Apple Platform Deployment
- Welcome
- Intro to Apple platform deployment
- What’s new
-
-
- Accessibility payload settings
- Active Directory Certificate payload settings
- AirPlay payload settings
- AirPlay Security payload settings
- AirPrint payload settings
- App Lock payload settings
- Associated Domains payload settings
- Automated Certificate Management Environment (ACME) payload settings
- Autonomous Single App Mode payload settings
- Calendar payload settings
- Mobile payload settings
- Mobile Private Network payload settings
- Certificate Preference payload settings
- Certificate Revocation payload settings
- Certificate Transparency payload settings
- Certificates payload settings
- Conference Room Display payload settings
- Contacts payload settings
- Content Caching payload settings
- Directory Service payload settings
- DNS Proxy payload settings
- DNS Settings payload settings
- Fonts payload settings
- Domains payload settings
- Energy Saver payload settings
- Exchange ActiveSync (EAS) payload settings
- Exchange Web Services (EWS) payload settings
- Extensible Single Sign-on payload settings
- Extensible Single Sign-on Kerberos payload settings
- Extensions payload settings
- FileVault payload settings
- Finder payload settings
- Firewall payload settings
- Fonts payload settings
- Global HTTP Proxy payload settings
- Google Accounts payload settings
- Home Screen Layout payload settings
- Identification payload settings
- Identity Preference payload settings
- Kernel Extension Policy payload settings
- LDAP payload settings
- Lights Out Management payload settings
- Lock Screen Message payload settings
- Login Window payload settings
- Managed Login Items payload settings
- Mail payload settings
- Network Usage Rules payload settings
- Notifications payload settings
- Parental Controls payload settings
- Passcode payload settings
- Printing payload settings
- Privacy Preferences Policy Control payload settings
- Relay payload settings
- SCEP payload settings
- Security payload settings
- Setup Assistant payload settings
- Single Sign-on payload settings
- Smart Card payload settings
- Subscribed Calendars payload settings
- System Extensions payload settings
- System Migration payload settings
- Time Machine payload specifics
- TV Remote payload settings
- Web Clips payload settings
- Web Content Filter payload settings
- LDAP payload settings
-
- Declarative app configuration
- Authentication credentials and identity asset declaration
- Background task management declarative
- Calendar declarative configuration
- Certificates declarative configuration
- Contacts declarative configuration
- Exchange declarative configuration
- Google Accounts declarative configuration
- LDAP declarative configuration
- Legacy interactive profile declarative configuration
- Legacy profile declarative configuration
- Mail declarative configuration
- Maths and Calculator app declarative configuration
- Passcode declarative configuration
- Passkey Attestation declarative configuration
- Safari extensions management declarative configuration
- Screen Sharing declarative configuration
- Service configuration files declarative configuration
- Software Update declarative configuration
- Software Update settings declarative configuration
- Storage management declarative configuration
- Subscribed Calendars declarative configuration
- Glossary
- Document revision history
- Copyright
Declarative app configuration for Apple devices
This declaration can be used to deploy the following apps to devices: App Store apps, Custom Apps, Unlisted Apps and proprietary in-house apps. The app configuration supports the following:
Minimum supported operating systems and channels: iOS 17.2, iPadOS 17.2, Shared iPad user.
Requires supervision: No.
Supported enrolment types: User Enrolment, Device Enrolment, Automated Device Enrolment.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
App Store ID | The App Store ID of the Managed App. Either App Store ID, bundle ID or manifest URL must be set and are mutually exclusive. | No | |||||||||
Bundle ID | The bundle ID of the Managed App. Either App Store ID, bundle ID or manifest URL must be set and are mutually exclusive. | No | |||||||||
Manifest URL | The manifest URL of the Managed App. Either App Store ID, bundle ID or manifest URL must be set and are mutually exclusive. | No | |||||||||
Install behaviour | Defines whether the app is required and gets installed automatically or if the user can decide about instal and removal. | No | |||||||||
Licence | Indicates whether a device or user based volume purchasing licence is used for the app. | No | |||||||||
Include in backup | Defines whether the app and its data are included in a backup. | No | |||||||||
App attributes
In addition, the following attributes can be defined for each app.
Setting | Description | Required |
|---|---|---|
Associated Domains | The associated domains to add to an app. | No |
Associated Domains Enable Direct Downloads | Allow claimed website association verification to be done at the domain. | No |
Content filter UUID | The UUID of a content filter configuration to assign to the app. | No |
DNS proxy UUID | The UUID of a DNS proxy configuration to assign to the app. | No |
Mobile network slice | The data network name (DNN) or traffic category identifying a network slice provided by a network provider. | No |
Relay UUID | The UUID of a network relay configuration to assign to the app. | No |
Tap to Pay on Lock Screen | Requires a user to unlock their device with Face ID, Touch ID or a passcode after every transaction during which the device was handed over to a customer to enter their card PIN. | No |
VPN UUID | The UUID of an app-layer VPN configuration to assign to an app. | No |
Note: Each MDM vendor implements these settings differently. To learn how authentication credential assets and identity assets are applied to your devices and users, consult your MDM vendor’s documentation.