mirror of
https://github.com/apple/device-management.git
synced 2026-02-12 12:52:53 +00:00
1128 lines
38 KiB
YAML
1128 lines
38 KiB
YAML
title: Settings Command
|
|
description: This command allows the server to set settings on the device.
|
|
payload:
|
|
requesttype: Settings
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '5.0'
|
|
accessrights: AllowSettings
|
|
supervised: false
|
|
requiresdep: false
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: true
|
|
userenrollment:
|
|
mode: allowed
|
|
macOS:
|
|
introduced: '10.9'
|
|
accessrights: AllowSettings
|
|
devicechannel: true
|
|
userchannel: true
|
|
requiresdep: false
|
|
userenrollment:
|
|
mode: allowed
|
|
tvOS:
|
|
introduced: '6.0'
|
|
accessrights: AllowSettings
|
|
supervised: false
|
|
watchOS:
|
|
introduced: '10.0'
|
|
accessrights: AllowSettings
|
|
supervised: false
|
|
content: This command allows the server to set settings on the device. These settings
|
|
take effect on a one-time basis. The user may still be able to change the settings
|
|
at a later time. This command requires the ApplySettings right.
|
|
payloadkeys:
|
|
- key: Settings
|
|
type: <array>
|
|
presence: required
|
|
content: An array of dictionaries that contains the settings.
|
|
subkeys:
|
|
- key: Wallpaper
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '8.0'
|
|
supervised: true
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains wallpaper settings. This setting doesn't support
|
|
User Enrollment, and is available in iOS 8 and later. Starting from iOS 16.0
|
|
& iPadOS 17.0, when the wallpaper is set for the first time, both location will
|
|
be updated. After that either location can be set separately.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- Wallpaper
|
|
content: A string that identifies this setting.
|
|
- key: Image
|
|
type: <data>
|
|
presence: required
|
|
content: A Base64-encoded image in either PNG or JPG format to use for wallpaper.
|
|
- key: Where
|
|
type: <integer>
|
|
presence: required
|
|
rangelist:
|
|
- 1
|
|
- 2
|
|
- 3
|
|
content: |-
|
|
A number that indicates where to use the wallpaper, which is one of the following values:
|
|
* '1': Lock screen
|
|
* '2': Home screen
|
|
* '3': Lock and Home screens
|
|
- key: DataRoaming
|
|
supportedOS:
|
|
iOS:
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains data roaming settings. This setting requires
|
|
the Network Information access right, doesn't support User Enrollment, and is
|
|
available in iOS 5 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- DataRoaming
|
|
content: A string that identifies this setting.
|
|
- key: Enabled
|
|
type: <boolean>
|
|
presence: required
|
|
content: If 'true', enable data roaming, which also enables voice roaming. If
|
|
'false', disable data roaming.
|
|
- key: VoiceRoaming
|
|
supportedOS:
|
|
iOS:
|
|
deprecated: '16.0'
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains voice roaming settings. This setting requires
|
|
the Network Information access right, doesn't support User Enrollment, and is
|
|
available in iOS 5 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- VoiceRoaming
|
|
content: A string that identifies this setting.
|
|
- key: Enabled
|
|
type: <boolean>
|
|
presence: required
|
|
content: If 'true', enable voice roaming. If 'false', disable voice roaming,
|
|
which also disables data roaming. The setting is only available for certain
|
|
carriers.
|
|
- key: PersonalHotspot
|
|
supportedOS:
|
|
iOS:
|
|
accessrights: AllowQueryNetworkInformation
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains Personal Hotspot settings. This setting requires
|
|
the Network Information access right, doesn't support User Enrollment, and is
|
|
available in iOS 5 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- PersonalHotspot
|
|
content: A string that identifies this setting.
|
|
- key: Enabled
|
|
type: <boolean>
|
|
presence: required
|
|
content: If 'true', enable Personal Hotspot. If 'false', disable Personal Hotspot.
|
|
- key: Bluetooth
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '11.3'
|
|
supervised: true
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: 10.13.4
|
|
userenrollment:
|
|
mode: forbidden
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains Bluetooth settings. This setting requires
|
|
the Network Information access right, doesn't support User Enrollment, is only
|
|
available on supervised devices, and is available in iOS 11.3 and later, and
|
|
macOS 10.13.4 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- Bluetooth
|
|
content: A string that identifies this setting.
|
|
- key: Enabled
|
|
type: <boolean>
|
|
presence: required
|
|
content: If 'true', enable the Bluetooth setting. If 'false', disable the Bluetooth
|
|
setting.
|
|
- key: ApplicationConfiguration
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '7.0'
|
|
accessrights: AllowAppInstallation
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
macOS:
|
|
introduced: '10.15'
|
|
accessrights: AllowAppInstallation
|
|
userchannel: false
|
|
tvOS:
|
|
introduced: '10.2'
|
|
accessrights: AllowAppInstallation
|
|
watchOS:
|
|
accessrights: AllowAppInstallation
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains the configurations to apply to the app. Omit
|
|
this setting to remove existing configurations. This setting requires the App
|
|
Management access right, supports User Enrollment, and is available in iOS 7
|
|
and later, macOS 10.15 and later, and tvOS 10.2 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- ApplicationConfiguration
|
|
content: A string that identifies this setting.
|
|
- key: Identifier
|
|
type: <string>
|
|
presence: required
|
|
content: |-
|
|
The bundle identifier of the managed app.
|
|
For a watchOS app, the identifier needs to be the watch's bundle identifier, which differs from the main bundle identifier for the iPhone to which the watch is paired. Obtain the watch's bundle identifier for an app with a watch bundle, in the 'watchBundleId' key that's part of the Content Metadata query. For more information on this query, see Getting App and Book Information (Legacy).
|
|
- key: Configuration
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains the configurations to apply to the app.
|
|
Omit this setting to remove existing configurations.
|
|
subkeys:
|
|
- key: ANY
|
|
type: <any>
|
|
presence: optional
|
|
content: A dictionary that contains configurations.
|
|
- key: ApplicationAttributes
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '7.0'
|
|
accessrights: AllowAppInstallation
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: '10.2'
|
|
accessrights: AllowAppInstallation
|
|
watchOS:
|
|
accessrights: AllowAppInstallation
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains the attributes to apply to the app. Omit this
|
|
setting to remove existing attributes. This setting supports User Enrollment,
|
|
is available in iOS 7 and later, and tvOS 10.2 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- ApplicationAttributes
|
|
content: A string that identifies this setting.
|
|
- key: Identifier
|
|
type: <string>
|
|
presence: required
|
|
content: |-
|
|
The bundle identifier of the app.
|
|
For a watchOS app, the identifier needs to be the watch's bundle identifier, which differs from the main bundle identifier for the iPhone to which the watch is paired. Obtain the watch's bundle identifier for an app with a watch bundle, in the 'watchBundleId' key that's part of the Content Metadata query. For more information on this query, see Getting App and Book Information (Legacy).
|
|
- key: Attributes
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains the attributes to apply to the app. Omit
|
|
this setting to remove existing attributes. This setting is available in iOS
|
|
7 and later, and tvOS 10.2 and later.
|
|
subkeys:
|
|
- key: VPNUUID
|
|
supportedOS:
|
|
tvOS:
|
|
introduced: n/a
|
|
type: <string>
|
|
presence: optional
|
|
content: A per-app VPN unique identifier for this app. Available in iOS 7
|
|
and later.
|
|
- key: ContentFilterUUID
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.0'
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <string>
|
|
presence: optional
|
|
content: The content filter UUID for this app. Available in iOS 16 and later.
|
|
- key: DNSProxyUUID
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.0'
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <string>
|
|
presence: optional
|
|
content: The DNS proxy UUID for this app. Available in iOS 16 and later.
|
|
- key: RelayUUID
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '17.0'
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <string>
|
|
presence: optional
|
|
content: The relay UUID for this app. Available in iOS 17 and later.
|
|
- key: AssociatedDomains
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '13.0'
|
|
tvOS:
|
|
introduced: n/a
|
|
type: <array>
|
|
presence: optional
|
|
content: An array that contains the associated domains to add to this app.
|
|
Available in iOS 7 and later.
|
|
subkeys:
|
|
- key: AssociatedDomain
|
|
type: <string>
|
|
- key: AssociatedDomainsEnableDirectDownloads
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '14.0'
|
|
tvOS:
|
|
introduced: n/a
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', perform claimed site association verification directly
|
|
at the domain, instead of on Apple's servers. Only set this to 'true' for
|
|
domains that can't access the internet. Available in iOS 14 and later.
|
|
- key: Removable
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '14.0'
|
|
tvOS:
|
|
introduced: '14.0'
|
|
type: <boolean>
|
|
presence: optional
|
|
default: true
|
|
content: If 'false', this app isn't removable while it's managed. Available
|
|
in iOS 14 and later, and tvOS 14 and later.
|
|
- key: TapToPayScreenLock
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.4'
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: |-
|
|
If true, the system require Tap to Pay on iPhone users to use Face ID or a passcode to unlock their device after every transaction that requires a customer's card PIN. If 'false', the user can configure this setting on their device.
|
|
Available in iOS 16.4 and later.
|
|
- key: CellularSliceUUID
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '17.0'
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <string>
|
|
presence: optional
|
|
content: |-
|
|
The data network name (DNN) or app category. For DNN, the value is 'DNN:name', where 'name' is the carrier provided DNN name. For app category, the value is 'AppCategory:category', where 'category' is a carrier provided string like “Enterprise1”'.'
|
|
Available in iOS 17 and later.
|
|
- key: DeviceName
|
|
supportedOS:
|
|
iOS:
|
|
supervised: true
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: '10.10'
|
|
userenrollment:
|
|
mode: forbidden
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains device name settings. This setting doesn't
|
|
support User Enrollment, and is only available on supervised devices. Available
|
|
on iOS 5 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- DeviceName
|
|
content: A string that identifies this setting.
|
|
- key: DeviceName
|
|
type: <string>
|
|
presence: required
|
|
content: The device's name.
|
|
- key: HostName
|
|
supportedOS:
|
|
iOS:
|
|
introduced: n/a
|
|
macOS:
|
|
introduced: '10.11'
|
|
userenrollment:
|
|
mode: forbidden
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains hostname settings. This setting doesn't support
|
|
User Enrollment, and is available in macOS 10.11 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- HostName
|
|
content: The string that defines this setting type.
|
|
- key: HostName
|
|
type: <string>
|
|
presence: required
|
|
content: The hostname for the device.
|
|
- key: OrganizationInfo
|
|
supportedOS:
|
|
iOS:
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
macOS:
|
|
introduced: '10.9'
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains settings about the organization operating
|
|
the MDM server. This setting supports User Enrollment. Available in iOS 5 and
|
|
later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- OrganizationInfo
|
|
content: The string that defines this setting type.
|
|
- key: OrganizationInfo
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains information about the organization operating
|
|
the MDM server. Omit this setting to remove existing information.
|
|
subkeys:
|
|
- key: OrganizationName
|
|
type: <string>
|
|
presence: required
|
|
content: A string that describes the organization operating the MDM server
|
|
for display to the user during certain operations, such as purchasing or
|
|
installing apps.
|
|
- key: OrganizationShortName
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '13.0'
|
|
macOS:
|
|
introduced: '10.15'
|
|
tvOS:
|
|
introduced: '13.0'
|
|
type: <string>
|
|
presence: optional
|
|
content: A shorter version of 'OrganizationName', preferably a single word
|
|
or abbreviation, suitable for display to the user in places where a very
|
|
short name is necessary.
|
|
- key: OrganizationAddress
|
|
type: <string>
|
|
presence: optional
|
|
content: The organization's address. Use the LF character ('
') to insert
|
|
line breaks.
|
|
- key: OrganizationPhone
|
|
type: <string>
|
|
presence: optional
|
|
content: The organization's phone number.
|
|
- key: OrganizationEmail
|
|
type: <string>
|
|
presence: optional
|
|
content: The organization's support email address.
|
|
- key: OrganizationMagic
|
|
type: <string>
|
|
presence: optional
|
|
content: A unique identifier for the various services a single organization
|
|
manages.
|
|
- key: MDMOptions
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '7.0'
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
macOS:
|
|
introduced: '10.15'
|
|
userenrollment:
|
|
mode: forbidden
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains settings related to the MDM protocol. This
|
|
setting doesn't support User Enrollment, and is available in iOS 7 and later,
|
|
and macOS 10.15 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- MDMOptions
|
|
content: The string that defines this setting type.
|
|
- key: MDMOptions
|
|
type: <dictionary>
|
|
presence: required
|
|
content: A dictionary of MDM options.
|
|
subkeys:
|
|
- key: ActivationLockAllowedWhileSupervised
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', a supervised device registers itself with Activation Lock
|
|
when the user enables Find My. This setting is available for supervised
|
|
devices in iOS 7 and later, and macOS 10.15 and later.
|
|
- key: BootstrapTokenAllowed
|
|
supportedOS:
|
|
iOS:
|
|
introduced: n/a
|
|
macOS:
|
|
introduced: '10.15'
|
|
deprecated: '11.0'
|
|
userenrollment:
|
|
mode: forbidden
|
|
tvOS:
|
|
introduced: n/a
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the server supports the Bootstrap Token commands.
|
|
- key: PromptUserToAllowBootstrapTokenForAuthentication
|
|
supportedOS:
|
|
iOS:
|
|
introduced: n/a
|
|
macOS:
|
|
introduced: '11.0'
|
|
tvOS:
|
|
introduced: n/a
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', warn the user that they need to reboot into RecoveryOS
|
|
and allow the MDM server to use the Bootstrap Token for authentication for
|
|
certain sensitive operations; for example, enabling kernel extensions or
|
|
installing certain types of software updates. Set this value to 'false'
|
|
if your MDM server doesn't need to perform these operations. The value provided
|
|
here overrides the value specified in MDM, and only applies when 'BootstrapTokenAllowedForAuthentication'
|
|
is 'true' in the SecurityInfoResponse.SecurityInfo response. This value
|
|
is available for Apple silicon in macOS 11 and later.
|
|
- key: MaximumResidentUsers
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '9.3'
|
|
deprecated: '13.4'
|
|
sharedipad:
|
|
mode: required
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains settings for maximum resident users. Apple
|
|
deprecated this setting in iOS 13.4. Use 'SharedDeviceConfiguration' instead.
|
|
This setting doesn't support User Enrollment, and is only available for Shared
|
|
iPad.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- MaximumResidentUsers
|
|
content: A string that identifies this setting.
|
|
- key: MaximumResidentUsers
|
|
type: <integer>
|
|
presence: required
|
|
content: |-
|
|
The maximum number of users that can use the device. If this value is greater than the value for the maximum possible number of users that the device supports, the MDM server uses that value instead.
|
|
This setting requires that the device is in the 'AwaitingConfiguration' phase before it receives the DeviceConfigured <https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/3-MDM_Protocol/MDM_Protocol.html#//apple_ref/doc/uid/TP40017387-CH3-SW301> message.
|
|
When a device reaches the maximum number of resident users and a new user tries to sign in, the MDM server removes a synchronized user to make space for the new user. If there are no synchronized users, the new user sign-in fails. A synchronized user is a user that has completed syncing their data.
|
|
- key: SharedDeviceConfiguration
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '13.4'
|
|
sharedipad:
|
|
mode: required
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains shared device configuration settings. This
|
|
setting doesn't support User Enrollment, and is available in iOS 13.4 and later
|
|
for Shared iPad.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- SharedDeviceConfiguration
|
|
content: A string that identifies this setting.
|
|
- key: QuotaSize
|
|
type: <integer>
|
|
presence: optional
|
|
content: The quota size, in megabytes (MB), for each user on the shared device,
|
|
or if the quota size is too small, the minimum quota size.
|
|
- key: ResidentUsers
|
|
type: <integer>
|
|
presence: optional
|
|
content: The expected number of users. If this value is greater than the value
|
|
for the maximum possible number of users that the device supports, the MDM
|
|
server uses that value instead.
|
|
- key: UserSessionTimeout
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '14.5'
|
|
type: <integer>
|
|
presence: optional
|
|
content: |-
|
|
The timeout, in seconds, for the user session. The user session logs out automatically after the specified period of inactivity. The minimum value is 30 seconds. Setting this value to '0' removes the timeout.
|
|
Available in iOS 14.5 and later.
|
|
- key: TemporarySessionTimeout
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '14.5'
|
|
type: <integer>
|
|
presence: optional
|
|
content: |-
|
|
The timeout, in seconds, for the temporary session. The temporary session logs out automatically after the specified period of inactivity. The minimum value is 30 seconds. Setting this value to '0' removes the timeout.
|
|
Available in iOS 14.5 and later.
|
|
- key: TemporarySessionOnly
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '14.5'
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: |-
|
|
If 'true', the user only sees the Guest Welcome pane and can only log in as a guest user.
|
|
If 'false', the user can sign in with a managed Apple ID (the existing behavior).
|
|
Available in iOS 14.5 and later.
|
|
- key: ManagedAppleIDDefaultDomains
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.0'
|
|
type: <array>
|
|
presence: optional
|
|
content: |-
|
|
A list of domains that the Shared iPad login screen displays. The user can pick a domain from the list to complete their Managed Apple ID.
|
|
If this list contains more than 3 domains, the system picks 3 at random for display. Available in iOS 16 and later.
|
|
subkeys:
|
|
- key: AppleID domain
|
|
type: <string>
|
|
- key: OnlineAuthenticationGracePeriod
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.0'
|
|
type: <integer>
|
|
presence: optional
|
|
content: |-
|
|
A grace period (in days) for Shared iPad online authentication. The Shared iPad only verifies the user's passcode locally during login for users that already exist on the device. However, the system requires an online authentication (against Apple's identity server) after the number of days specified by this setting.
|
|
Setting this value to 0 enforces online authentication every time.
|
|
Available in iOS 16 and later.
|
|
- key: SkipLanguageAndLocaleSetupForNewUsers
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.2'
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: |-
|
|
If 'true', the system picks the system language and locale automatically for the new Shared iPad user.
|
|
Available in iOS 16.2 and later.
|
|
- key: AwaitUserConfiguration
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '17.0'
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: |-
|
|
If enabled, the Shared iPad device enters Setup Assistant after the user triggers a login. The MDM server has a chance to configure the device and user. After configuration, a UserConfiguredCommand needs be sent to the user channel to unblock the login. This feature requires the device to have network access during the login process.
|
|
Available in iOS 17 and later.
|
|
subkeys:
|
|
- key: Enabled
|
|
type: <boolean>
|
|
presence: required
|
|
content: If 'true', the device stops at a Setup Assistant pane after user
|
|
login. The user won't be able to use the device until a UserConfiguredCommand
|
|
command is received.
|
|
- key: PasscodePolicy
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '17.0'
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains passcode related policies.
|
|
subkeys:
|
|
- key: PasscodeLockGracePeriod
|
|
type: <integer>
|
|
presence: optional
|
|
rangelist:
|
|
- 0
|
|
- 60
|
|
- 300
|
|
- 900
|
|
- 3600
|
|
- 14400
|
|
content: Sets the user preference for the amount of time (in seconds) the
|
|
screen must be locked before unlock attempts will require the device passcode.
|
|
This should ideally be set when no passcode is set on device. If a passcode
|
|
is on device, only more restrictive values than the currently enforced passcode
|
|
lock grace period will take effect; any changes to a less restrictive value
|
|
will not take effect until the user logs out. This setting will not take
|
|
effect if TemporarySessionOnly is set to true (since there is no passcode
|
|
for the temporary session). This setting can only be applied on Shared iPads.
|
|
devpubs-override: The number of seconds before a locked screen requires the
|
|
user to enter the device passcode to unlock it. The minimum value is '0'
|
|
seconds and the maximum value is '14400' seconds. If a device has a passcode,
|
|
a change to a larger value doesn't take effect until the user logs out or
|
|
removes the passcode. For this reason, it's better to set this value before
|
|
the user sets a passcode. If the value set is less than one of the known
|
|
values the next lowest value will be used. For example a value of 299 will
|
|
result in an effective setting of 60.
|
|
- key: AutoLockTime
|
|
type: <integer>
|
|
presence: optional
|
|
content: Sets the user preference for the amount of time (in seconds) before
|
|
a device goes to sleep after being idle. The minimum value for this setting
|
|
is 120 seconds. This setting can only be applied on Shared iPad.
|
|
- key: DiagnosticSubmission
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '9.3'
|
|
sharedipad:
|
|
mode: required
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains diagnostic submission settings. This setting
|
|
doesn't support User Enrollment, and is only available for Shared iPad. Available
|
|
in iOS 9.3 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- DiagnosticSubmission
|
|
content: The string that defines this setting type.
|
|
- key: Enabled
|
|
type: <boolean>
|
|
presence: required
|
|
content: If 'true', enables diagnostic submission. If 'false', disables diagnostic
|
|
submission.
|
|
- key: AppAnalytics
|
|
supportedOS:
|
|
iOS:
|
|
introduced: 9.3.2
|
|
sharedipad:
|
|
mode: required
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains settings for sharing app analytics. This setting
|
|
doesn't support User Enrollment, and is only available for Shared iPad. Available
|
|
in iOS 9.3.2 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- AppAnalytics
|
|
content: A string that identifies this setting.
|
|
- key: Enabled
|
|
type: <boolean>
|
|
presence: required
|
|
content: If 'true', enable sharing app analytics with app developers. If 'false',
|
|
disable sharing app analytics.
|
|
- key: PasscodeLockGracePeriod
|
|
supportedOS:
|
|
iOS:
|
|
introduced: 9.3.2
|
|
deprecated: '17.0'
|
|
sharedipad:
|
|
mode: required
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains password lock grace period settings. This
|
|
setting doesn't support User Enrollment, and is only available for Shared iPad.
|
|
Available in iOS 9.3.2 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- PasscodeLockGracePeriod
|
|
content: A string that identifies this setting.
|
|
- key: PasscodeLockGracePeriod
|
|
type: <integer>
|
|
presence: required
|
|
rangelist:
|
|
- 0
|
|
- 60
|
|
- 300
|
|
- 900
|
|
- 3600
|
|
- 14400
|
|
content: The number of seconds before a locked screen requires the user to enter
|
|
the device passcode to unlock it. The minimum value is '0' seconds and the
|
|
maximum value is '14400' seconds. If a device has a passcode, a change to
|
|
a larger value doesn't take effect until the user logs out or removes the
|
|
passcode. For this reason, it's better to set this value before the user sets
|
|
a passcode. If the value set is less than one of the known values the next
|
|
lowest value will be used. For example a value of 299 will result in an effective
|
|
setting of 60.
|
|
- key: TimeZone
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '14.0'
|
|
supervised: true
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: '14.0'
|
|
supervised: true
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains time zone settings. This setting is only available
|
|
on supervised devices and doesn't support User Enrollment. Available in iOS
|
|
14 and later, and tvOS 14 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- TimeZone
|
|
content: A string that identifies this setting.
|
|
- key: TimeZone
|
|
type: <string>
|
|
presence: required
|
|
content: |-
|
|
The Internet Assigned Numbers Authority (IANA) time zone database name.
|
|
If the 'forceAutomaticDateAndTime' restriction is set in Restrictions, this setting fails with an error. Otherwise, setting this value disables automatic time zone logic. The user is still be able to change the timezone; for example, by turning automatic date and time back on. The intention is to allow setting the timezone when automatic determination isn't be available, such as when Location Services are off.
|
|
- key: SoftwareUpdateSettings
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '14.5'
|
|
supervised: true
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: true
|
|
userchannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains software update settings. This setting doesn't
|
|
support User Enrollment, and is available in iOS 14.5 and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- SoftwareUpdateSettings
|
|
content: A string that represents the type of updates that should appear in
|
|
the Software Update pane in Settings. Supervised only.
|
|
- key: RecommendationCadence
|
|
type: <integer>
|
|
presence: required
|
|
rangelist:
|
|
- 0
|
|
- 1
|
|
- 2
|
|
content: |-
|
|
This value defines how the system presents software updates to the user. When there's more than one available update for the user, the system behaves as follows:
|
|
* '0': Presents both options to the user.
|
|
* '1': Presents the lower numbered (oldest) software update version.
|
|
* '2': Presents only the highest numbered (most recent) release available for the device.
|
|
This value has no effect when there's only one available update; the system shows the single available update to the user regardless of the value of this setting.
|
|
Available in iOS 14.5 and later.
|
|
- key: AccessibilitySettings
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.0'
|
|
supervised: true
|
|
sharedipad:
|
|
mode: allowed
|
|
devicechannel: false
|
|
userenrollment:
|
|
mode: forbidden
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
watchOS:
|
|
supervised: true
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that contains accessibility settings. Available in iOS 16
|
|
and later.
|
|
subkeys:
|
|
- key: Item
|
|
type: <string>
|
|
presence: required
|
|
rangelist:
|
|
- AccessibilitySettings
|
|
content: Sets various accessibility settings. The system allows only keys with
|
|
explicitly provided values.
|
|
- key: BoldTextEnabled
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables bold text.
|
|
- key: IncreaseContrastEnabled
|
|
supportedOS:
|
|
watchOS:
|
|
introduced: n/a
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables increase contrast.
|
|
- key: ReduceMotionEnabled
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables reduced motion.
|
|
- key: ReduceTransparencyEnabled
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables reduced transparency.
|
|
- key: TextSize
|
|
type: <integer>
|
|
presence: optional
|
|
rangelist:
|
|
- 0
|
|
- 1
|
|
- 2
|
|
- 3
|
|
- 4
|
|
- 5
|
|
- 6
|
|
- 7
|
|
- 8
|
|
- 9
|
|
- 10
|
|
- 11
|
|
default: 4
|
|
content: The accessibility text size apps that support dynamic text use. '0'
|
|
is the smallest value, and '11' is the largest available.
|
|
- key: TouchAccommodationsEnabled
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables touch accommodations.
|
|
- key: VoiceOverEnabled
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables voiceover.
|
|
- key: ZoomEnabled
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables zoom.
|
|
- key: GrayscaleEnabled
|
|
supportedOS:
|
|
iOS:
|
|
introduced: n/a
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If 'true', the system enables grayscale display.
|
|
responsekeys:
|
|
- key: Settings
|
|
type: <dictionary>
|
|
presence: optional
|
|
content: A dictionary that describes the results of configuring settings.
|
|
subkeys:
|
|
- key: Status
|
|
type: <string>
|
|
presence: required
|
|
content: |-
|
|
The status of the setting, which is one of the following values:
|
|
* 'Acknowledged': The device processed the command successfully.
|
|
* 'Error': An error occurred. See the 'ErrorChain' for more details.
|
|
- key: ErrorChain
|
|
type: <array>
|
|
presence: optional
|
|
content: An array of dictionaries that describes any errors that occurred.
|
|
subkeys:
|
|
- key: ErrorChainItem
|
|
type: <dictionary>
|
|
subkeys:
|
|
- key: ANY
|
|
type: <any>
|
|
presence: required
|
|
content: A dictionary that contains additional details about the error.
|
|
- key: Identifier
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '7.0'
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: '10.2'
|
|
type: <string>
|
|
presence: optional
|
|
content: |-
|
|
The app identifier to which this error applies.
|
|
For a watchOS app, the identifier is the watch's bundle identifier, which differs from the main bundle identifier for the iPhone to which the watch is paired.
|