MDM payload list for Mac computers
Payload settings for only Mac computers are detailed in the table below, which contains the following columns. Before you review the table below, understand what each column contains.
Supported payload name and identifiers: This column notes name of the payload and the identifiers. If you’re using a third-party mobile device management (MDM) solution, the payload name may be different, but the identifiers should be the same.
Supported enrollment types: User Enrollment, Device Enrollment, and Automated Device Enrollment. For more information, see Intro to Apple device enrollment types.
Duplicates allowed: This column notes whether one specified payload (False) or more than one specified payload (True) can be delivered to a user or device. For example, you can add more than one Subscribed Calendars payload to a single configuration profile. This allows you to subscribe the user to, in this case, more than one calendar.
Note: Not all payloads and their respective settings are available in all MDM solutions. To learn which MDM payloads are available for your devices, consult your MDM vendor’s documentation.
Payload and identifiers | Supported enrollment type | Duplicates allowed | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
com.apple.universalaccess | Device Automated Device | False | |||||||||
com.apple.ADCertificate.managed | User Device Automated Device | True | |||||||||
com.apple.airplay | User Device Automated Device | True | |||||||||
com.apple.airprint | User Device Automated Device | True | |||||||||
com.apple.vpn.managed.applayer | User Device Automated Device | False | |||||||||
com.apple.associated-domains | User Device Automated Device | True | |||||||||
Automated Certificate Management Environment (ACME) com.apple.security.acme | User Device Automated Device | True | |||||||||
com.apple.asam | Device Automated Device | False | |||||||||
com.apple.caldav.account | User Device Automated Device | True | |||||||||
com.apple.security.certificatepreference | User Device Automated Device | True | |||||||||
com.apple.security.certificatetransparency | User Device Automated Device | True | |||||||||
com.apple.security.pem com.apple.security.pkcs1 com.apple.security.pkcs12 com.apple.security.root | User Device Automated Device | True | |||||||||
com.apple.carddav.account | User Device Automated Device | True | |||||||||
com.apple.AssetCache.managed | Device Automated Device | False | |||||||||
com.apple.DirectoryService.managed | User Device Automated Device | True | |||||||||
com.apple.dnsSettings.managed | Device Automated Device | True | |||||||||
com.apple.dock | Device Automated Device | False | |||||||||
com.apple.domains | Device Automated Device | False | |||||||||
com.apple.MCX | Device Automated Device | True | |||||||||
com.apple.globalethernet.managed com.apple.firstactiveethernet.managed com.apple.firstethernet.managed com.apple.secondactiveethernet.managed com.apple.secondethernet.managed com.apple.thirdactiveethernet.managed com.apple.thirdethernet.managed | User Device Automated Device | False | |||||||||
com.apple.ews.account | User Device Automated Device | True | |||||||||
com.apple.extensiblesso Requires an MDM solution to install. | User Device Automated Device | True | |||||||||
Extensible Single Sign-On Kerberos com.apple.extensiblesso(kerberos) Requires an MDM solution to install. | User Device Automated Device | True | |||||||||
com.apple.NSExtension | Device Automated Device | True | |||||||||
com.apple.MCX com.apple.MCX.FileVault2 com.apple.security.FDERecoveryKeyEscrow | Device Automated Device | False | |||||||||
com.apple.finder | Device Automated Device | False | |||||||||
com.apple.security.firewall | Device Automated Device | True | |||||||||
com.apple.font | User Device Automated Device | True | |||||||||
com.apple.proxy.http.global | Automated Device | False | |||||||||
com.apple.configurationprofile.identification | User Device Automated Device | False | |||||||||
com.apple.security.identitypreference | User Device Automated Device | True | |||||||||
com.apple.syspolicy.kernel-extension-policy Requires an MDM solution to install. | Device Automated Device | True | |||||||||
com.apple.ldap.account | User Device Automated Device | True | |||||||||
com.apple.lom Requires an MDM solution to install. | Device Automated Device | False | |||||||||
com.apple.servicemanagement com.apple.loginitems.managed loginitems | User (Managed items only) Device Automated Device | True (Managed items) False (Login items) | |||||||||
com.apple.loginwindow com.apple.mcxloginscripts | Device Automated Device | True (Login Window) False (Login scripts) | |||||||||
com.apple.mail.managed | User Device Automated Device | True | |||||||||
com.apple.SystemConfiguration | Device Automated Device | False | |||||||||
com.apple.networkusagerules Requires an MDM solution to install. | Automated Device | False | |||||||||
com.apple.notificationsettings | Device (macOS) Automated Device | True | |||||||||
com.apple.applicationaccess.new com.apple.familycontrols.contentfilter com.apple.Dictionary com.apple.gamed com.apple.familycontrols.timelimits.v2 | Device Automated Device | True | |||||||||
com.apple.mobiledevice.passwordpolicy | User Device Automated Device | False | |||||||||
com.apple.mcxprinting | Device Automated Device | False | |||||||||
Privacy Preferences Policy Control com.apple.TCC.configuration-profile-policy Requires an MDM solution to install. | Device Automated Device | True | |||||||||
com.apple.relay.managed | Device Automated Device | True | |||||||||
com.apple.applicationaccess | User Device Automated Device | True | |||||||||
com.apple.security.scep | User Device Automated Device | True | |||||||||
com.apple.preference.security com.apple.systempolicy.control com.apple.systempolicy.rule | Device Automated Device | False | |||||||||
com.apple.SetupAssistant.managed | User Device Automated Device | False | |||||||||
com.apple.security.smartcard | Device Automated Device | False | |||||||||
com.apple.system-extension-policy Requires an MDM solution to install. | Device Automated Device | True | |||||||||
com.apple.systemmigration | Device Automated Device | False | |||||||||
com.apple.MCX.TimeMachine | Device Automated Device | False | |||||||||
com.apple.tvremote | Automated Device | False | |||||||||
com.apple.vpn.managed | User (App-Layer VPN and App-to-App Layer VPN mapping only) Device Automated Device | True | |||||||||
com.apple.webClip.managed | User Device Automated Device | True | |||||||||
com.apple.webcontent-filter | Device Automated Device | True | |||||||||
com.apple.MCX(WiFi) com.apple.builtinwireless.managed com.apple.wifi.managed | User Device Automated Device | True | |||||||||
com.apple.xsan com.apple.xsan.preferences | Device | False | |||||||||