Configuration Profiles

New Restrictions in iOS 9 — with sample Configuration Profiles

No votes yet

iOS 9 contains many new restrictions, especially for devices supervised by GroundControl, Configurator, and DEP.

Over at GroundControl's web site, I've posted a list of the new restrictions, plus sample configuration profiles for each. Want to lock the device name or wallpaper? Prevent the device passcode from being set or being changed? These are for you.

A few of the MDM providers will be ready on day 1, but if your on-prem solution may take some time to update, then you may use these files to bridge the gap.

Enjoy!

iOS 8.3 Configuration Profile additions (and one removal)

Your rating: None (2 votes)

So far, Apple's hasn't updated the Configuration Profile Reference for iOS 8.3. But we did a diff on Configurator-generated restrictions, and here is what we found:

'New to iOS 8.3

  • forceWatchWristDetection
  • allowFingerprintModification (Supervised only)

Removed from iOS 8.3

  • allowYouTube

If we figure out more we'll let you know.

From the horse's mouth: Apple posts pre-release iOS 8 Configuration Profile Reference

Your rating: None (6 votes)

It seems Apple has made the prerelease Configuration Profile Key Reference available to the public. This the technical documentation for much of the iOS and Mac enterprise management capabilities Apple makes available via MDM vendors, Configurator, etc. (The other main document, the MDM Protocol Reference, remains behind the developer site authentication wall.)

I've done a diff with the documentation for iOS 7, and here are the highlights. Remember, this is prerelease and may change before release.

  • SMIMEEnablePerMessageSwitch (Email Payload): Optional. If set to true, enable the per-message signing and encryption switch. Defaults to false.
  • allowManagedAppsCloudSync (Restrictions Payload): Optional. If set to false, prevents managed applications from using cloud sync.
  • allowEraseContentAndSettings (Restrictions Payload): Supervised only. If set to false, disables the “Erase All Content And Settings” option in the Reset UI.
  • allowSpotlightInternetResults (Restrictions Payload): Supervised only. If set to false, Spotlight will not return Internet search results.
  • allowEnablingRestrictions (Restrictions Payload): Supervised only. If set to false, disables the "Enable Restrictions" option in the Restrictions UI in Settings.
  • allowActivityContinuation (Restrictions Payload): If set to false, Activity Continuation will be disabled. Defaults to true.
  • allowEnterpriseBookBackup (Restrictions Payload): If set to false, Enterprise books will not be backed up. Defaults to true.
  • allowEnterpriseBookMetadataSync (Restrictions Payload): If set to false, Enterprise books notes and highlights will not be synced. Defaults to true.
  • EAPFASTUsePAC (WiFi Payload): Clearer fallback rules
  • AlwaysOn VPN
  • IKEv2 VPN
  • Web Content Filter Plugins
  • Managed Domains: New Email domains and Web domains. This payload defines web domains that are under an enterprise’s management.

Apple updates the Configuration Profile Key Reference to include iCloud Keychain

No votes yet

One of the canonical documents for iOS management is Apple's Configuration Profile Key Reference, available to all on Apple's developer site. In honor of OS X Mavericks and iOS 7.0.3 today, Apple has updated the document. The notable change? "Added information about the keychain syncing restriction."

Enjoy.

Recent Activity