Review MDM payloads for Apple devices
Payloads can be used on various operating systems, and with users and devices (in some cases, they work only on devices that are supervised). Payload information for Apple devices is detailed in the table below, which contains the following columns. Before you review the table below, understand what each column contains.
Payload information
Supported payload name and identifiers: This column notes name of the payload and the identifiers. If you’re using a third-party mobile device management (MDM) solution, the payload name may be different, but the identifiers should be the same.
Supported operating systems and channels: This column notes the supported operating system and specifies whether the payload can be used for a device configuration profile or a user configuration profile. Because Shared iPad and Mac can have more than one user, a payload can be applied to the device channel (all users) or the user channel (specific users).
Supported enrollment type: This column notes the three enrollment types: User Enrollment, Device Enrollment, and Automated Device Enrollment. For more information, see Intro to Apple device enrollment types.
Duplicates allowed: This column notes whether one specified payload (False) or more than one specified payload (True) can be delivered to a user or device. For example, you can install more than one Subscribed Calendars payload on a device, and have multiple Subscribed Calendars payloads in a single profile. In this case this allows you to subscribe the user to more than one calendar. Some payloads have additional requirements to differentiate duplicate payloads. For example, you can install more than one Wi-Fi payload on a device, but each Wi-Fi payload must have a unique SSID.
You can see a complete list of MDM payloads below, or you can see payloads based on a specific device or User Enrollment.
Payload and identifiers | Supported operating systems and channels | Supported enrollment type | Duplicates allowed | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
com.apple.universalaccess | macOS device macOS user | Device Automated Device | False | ||||||||
com.apple.ADCertificate.managed | macOS device macOS user | User Device Automated Device | True | ||||||||
com.apple.airplay | iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | True | ||||||||
com.apple.airplay.security | tvOS | Device Automated Device | False | ||||||||
com.apple.airprint | iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | True | ||||||||
com.apple.app.lock | iOS iPadOS Shared iPad device tvOS | Automated Device | False | ||||||||
com.apple.vpn.managed.applayer | iOS iPadOS Shared iPad device macOS device macOS user visionOS 1.1 | User Device Automated Device | False | ||||||||
com.apple.associated-domains | macOS device macOS user | User Device Automated Device | True | ||||||||
Automated Certificate Management Environment (ACME) com.apple.security.acme | iOS iPadOS Shared iPad device macOS device macOS user tvOS watchOS visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.asam | macOS device | Device Automated Device | False | ||||||||
com.apple.caldav.account | iOS iPadOS Shared iPad user macOS user visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.cellular | iOS iPadOS Shared iPad device watchOS | Device Automated Device | False | ||||||||
com.apple.cellularprivatenetwork.managed | iOS iPadOS Shared iPad device | User Device Automated Device | False | ||||||||
com.apple.security.certificatepreference | macOS user | User Device Automated Device | True | ||||||||
com.apple.security.certificaterevocation | iOS iPadOS visionOS 1.1 | User Device | True | ||||||||
com.apple.security.certificatetransparency | iOS iPadOS Shared iPad device macOS device tvOS watchOS visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.security.pem com.apple.security.pkcs1 com.apple.security.pkcs12 com.apple.security.root | iOS iPadOS Shared iPad device macOS device macOS user tvOS watchOS visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.conferenceroomdisplay | tvOS | Automated Device | False | ||||||||
com.apple.carddav.account | iOS iPadOS Shared iPad user macOS user visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.AssetCache.managed | macOS device | Device Automated Device | False | ||||||||
com.apple.DirectoryService.managed | macOS device | User Device Automated Device | True | ||||||||
com.apple.dnsProxy.managed Requires an MDM solution to install. | iOS iPadOS Shared iPad device visionOS 1.1 | Automated Device | False | ||||||||
com.apple.dnsSettings.managed | iOS iPadOS Shared iPad device macOS device visionOS 1.1 | Device Automated Device | True | ||||||||
com.apple.dock | macOS device macOS user | Device Automated Device | False | ||||||||
com.apple.domains | iOS iPadOS Shared iPad device Shared iPad user macOS device macOS user visionOS 1.1 | Device Automated Device | False | ||||||||
com.apple.MCX | macOS device | Device Automated Device | True | ||||||||
com.apple.globalethernet.managed com.apple.firstactiveethernet.managed com.apple.firstethernet.managed com.apple.secondactiveethernet.managed com.apple.secondethernet.managed com.apple.thirdactiveethernet.managed com.apple.thirdethernet.managed | iOS iPadOS Shared iPad device macOS device macOS user tvOS | User Device Automated Device | False | ||||||||
com.apple.eas.account | iOS iPadOS Shared iPad user visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.ews.account | macOS user | User Device Automated Device | True | ||||||||
com.apple.extensiblesso Requires an MDM solution to install. | iOS iPadOS Shared iPad user macOS device macOS user visionOS 1.1 | User Device Automated Device | True | ||||||||
Extensible Single Sign-On Kerberos com.apple.extensiblesso(kerberos) Requires an MDM solution to install. | iOS iPadOS Shared iPad user macOS device macOS user visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.NSExtension | macOS device macOS user | Device Automated Device | True | ||||||||
com.apple.MCX com.apple.MCX.FileVault2 com.apple.security.FDERecoveryKeyEscrow | macOS device | Device Automated Device | False | ||||||||
com.apple.finder | macOS device macOS user | Device Automated Device | False | ||||||||
com.apple.security.firewall | macOS device | Device Automated Device | True | ||||||||
com.apple.font | iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | True | ||||||||
com.apple.proxy.http.global | iOS iPadOS Shared iPad device macOS device tvOS | Automated Device | False | ||||||||
com.apple.google-oauth | iOS iPadOS Shared iPad user visionOS 1.1 | User Device | True | ||||||||
com.apple.homescreenlayout | iOS iPadOS Shared iPad device Shared iPad user tvOS | Automated Device | False | ||||||||
com.apple.configurationprofile.identification | macOS device macOS user | User Device Automated Device | False | ||||||||
com.apple.security.identitypreference | macOS user | User Device Automated Device | True | ||||||||
com.apple.syspolicy.kernel-extension-policy Requires an MDM solution to install. | macOS device | Device Automated Device | True | ||||||||
com.apple.ldap.account | iOS iPadOS Shared iPad user macOS user visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.lom Requires an MDM solution to install. | macOS device | Device Automated Device | False | ||||||||
com.apple.shareddeviceconfiguration | iOS iPadOS Shared iPad device | Automated Device | False | ||||||||
com.apple.servicemanagement com.apple.loginitems.managed loginitems | macOS device macOS user | User (Managed items only) Device Automated Device | True (Managed items) False (Login items) | ||||||||
com.apple.loginwindow com.apple.mcxloginscripts | macOS device | Device Automated Device | True (Login Window) False (Login scripts) | ||||||||
com.apple.mail.managed | iOS iPadOS Shared iPad user macOS user visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.SystemConfiguration | macOS device | Device Automated Device | False | ||||||||
com.apple.networkusagerules Requires an MDM solution to install. | iOS iPadOS Shared iPad device | Automated Device | False | ||||||||
com.apple.notificationsettings | iOS iPadOS Shared iPad device Shared iPad user macOS device macOS user | Device (macOS) Automated Device | False (iOS, iPadOS) True (macOS) | ||||||||
com.apple.applicationaccess.new com.apple.familycontrols.contentfilter com.apple.Dictionary com.apple.gamed com.apple.familycontrols.timelimits.v2 | macOS device macOS user | Device Automated Device | True | ||||||||
com.apple.mobiledevice.passwordpolicy | iOS iPadOS macOS device watchOS visionOS 2.0 | User Device Automated Device | False | ||||||||
com.apple.mcxprinting | macOS device macOS user | Device Automated Device | False | ||||||||
Privacy Preferences Policy Control com.apple.TCC.configuration-profile-policy Requires an MDM solution to install. | macOS device | Device Automated Device | True | ||||||||
com.apple.relay.managed | iOS iPadOS Shared iPad device macOS device macOS user visionOS 1.1 | Device Automated Device | True | ||||||||
com.apple.applicationaccess | iOS iPadOS Shared iPad device macOS device macOS user tvOS watchOS visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.security.scep | iOS iPadOS Shared iPad device macOS device macOS user tvOS watchOS visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.preference.security com.apple.systempolicy.control com.apple.systempolicy.rule | macOS device macOS user | Device Automated Device | False | ||||||||
com.apple.SetupAssistant.managed | iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | False | ||||||||
com.apple.sso | iOS iPadOS | User Device Automated Device | False | ||||||||
com.apple.security.smartcard | macOS device | Device Automated Device | False | ||||||||
com.apple.subscribedcalendar.account | iOS iPadOS Shared iPad user visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.system-extension-policy Requires an MDM solution to install. | macOS device | Device Automated Device | True | ||||||||
com.apple.systemmigration | macOS device | Device Automated Device | False | ||||||||
com.apple.MCX.TimeMachine | macOS device | Device Automated Device | False | ||||||||
com.apple.tvremote | iOS iPadOS Shared iPad device tvOS | Automated Device | False | ||||||||
com.apple.vpn.managed | iOS iPadOS macOS device macOS user tvOS watchOS (App-Layer VPN only) visionOS 1.1 | User (App-Layer VPN and App-to-App Layer VPN mapping only) Device Automated Device | True | ||||||||
com.apple.webClip.managed | iOS iPadOS Shared iPad user macOS user | User Device Automated Device | True | ||||||||
com.apple.webcontent-filter | iOS iPadOS Shared iPad device macOS device visionOS 1.1 | Device Automated Device | True | ||||||||
com.apple.MCX(WiFi) com.apple.builtinwireless.managed com.apple.wifi.managed | iOS iPadOS Shared iPad device macOS device macOS user tvOS watchOS visionOS 1.1 | User Device Automated Device | True | ||||||||
com.apple.xsan com.apple.xsan.preferences | macOS device | Device | False | ||||||||