CalvinBackup/apple_device-management
1
0
Fork 0
mirror of https://github.com/apple/device-management.git synced 2026-02-12 21:03:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f44981aed0b733dea488bc65ea04ef61263ca00a
apple_device-management/mdm/profiles/TopLevel.yaml
Cyrus Daboo 72c2a0a69f Release_iOS-17-0_macOS-14-0
2023-09-14 17:37:41 -04:00

207 lines
7.1 KiB
YAML
Raw Blame History

title: Top Level
description: ''
payload:
payloadtype: TopLevel
supportedOS:
iOS:
introduced: '4.0'
multiple: false
supervised: false
allowmanualinstall: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: true
userenrollment:
mode: allowed
macOS:
introduced: '10.7'
multiple: false
devicechannel: true
userchannel: true
requiresdep: false
userapprovedmdm: false
allowmanualinstall: true
userenrollment:
mode: allowed
tvOS:
introduced: '5.0'
multiple: false
supervised: false
allowmanualinstall: true
watchOS:
introduced: '1.0'
multiple: false
allowmanualinstall: true
payloadkeys:
- key: PayloadIdentifier
type: <string>
presence: required
content: The reverse-DNS style identifier ('com.example.myprofile', for example)
that identifies the profile. This string is used to determine whether a new profile
should replace an existing one or should be added.
- key: PayloadUUID
type: <string>
presence: required
content: The globally unique identifier for the profile. The actual content is unimportant.
In macOS, you can use 'uuidgen' to generate reasonable UUIDs.
- key: PayloadType
type: <string>
presence: required
rangelist:
- Configuration
content: The type of payload. The only supported value is 'Configuration'.
- key: PayloadVersion
type: <integer>
presence: required
rangelist:
- 1
content: The version number of the profile format. This number represents the version
of the configuration profile as a whole, not of the individual profiles within
it. The value should be 1.
- key: IsEncrypted
type: <boolean>
presence: optional
default: false
content: Set to 'true' if the profile is encrypted.
- key: PayloadContent
type: <array>
presence: required
content: The array of payload dictionaries. If 'IsEncrypted' is 'true', this array
isn't needed.
subkeys:
- key: PayloadContentItem
type: <dictionary>
subkeys:
- key: ANY
type: <any>
presence: required
content: A payload item as defined by each payload type.
- key: EncryptedPayloadContent
type: <data>
presence: optional
content: Enabled if 'IsEncrypted' is 'true'.
- key: PayloadDescription
type: <string>
presence: optional
content: The description of the profile, shown on the Detail screen for the profile.
This description should be detailed enough to help the user decide whether to
install the profile.
- key: PayloadDisplayName
type: <string>
presence: optional
content: The human-readable name for the profile. This value is displayed on the
Detail screen. It doesn't have to be unique.
- key: HasRemovalPasscode
type: <boolean>
presence: optional
default: false
content: Set to 'true' if there is a removal passcode.
- key: PayloadOrganization
type: <string>
presence: optional
content: The human-readable string containing the name of the organization that
provided the profile.
- key: PayloadRemovalDisallowed
supportedOS:
iOS:
supervised: true
userenrollment:
mode: forbidden
tvOS:
supervised: true
watchOS:
introduced: n/a
type: <boolean>
presence: optional
default: false
content: |-
If present and set to 'true', the user can't delete the profile (unless the profile has a removal password and the user provides it).
On macOS, as of 10.15, this key only affects removal of manually installed profiles. If set to 'true' and no profile removal payload is present, removing the profile requires admin auth.
On macOS versions prior to 10.15, this key would prevent admins from removing MDM installed profiles but as of macOS 10.15, users can never remove MDM profiles, not even the admin.
Requires a supervised device.
- key: PayloadScope
supportedOS:
macOS:
introduced: '10.8'
type: <string>
presence: optional
rangelist:
- System
- User
content: A string that defines whether the profile should be installed for the system
or the user. In many cases, it determines the location of certificate items, such
as keychains. Though it isn't possible to declare different payload scopes, payloads,
like VPN, may automatically install their items in both scopes, if needed.
- key: RemovalDate
type: <date>
presence: optional
content: The date when the profile is automatically removed.
- key: DurationUntilRemoval
type: <real>
presence: optional
content: The number of seconds until the profile is automatically removed. If the
'RemovalDate' key is present, whichever field yields the earliest date is used.
- key: PayloadExpirationDate
supportedOS:
watchOS:
introduced: n/a
type: <date>
presence: optional
content: The date when a profile is no longer valid and an update button is presented
to the user.
- key: TargetDeviceType
supportedOS:
iOS:
introduced: '12.2'
macOS:
introduced: '10.15'
tvOS:
introduced: '12.2'
watchOS:
introduced: '5.2'
type: <integer>
presence: optional
rangelist:
- 0
- 1
- 2
- 3
- 4
- 5
default: 0
content: |-
The type of platform of the target device. Specifying the platform type helps prevent unintended installations.
For interactive installations on iOS devices, specifying a target platform avoids the interstitial alerts that prompt the user to choose a profile target when multiple targets are eligible.
0 = Any/unspecified
1 = iPhone/iPad/iPod Touch
2 = Apple Watch
3 = HomePod
4 = Apple TV
5 = Mac
- key: ConsentText
type: <dictionary>
presence: optional
content: |-
A dictionary containing a key that consists of the IETF BCP 47 identifier for a language (for example, en or jp) and a value consisting of the agreement localized to that language. The agreement is displayed in a dialog, and the user must agree before installing the profile.
The dictionary can also contain an optional key, 'default', with its value consisting of the unlocalized (usually in en) agreement.
The system chooses a localized version in the order of preference specified by the user (macOS) or based on the user's current language setting (iOS). If no exact match is found, the default localization is used. If there is no default localization, the en localization is used. If there is no en localization, the first available localization is used.
Provide a default value, if possible. No warning is displayed if the user's locale doesn't match any localization in the 'ConsentText' dictionary.
subkeys:
- key: ConsentTextItem
type: <dictionary>
presence: required
content: The dictionary containing a key that consists of the IETF BCP 47 identifier
for a language (for example, en or jp) and a value that consists of the agreement
localized to that language.
subkeys:
- key: ANY
type: <string>
presence: required
content: The key consisting of the IETF BCP 47 identifier for a language (for
example, en or jp) and the value consisting of the agreement localized to
that language.
Reference in New Issue View Git Blame Copy Permalink