Release_iOS-16-2_macOS-13-1

This commit is contained in:
Cyrus Daboo
2022-12-15 12:27:25 -05:00
parent 264841fb7a
commit eb51fb0cb9
37 changed files with 378 additions and 73 deletions
+4 -4
View File
@@ -8,10 +8,10 @@ This release corresponds to the following OS versions
| OS | Version |
|---------|---------|
| iOS | 16.1 |
| macOS | 13.0 |
| tvOS | 16.1 |
| watchOS | 9.1 |
| iOS | 16.2 |
| macOS | 13.1 |
| tvOS | 16.2 |
| watchOS | 9.2 |
## What's Available
@@ -120,8 +120,8 @@ payloadkeys:
presence: optional
content: The URL that this account uses for signing in with OAuth. The system
ignores this value unless 'Enabled' is 'true'. The system doesn't use autodiscovery
when a declaraction contains this URL, so the declaration must also contain
a 'HostName'.
when a declaration contains this URL, so the declaration must also contain a
'HostName'.
- key: TokenRequestURL
supportedOS:
macOS:
@@ -77,7 +77,7 @@ payloadkeys:
- Subtree
default: Subtree
content: |-
The type of recursion to use in the saerch.
The type of recursion to use in the search.
* 'Base': Only the 'SearchBase' node.
* 'OneLevel': The 'SearchBase' node and its immediate children.
* 'Subtree': The 'SearchBase' node and all its chidren, regardless of depth.
* 'Subtree': The 'SearchBase' node and all its children, regardless of depth.
@@ -24,6 +24,18 @@ payloadkeys:
content: If 'true', requires the user to set a passcode without any requirements
about the length or quality of the passcode. The presence of any other keys implicitly
requires a passcode, and overrides this key's value.
- key: RequireAlphanumericPasscode
title: Require Alphanumeric Passcode
supportedOS:
iOS:
introduced: '16.2'
macOS:
introduced: '13.1'
type: <boolean>
presence: optional
default: false
content: If set to true, the passcode must consist of at least one alphabetic characters
("abcd"), and at least one number.
- key: RequireComplexPasscode
title: Require Complex Passcode
type: <boolean>
@@ -31,7 +43,7 @@ payloadkeys:
default: false
content: If 'true', requires a complex passcode. A complex passcode is one that
doesn't contain repeated characters or increasing/decreasing characters (such
as 123 or CBA), and must contain at least one nonnumeric/nonalphabetic character.
as 123 or CBA).
- key: MinimumLength
title: Minimum Passcode Length
type: <integer>
@@ -41,6 +53,21 @@ payloadkeys:
max: 16
default: 0
content: The minimum number of characters a passcode can contain.
- key: MinimumComplexCharacters
title: Minimum Complex Characters
supportedOS:
iOS:
introduced: '16.2'
macOS:
introduced: '13.1'
type: <integer>
presence: optional
range:
min: 0
max: 4
default: 1
content: Specifies the minimum number of complex characters that must be present.
Only used when RequireComplexPasscode is true.
- key: MaximumFailedAttempts
title: Maximum Number of Failed Attempts
type: <integer>
@@ -52,6 +79,18 @@ payloadkeys:
content: |-
The number of failed passcode attempts that the system allows the user before iOS erases the device or macOS locks the device. If you don't change this setting, after six failed attempts, the device imposes a time delay before the user can enter a passcode again. The time delay increases with each failed attempt.
After the final failed attempt, the system securely erases all data and settings from the iOS device. A macOS device locks after the final attempt. The passcode time delay begins after the sixth attempt, so if this value is six or lower, the system has no time delay and triggers the erase or lock as soon as the user exceeds the limit.
- key: FailedAttemptsResetInMinutes
title: Failed Attempts Reset
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '13.1'
type: <integer>
presence: optional
content: The number of minutes before the login will be reset after the maximum
number of failed attempts has been reached. The MaximumFailedAttempts key must
be set for this to take effect.
- key: MaximumGracePeriodInMinutes
title: Maximum Grace Period
type: <integer>
@@ -69,6 +108,21 @@ payloadkeys:
content: |-
The maximum period that a user can select, during which the device can be idle before the system automatically locks it. When the device reaches this limit, the device locks and the user must enter the passcode to unlock it. In the absence of this key, the user can select any period.
macOS translates this to screensaver settings.
- key: MaximumPasscodeAgeInDays
title: Maximum Passcode Age
supportedOS:
iOS:
introduced: '16.2'
macOS:
introduced: '13.1'
type: <integer>
presence: optional
range:
min: 0
max: 730
content: Specifies the maximum number of days for which the passcode can remain
unchanged. After this number of days, the user is forced to change the passcode
before the device is unlocked.
- key: PasscodeReuseLimit
title: Passcode Reuse Limit
type: <integer>
@@ -76,7 +130,21 @@ payloadkeys:
range:
min: 1
max: 50
content: The number of historical passcode entries the system checks when vaildating
content: The number of historical passcode entries the system checks when validating
a new passcode. The device refuses a new passcode if it matches a previously used
passcode within the specified passcode history range. In the absence of this key,
the system performs no historical check.
- key: ChangeAtNextAuth
title: Change At Next Auth
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '13.1'
type: <boolean>
presence: optional
default: false
content: If set to true, forces a password reset to occur the next time the user
tries to authenticate. If this key is set in a configuration in the system scope
(device channel), the setting takes effect for all users, and admin authentications
may fail until the admin user password is also reset.
@@ -31,6 +31,14 @@ payloadkeys:
type: <string>
presence: required
content: The unique identifier for the account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
@@ -32,6 +32,14 @@ payloadkeys:
presence: required
content: The unique identifier of the account. This can be used as a "primary
key" to access a specific account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
@@ -32,6 +32,14 @@ payloadkeys:
presence: required
content: The unique identifier of the account. This can be used as a "primary
key" to access a specific account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
@@ -32,6 +32,14 @@ payloadkeys:
presence: required
content: The unique identifier of the account. This can be used as a "primary
key" to access a specific account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
@@ -32,6 +32,14 @@ payloadkeys:
presence: required
content: The unique identifier of the account. This can be used as a "primary
key" to access a specific account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
@@ -32,6 +32,14 @@ payloadkeys:
presence: required
content: The unique identifier of the account. This can be used as a "primary
key" to access a specific account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
@@ -32,6 +32,14 @@ payloadkeys:
presence: required
content: The unique identifier of the account. This can be used as a "primary
key" to access a specific account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
@@ -30,6 +30,14 @@ payloadkeys:
presence: required
content: The unique identifier of the account. This can be used as a "primary
key" to access a specific account.
- key: _removed
title: Indicates removal of the account.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an account, this key's value is set to true,
and only this key and the "identifier" key will be present in the status item
object.
- key: declaration-identifier
title: Identifier of the declaration that installed the account.
type: <string>
+8
View File
@@ -25,6 +25,14 @@ payloadkeys:
type: <string>
presence: required
content: The app's bundle id, which is unique.
- key: _removed
title: Indicates removal of the app.
type: <boolean>
presence: optional
default: false
content: To indicate removal of an app, this key's value is set to true, and
only this key and the "identifier" key will be present in the status item
object.
- key: name
title: App name
type: <string>
+3 -3
View File
@@ -165,9 +165,9 @@ properties:
type: string
description: Indicates the expected format of the string value of the key, supporting additional validation of the value.
enum:
- url
- hostname
- email
- <url>
- <hostname>
- <email>
presence:
type: string
description: Whether the key is required or optional.
+67 -7
View File
@@ -269,7 +269,7 @@ payloadkeys:
- key: SerialNumber
supportedOS:
iOS:
accessrights: AllowQueryDeviceInformatio
accessrights: AllowQueryDeviceInformation
userenrollment:
mode: forbidden
macOS:
@@ -731,6 +731,18 @@ payloadkeys:
content: |-
The grace period for Shared iPad online authentication (in days). 0 means the device requires online authentication for every login.
Available in iOS 16 and later.
- key: SkipLanguageAndLocaleSetupForNewUsers
supportedOS:
iOS:
introduced: '16.2'
accessrights: AllowQueryDeviceInformation
macOS:
introduced: n/a
tvOS:
introduced: n/a
type: <string>
content: Whether the language & locale pane will be skipped for new users of
Shared iPad
- key: PushToken
supportedOS:
iOS:
@@ -738,12 +750,10 @@ payloadkeys:
accessrights: AllowQueryDeviceInformation
sharedipad:
devicechannel: false
userchannel: true
userenrollment:
mode: forbidden
macOS:
introduced: '10.12'
userchannel: true
tvOS:
introduced: n/a
type: <string>
@@ -1123,11 +1133,28 @@ payloadkeys:
content: The key that represents the device identifier you use to look up available
OS updates through <https://gdmf.apple.com/v2/pmv>. Available in iOS 15 and
later, and macOS 12 and later.
- key: SoftwareUpdateSettings
supportedOS:
iOS:
introduced: '14.5'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
type: <string>
content: Returns the device settings that control which updates appear in the
Software Update pane in Settings. OS updates through <https://gdmf.apple.com/v2/pmv>.
Available in iOS 14.5 and later.
- key: AccessibilitySettings
supportedOS:
iOS:
introduced: '16.0'
supervised: true
sharedipad:
mode: allowed
devicechannel: false
userenrollment:
mode: forbidden
macOS:
@@ -1229,7 +1256,7 @@ responsekeys:
- key: OrganizationEmail
type: <string>
presence: optional
content: The orgnization's support email address. This value is available in
content: The organization's support email address. This value is available in
iOS 7 and later, macOS 10.11 and later, and tvOS 9 and later.
- key: OrganizationMagic
type: <string>
@@ -1766,7 +1793,7 @@ responsekeys:
introduced: n/a
tvOS:
introduced: n/a
type: <real>
type: <integer>
content: The timeout interval for the user session. '0' means no timeout.
- key: TemporarySessionTimeout
supportedOS:
@@ -1776,7 +1803,7 @@ responsekeys:
introduced: n/a
tvOS:
introduced: n/a
type: <real>
type: <integer>
content: The timeout interval for the temporary session. '0' means no timeout.
- key: TemporarySessionOnly
supportedOS:
@@ -1811,10 +1838,21 @@ responsekeys:
introduced: n/a
tvOS:
introduced: n/a
type: <real>
type: <integer>
content: |-
The grace period for Shared iPad online authentication (in days). 0 means the device requires online authentication for every login.
Available in iOS 16 and later.
- key: SkipLanguageAndLocaleSetupForNewUsers
supportedOS:
iOS:
introduced: '16.2'
macOS:
introduced: n/a
tvOS:
introduced: n/a
type: <boolean>
content: Whether the language & locale pane will be skipped for new users of Shared
iPad
- key: PushToken
supportedOS:
iOS:
@@ -2214,11 +2252,33 @@ responsekeys:
content: The key representing the device identifier to be used when looking up
available OS updates via <https://gdmf.apple.com/v2/pmv>. Available in iOS 14.5
and later.
- key: SoftwareUpdateSettings
supportedOS:
iOS:
introduced: '14.5'
userenrollment:
mode: forbidden
macOS:
introduced: n/a
tvOS:
introduced: n/a
type: <dictionary>
content: Properties that control which updates appear in the Software Update pane
in Settings.
subkeys:
- key: RecommendationsCadence
type: <integer>
content: Which software updates are presented to the user. 0 (the default) allows
all updates, 1 allows only older updates. 2 allows only newer updates. No
effect if only a single update would be offered to the user for this device.
- key: AccessibilitySettings
supportedOS:
iOS:
introduced: '16.0'
supervised: true
sharedipad:
mode: allowed
devicechannel: false
userenrollment:
mode: forbidden
macOS:
+12 -3
View File
@@ -457,7 +457,7 @@ payloadkeys:
- key: OrganizationEmail
type: <string>
presence: optional
content: The orgnization's support email address.
content: The organization's support email address.
- key: OrganizationMagic
type: <string>
presence: optional
@@ -567,7 +567,7 @@ payloadkeys:
type: <integer>
presence: required
content: |-
The maximum number of users that can use the device. If this value is greater than the value for the maximum possible number of users that the device suports, the MDM server uses that value instead.
The maximum number of users that can use the device. If this value is greater than the value for the maximum possible number of users that the device supports, the MDM server uses that value instead.
This setting requires that the device is in the 'AwaitingConfiguration' phase before it receives the DeviceConfigured <https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/3-MDM_Protocol/MDM_Protocol.html#//apple_ref/doc/uid/TP40017387-CH3-SW301> message.
When a device reaches the maximum number of resident users and a new user tries to sign in, the MDM server removes a synchronized user to make space for the new user. If there are no synchronized users, the new user sign-in fails. A synchronized user is a user that has completed syncing their data.
- key: SharedDeviceConfiguration
@@ -658,6 +658,16 @@ payloadkeys:
A grace period (in days) for Shared iPad online authentication. The Shared iPad only verifies the user's passcode locally during login for users that already exist on the device. However, the system requires an online authentication (against Apple's identity server) after the number of days specified by this setting.
Setting this value to 0 enforces online authentication every time.
Available in iOS 16 and later.
- key: SkipLanguageAndLocaleSetupForNewUsers
supportedOS:
iOS:
introduced: '16.2'
type: <boolean>
presence: optional
default: false
content: Whether the language & locale pane will be skipped for new users of
Shared iPad. If 'true', system language & locale will be picked automatically
for the new user.
- key: DiagnosticSubmission
supportedOS:
iOS:
@@ -835,7 +845,6 @@ payloadkeys:
sharedipad:
mode: allowed
devicechannel: false
userchannel: true
userenrollment:
mode: forbidden
macOS:
+35
View File
@@ -196,3 +196,38 @@ responsekeys:
instead of prompting for user authentication prior to installation. This only
applies when 'BootstrapTokenAllowedForAuthentication' is 'true' in the SecurityInfoResponse.SecurityInfo
response. This value is available for Apple silicon in macOS 11 and later.
- key: IsSecurityResponse
supportedOS:
iOS:
introduced: '16.2'
macOS:
introduced: '13.1'
tvOS:
introduced: '16.2'
type: <boolean>
presence: required
content: If true, this update is a Rapid Security Response.
- key: SupplementalBuildVersion
supportedOS:
iOS:
introduced: '16.2'
macOS:
introduced: '13.1'
tvOS:
introduced: '16.2'
type: <string>
presence: optional
content: The build version associated with the Rapid Security Response update,
e.g. 13A999. This is always the same as 'build'.
- key: SupplementalOSVersionExtra
supportedOS:
iOS:
introduced: '16.2'
macOS:
introduced: '13.1'
tvOS:
introduced: '16.2'
type: <string>
presence: optional
content: The Rapid Security Response OS version suffix, e.g. '(a)'. Only present
if this is a Rapid Security Response update.
+1 -1
View File
@@ -54,7 +54,7 @@ payloadkeys:
default: 5190
content: The connection port for the server.
- key: AIMAuthentication
title: AIM Authentification
title: AIM Authentication
type: <string>
presence: required
rangelist:
@@ -112,7 +112,7 @@ payloadkeys:
presence: optional
default: false
content: |-
If 'true', prevents the computer from sleeping as long as Content Caching is on (System Preferences > Sharing > Content Caching is on). Customers who want Content Caching to be as available as musch as possible should turn this setting on.
If 'true', prevents the computer from sleeping as long as Content Caching is on (System Preferences > Sharing > Content Caching is on). Customers who want Content Caching to be as available as much as possible should turn this setting on.
Available in macOS 10.15 and later.
- key: ListenRanges
supportedOS:
@@ -39,5 +39,5 @@ payloadkeys:
- key: Set-Once
type: <array>
presence: required
content: The dictonary of one-time settings.
content: The dictionary of one-time settings.
subkeys: *id001
@@ -71,7 +71,7 @@ payloadkeys:
content: |-
The 'Authorization' key is an optional replacement for the 'Allowed' key. Every payload must specify either 'Authorization' or 'Allowed', but not both.
'Allow': Equivalent to a 'true' value for the 'Allowed' key.
'Deny': Equivalent to a f'alse' value for the 'Allowed' key.
'Deny': Equivalent to a 'false' value for the 'Allowed' key.
'AllowStandardUserToSetSystemService:' allows a standard (non-admin) user to configure the permissions for the specified app in the Privacy preferences for services that otherwise require admin authorization. 'AllowStandardUserToSetSystemService' is only valid for the 'ListenEvent' and 'ScreenCapture' services.
Available in macOS 11 and later.
- key: Comment
+19
View File
@@ -68,3 +68,22 @@ payloadkeys:
subkeys:
- key: SafariPasswordAutoFillDomainsItem
type: <string>
- key: CrossSiteTrackingPreventionRelaxedDomains
title: Cross-Site Tracking Prevention RelaxedDomains
supportedOS:
iOS:
introduced: '16.2'
supervised: true
allowmanualinstall: false
userenrollment:
mode: forbidden
macOS:
introduced: '13.1'
allowmanualinstall: false
type: <array>
presence: optional
content: An array of up to 10 strings. URLs matching the patterns listed here will
have relaxed enforcement of cross-site tracking prevention.
subkeys:
- key: CrossSiteTrackingPreventionRelaxedDomainItem
type: <string>
@@ -333,7 +333,7 @@ payloadkeys:
type: <array>
presence: optional
content: |-
The ordered list of perferred Key Distribution Centers (KDCs) to use for Kerberos traffic. Use this if the servers are not discoverable via DNS. If the servers are specified, then they are used for both connectivity checks and attempted first for Kerberos traffic. If the servers do not respond, then the device falls back to DNS discovery. Each entry is formatted the same as it would be in a 'krb5.conf' file. Examples of entries are:
The ordered list of preferred Key Distribution Centers (KDCs) to use for Kerberos traffic. Use this if the servers are not discoverable via DNS. If the servers are specified, then they are used for both connectivity checks and attempted first for Kerberos traffic. If the servers do not respond, then the device falls back to DNS discovery. Each entry is formatted the same as it would be in a 'krb5.conf' file. Examples of entries are:
* 'adserver1.example.com'
* 'tcp/adserver1.example.com:88'
* 'kkdcp://kerberosproxy.example.com:443/kkdcp'
+1 -1
View File
@@ -47,7 +47,7 @@ payloadkeys:
type: <boolean>
presence: optional
default: true
content: If set to false, extneral hard drives will not appear on the desktop.
content: If set to false, external hard drives will not appear on the desktop.
- key: ShowHardDrivesOnDesktop
type: <boolean>
presence: optional
+1 -1
View File
@@ -22,7 +22,7 @@ payload:
mode: allowed
content: |-
Each payload may contain one font file. Font files may be in TrueType (.ttf) or OpenType (.otf) file format. Collection types (.ttc or .otc) formats are not supported.
Fonts are uniqued internally by their embedded PostScript name. Two fonts with the same PostScript name will be considered the same font, even if their contents differ. Installing two different fonts with the same PostScript name is not supported, and it is undefined which font will remain installed.
Fonts are uniquely identified internally by their embedded PostScript name. Two fonts with the same PostScript name will be considered the same font, even if their contents differ. Installing two different fonts with the same PostScript name is not supported, and it is undefined which font will remain installed.
payloadkeys:
- key: Name
title: Font Name
+1 -1
View File
@@ -53,7 +53,7 @@ payloadkeys:
default: 5222
content: The server's port.
- key: JabberAuthentication
title: Jabber Authentification
title: Jabber Authentication
type: <string>
presence: required
rangelist:
+1 -1
View File
@@ -51,7 +51,7 @@ payloadkeys:
the payload, the device prompts for this string during interactive profile installation
in Settings or System Preferences.
- key: IncomingMailServerAuthentication
title: Incoming Mail Server Authentification
title: Incoming Mail Server Authentication
type: <string>
presence: required
rangelist:
@@ -43,7 +43,7 @@ payloadkeys:
- key: ProxyServer
title: Proxy Server
type: <string>
subtype: hostname
subtype: <hostname>
presence: required
content: The proxy server's network address.
- key: ProxyServerPort
+33
View File
@@ -14,6 +14,15 @@ payload:
userchannel: false
userenrollment:
mode: allowed
macOS:
introduced: '13.1'
devicechannel: true
userchannel: true
requiresdep: false
userapprovedmdm: false
allowmanualinstall: true
userenrollment:
mode: allowed
tvOS:
introduced: '16.0'
supervised: false
@@ -68,6 +77,7 @@ payloadkeys:
If 'false', the private key isn't bound to the device.
If 'true', the private key is bound to the device. The Secure Enclave generates the key pair, and the private key is cryptographically entangled with a system key. This prevents the system from exporting the private key.
If 'true', 'KeyType' must be 'ECSECPrimeRandom' and 'KeySize' must be 256 or 384.
On macOS, this key is required but must have a value of 'false'.
- key: Subject
title: Subject
type: <array>
@@ -148,3 +158,26 @@ payloadkeys:
content: |-
If 'true', the device provides attestations describing the device and the generated key to the ACME server. The server can use the attestations as strong evidence that the key is bound to the device, and that the device has properties listed in the attestation. The server can use that as part of a trust score to decide whether to issue the requested certificate.
When 'Attest' is 'true', 'HardwareBound' must also be 'true'.
On macOS, this key, if present, must have a value of 'false'.
- key: KeyIsExtractable
supportedOS:
iOS:
introduced: n/a
tvOS:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: Whether the private key of the identity obtained via SCEP should be tagged
as "non-extractable" in the keychain.
- key: AllowAllAppsAccess
title: Allow All Apps Access
supportedOS:
iOS:
introduced: n/a
tvOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: If true, all apps have access to the private key.
@@ -38,7 +38,7 @@ payloadkeys:
- Label
- LabelPrefix
- TeamIdentifier
content: The type of comparision to make.
content: The type of comparison to make.
- key: RuleValue
title: Rule Value
type: <string>
@@ -50,3 +50,9 @@ payloadkeys:
type: <string>
presence: optional
content: An optional description of the rule.
- key: TeamIdentifier
title: Team Identifier
type: <string>
presence: optional
content: An additional constraint to limit the scope of the rule that is tested
after matching the RuleType/RuleValue.
@@ -51,7 +51,7 @@ payloadkeys:
- key: ANY
type: <array>
presence: optional
content: The kernal extension data.
content: The kernel extension data.
subkeys:
- key: AllowedKernelExtensionsItems
type: <string>
@@ -149,19 +149,3 @@ payloadkeys:
type: <string>
presence: required
content: An SMB domain.
- key: VPN
title: VPN
type: <dictionary>
presence: optional
content: A dictionary with additional VPN settings.
subkeys:
- key: ProviderType
type: <string>
presence: optional
rangelist:
- packet-tunnel
- app-proxy
default: app-proxy
content: The type of VPN service. If it is 'app-proxy', the service will tunnel
traffic at the application level. If it is 'packet-tunnel', the service will
tunnel traffic at the IP layer.
+30
View File
@@ -739,6 +739,36 @@ payloadkeys:
type: <string>
presence: optional
content: The password used for authentication.
- key: OnDemandEnabled
title: Enable VPN On Demand
type: <integer>
presence: optional
rangelist:
- 0
- 1
default: 0
content: If 1, VPN is brought up on demand.
- key: OnDemandUserOverrideDisabled
title: Prevent users from toggling VPN On Demand
supportedOS:
iOS:
introduced: '14.0'
macOS:
introduced: n/a
type: <integer>
presence: optional
rangelist:
- 0
- 1
default: 0
content: If 1, the Connect On Demand toggle in Settings is disabled for this configuration.
- key: OnDemandRules
title: On Demand Rules
type: <array>
presence: optional
content: Determines when and how an OnDemand VPN should be used.
subkeytype: OnDemandRulesElement
subkeys: *id004
- key: DeadPeerDetectionRate
title: Dead Peer Detection Rate
type: <string>
+1 -1
View File
@@ -44,7 +44,7 @@ payloadkeys:
- key: URL
title: URL
type: <string>
subtype: url
subtype: <url>
presence: required
content: The URL that the web clip should open when clicked. If the URL doesn't
begin with 'HTTP' or 'HTTPS', it doesn't work.
@@ -197,14 +197,16 @@ payloadkeys:
introduced: n/a
type: <boolean>
presence: optional
default: true
content: If 'true', enables the filtering of WebKit traffic.
default: false
content: If 'true', enables the filtering of WebKit traffic. Either 'FilterBrowsers'
or 'FilterSockets' must be 'true'.
- key: FilterSockets
title: FilterSockets
type: <boolean>
presence: optional
default: true
content: If 'true', enables the filtering of socket traffic.
default: false
content: If 'true', enables the filtering of socket traffic. Either 'FilterBrowsers'
or 'FilterSockets' must be 'true'.
- key: FilterDataProviderDesignatedRequirement
title: Filter Data Provider Designated Requirement
supportedOS:
@@ -238,11 +240,11 @@ payloadkeys:
introduced: '10.15'
type: <boolean>
presence: optional
default: true
default: false
content: |-
If this value is 'true', the property enables the filtering of network packets.
Either 'FilterPackets' or 'FilterSockets' must be 'true' for the filter to have an effect.
You can use this when 'FilterType' is 'Plugin'.
Either 'FilterPackets' or 'FilterSockets' must be 'true'.
You can only use this when 'FilterType' is 'Plugin'.
Available in macOS 10.15 and later.
- key: FilterPacketProviderDesignatedRequirement
title: Filter Packet Provider Designated Requirement
+1 -1
View File
@@ -107,7 +107,7 @@ payloadkeys:
presence: required
content: Must be a string with a length greater than one character. (internal
only can not be the bundle identifier of a system application. Must be a
profile validated application if the bundle identifer matches that of an
profile validated application if the bundle identifier matches that of an
existing application)
- key: bundle-version
title: The bundle version
-13
View File
@@ -401,19 +401,6 @@ payloadkeys:
presence: optional
content: 'Skips the “Where is this Apple TV?” screen in tvOS. Availability: tvOS
11.4+.'
- key: UnlockWithWatch
title: Skips Unlock with Apple Watch pane
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '12.0'
tvOS:
introduced: n/a
type: <string>
presence: optional
content: 'Skips Unlock Your Mac with your Apple Watch pane. Availability: macOS
12+.'
- key: UpdateCompleted
title: Skips Software Update Complete pane
supportedOS: