Allow use of Safari supportedOS: iOS: - introduced: '4.0' supervised: true userenrollment: mode: forbidden @@ -2934,7 +3060,6 @@ payloadkeys: title: Allow Video Conferencing supportedOS: iOS: - introduced: '4.0' supervised: true userenrollment: mode: forbidden @@ -2958,7 +3083,6 @@ payloadkeys: title: Allow Voice Dialing While Device is Locked supportedOS: iOS: - introduced: '4.0' deprecated: '17.0' userenrollment: mode: forbidden @@ -3066,8 +3190,8 @@ payloadkeys: type: presence: optional default: true - content: If 'false', disables Apple Intelligence writing tools. Available in iOS - 18 and later and macOS 15 and later. + content: If 'false', disables Apple Intelligence writing tools. Requires a supervised + device. Available in iOS 18 and later and macOS 15 and later. - key: autonomousSingleAppModePermittedAppIDs supportedOS: iOS: @@ -3293,8 +3417,6 @@ payloadkeys: introduced: n/a macOS: introduced: n/a - tvOS: - introduced: '9.0' visionOS: introduced: n/a watchOS: @@ -3365,9 +3487,9 @@ payloadkeys: type: presence: optional default: false - content: If 'true', the system forces the use of the profanity filter assistant. - Available in iOS 11 and later, and macOS 10.13 and later. Requires a supervised - device in iOS. + content: If 'true', the system forces the use of the profanity filter for Siri and + dictation. Available in iOS 11 and later, and macOS 10.13 and later. Requires + a supervised device in iOS. - key: forceAuthenticationBeforeAutoFill supportedOS: iOS: @@ -3421,6 +3543,24 @@ payloadkeys: when the device can determine its location using a cellular connection or Wi-Fi with location services enabled. Requires a supervised device. Available in iOS 12 and later, and tvOS 12.2 and later. +- key: forceBypassScreenCaptureAlert + supportedOS: + iOS: + introduced: n/a + macOS: + introduced: '15.1' + allowmanualinstall: false + tvOS: + introduced: n/a + visionOS: + introduced: n/a + watchOS: + introduced: n/a + type: + presence: optional + default: false + content: If set to true, then the presentation of a screen capture alert will be + bypassed. - key: forceClassroomAutomaticallyJoinClasses supportedOS: iOS: @@ -3588,8 +3728,6 @@ payloadkeys: - key: forceEncryptedBackup title: Force Encrypted Backups supportedOS: - iOS: - introduced: '4.0' macOS: introduced: n/a tvOS: @@ -3785,7 +3923,6 @@ payloadkeys: title: Apps Ranking Number supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -3816,7 +3953,6 @@ payloadkeys: title: Movies Ranking Number supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -3869,7 +4005,6 @@ payloadkeys: title: TV Shows Ranking Number supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -3919,7 +4054,6 @@ payloadkeys: title: Accept Cookies in Safari supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -3948,7 +4082,6 @@ payloadkeys: title: Allow AutoFill in Safari supportedOS: iOS: - introduced: '4.0' supervised: true userenrollment: mode: forbidden @@ -3975,7 +4108,6 @@ payloadkeys: title: Allow JavaScript supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -3995,7 +4127,6 @@ payloadkeys: title: Allow Pop-ups supportedOS: iOS: - introduced: '4.0' userenrollment: mode: forbidden macOS: @@ -4014,8 +4145,6 @@ payloadkeys: - key: safariForceFraudWarning title: Enable Fraud Warning supportedOS: - iOS: - introduced: '4.0' macOS: introduced: n/a tvOS: diff --git a/mdm/profiles/com.apple.vpn.managed.yaml b/mdm/profiles/com.apple.vpn.managed.yaml index 2ce81d7..7205f53 100644 --- a/mdm/profiles/com.apple.vpn.managed.yaml +++ b/mdm/profiles/com.apple.vpn.managed.yaml @@ -1561,8 +1561,7 @@ payloadkeys: title: HTTP Proxy type: presence: optional - content: The port number of the HTTP proxy. This field is required if 'HTTPProxy' - is specified. + content: The host name of the HTTP proxy. - key: HTTPPort title: HTTP Port type: @@ -1570,7 +1569,8 @@ payloadkeys: range: min: 0 max: 65535 - content: The host name of the HTTP proxy. + content: The port number of the HTTP proxy. This field is required if 'HTTPProxy' + is specified. - key: HTTPProxyUsername title: HTTP ProxyUsername type: diff --git a/other/skipkeys.yaml b/other/skipkeys.yaml index b861f20..5529fa9 100644 --- a/other/skipkeys.yaml +++ b/other/skipkeys.yaml @@ -103,6 +103,19 @@ payloadkeys: presence: optional content: The key to skip biometric setup. This key is available in iOS 8.1 and later, and macOS 10.12.4 and later. +- key: CameraButton + title: Skips Camera Control pane + supportedOS: + iOS: + introduced: '18.0' + macOS: + introduced: n/a + tvOS: + introduced: n/a + type: + presence: optional + content: If the key is included in the SkipSetup array the Camera Control pane will + be skipped. - key: DeviceToDeviceMigration title: Skip Device To Device Migration pane supportedOS: