Managing profiles for iOS devices in the Mobile Security Portal
Last adaptation to the version: 09.2022 (v1.9)
New:
- Predefined Home screen layouts can now be used
- Description for the tabs Wallpaper, Google Account, AirPrint and Apple TV added
- Description of Restrictions updated
- Example: Integration of an Office 365 account with OAuth (Error correction!)
This article refers to a Resellerpreview
-
Preamble
In a profile permissions, restrictions, password requirements, email settings and security settings are configured.
Several users or user groups (roles) can be assigned to a profile.
Several devices or device groups (devices designated by tags) can be assigned to a profile.
For a large number of devices and users it is recommended to map the assignment via groups.
Overview of profile management
In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.
General Options
Filter displayed profiles |
Sorts the tiles by the profile name |
| Sorts the tiles according to the priority of the profile | |
| Sorts the tiles in ascending or descending order according to the selected criterion | |
| Filters on profile tiles that contain the search text | |
Add profileAdd profile |
Creates a new profile. The settings in the profile vary depending on the operating system. |
Import profileUsers |
Existing profiles that were previously exported from the Secuerepoint Mobile Security Portal can be imported here |
| Paste | Inserts a copy of a profile from the clipboard |
Show details |
Show / hide details: For a large number of profiles it can be useful to hide the most important details for clarity. |
List view / Grid view/ |
Switch between lists and grid view |
Refresh |
Refreshes the display |
Profile tile
 | ||
| The button at the top right of each profile tile provides the following options: | ||
| Edit | Editing the settings (see below) | |
| Export | Exporting the settings | |
| Delete | The profile is deleted | |
Details displayed in the profile tile: | ||
| Updated | Changes have been made to the profile that have not yet been published! | |
| PARTIALLY INSTALLED | Not all subprofiles were able to be installed | |
| Type | Profile type (see below) | |
| Roles | Roles | |
| Users | User | |
| Devices | Devices | |
| tags | Tags | |
| Parts | Listing of the sub-profiles that make up the complete Mobile Security Profile. | |
Copy and paste of profiles
Click on the logo of the profile tile to mark one or more profiles .
In the general options, another field now appears under the filter mask:
| Action for selected items | Execute the selected action with Ok | |||
| Copies one or more selected profiles to the clipboard | ||||
| Deletes one or more selected profiles | ||||
| Paste | Inserts a copy of a profile from the clipboard
|
iOS profile
General iOS
GeneralAdd profile
| Caption | Value | Description |  |
|---|---|---|---|
| Type | Device Profile | Device Profile | |
| Shared iPad | Profile that allows different users for one iPad | ||
| Apple TV Profile | Profile with limited settings options. Additional settings for Apple TV | ||
| Name | Name | Profile name | |
| Priority | 5 |
The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles. | |
| Roles | Add roles | Click-Box: The profile will be assigned to all devices of all users with these roles | |
| User | Add users | The profile will be assigned to all devices from these users | |
| Devices | Add devices | The profile will be assigned to these devices | |
| Tags | Add tags | The profile will be assigned to all devices with these tags | |
| Comment | Comment | Comment | |
| Save | Accepts the changes / creation, saves and closes the profile | ||
| Close | Closes the profile without applying any changes | ||
Restrictions
Restrictions
Configuration by clicking on Activate restrictions.
Numerous restrictions can be configured to control the behavior of a device.
List of possible restrictions with default values and explanations.
General restrictions
| Einschränkung | Default | Erläuterung | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |||||||||||||||||||||||
| Allow automatic unlocking | If set to false, the automatic unlocking is disabled | |||||||||||||||||||||||
| Allow cloud address book | If set to false, the cloud address book will be disabled | |||||||||||||||||||||||
| Allow cloud bookmarks | If set to false, cloud bookmarks will be disabled | |||||||||||||||||||||||
| Allow cloud calendar | If set to false, the cloud calendar will be disabled | |||||||||||||||||||||||
| Allow cloud desktop & documents | If set to false, cloud desktop and documents will be disabled | |||||||||||||||||||||||
| Allow cloud mail | If set to false, cloud mail will be disabled | |||||||||||||||||||||||
| Allow cloud notes | If set to false, cloud notes will be disabled | |||||||||||||||||||||||
| Allow cloud reminders | If set to false, cloud reminders will be disabled | |||||||||||||||||||||||
| Allow content caching | If set to false, content caching will be disabled | |||||||||||||||||||||||
| Allow iTunes file sharing | If set to false, iTunes file sharing will be disabled | |||||||||||||||||||||||
| Allow automatic screen saver | Allow automatic screen saver | |||||||||||||||||||||||
| Allow lock screen ControlCenter | If set to false, the ControlCenter is disabled for the lock screen | |||||||||||||||||||||||
| Allow lock screen notifications to display | If set to false, the notification preview of the lock screen will be disabled | |||||||||||||||||||||||
| Allow lock screen view today | If set to false, today's lock screen view will be disabled | |||||||||||||||||||||||
| Allow to write unmanaged contacts | If set to false, writing unmanaged contacts will be disabled | |||||||||||||||||||||||
| Allow unmanaged reading of managed contacts | These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app | |||||||||||||||||||||||
| Allow OTAPKI updates | If set to false, OTAPKI updates are disabled | |||||||||||||||||||||||
| Allow temporary session of the shared device | If set to false, the temporary session of the shared device is disabled | |||||||||||||||||||||||
| Force password for outgoing AirPlay requests | If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password | |||||||||||||||||||||||
| Force encrypted backups | Force encrypted backups | |||||||||||||||||||||||
| Limit ad tracking | If set to true, ad tracking will be restricted | |||||||||||||||||||||||
| Dictation only | If set to true, connections to Siri servers for dictation are disabled | |||||||||||||||||||||||
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |||||||||||||||||||||||
| Allow QuickPath keyboard | If set to inactive, the QuickPath keyboard is disabled | |||||||||||||||||||||||
| Allow network access for files | If inactive, the connection to network drives is prevented in the file app | |||||||||||||||||||||||
| Allow USB drive for files | When inactive, it prevents the File app from connecting to connected USB devices | |||||||||||||||||||||||
| Allow Find My Device | When inactive, Find My Device is disabled in the Find my App | |||||||||||||||||||||||
| Allow Find My Friends | When inactive, Find My Friends is disabled in the Find My app | |||||||||||||||||||||||
| Force WiFi activation | If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use. | |||||||||||||||||||||||
| Erlaubt Enterprise-Apps zu vertrauen | Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple) | |||||||||||||||||||||||
| Allow screenshots and screen recording | Allows the user to take screenshots or screen recordings | |||||||||||||||||||||||
| Apple Music erlauben | If set to false, Apple Music will be disabled in the Music app | |||||||||||||||||||||||
| iTunes Radio erlauben | If set to false, iTunes Radio will be disabled in the Music app | |||||||||||||||||||||||
| Allow shared stream | If set to false, the shared stream is disabled | |||||||||||||||||||||||
| Allow Wallet while locked | If set to false, wallet notifications will not be shown on the lock screen | |||||||||||||||||||||||
| Allow use of News | Allows the user to access and use News | |||||||||||||||||||||||
| Allow modifying bluetooth settings | Allow modifying bluetooth settings | |||||||||||||||||||||||
| Allow modifying cellular data usage for app settings | If set to false, the mobile data uses for app settings cannot be changed | |||||||||||||||||||||||
| Allow modifying device name | Allows the user to change device names | |||||||||||||||||||||||
| Allow automatic sync while roaming | Allows automatic synchronization during roaming | |||||||||||||||||||||||
| Allow iCloud sync for managed apps | Allows iCloud synchronization for managed apps | |||||||||||||||||||||||
| Allow enterprise books backup | Allows enterprise books to be backed up | |||||||||||||||||||||||
| Allow enterprise books and highlights to sync | Allows enterprise books to synchronize notes and highlights | |||||||||||||||||||||||
| Allow email privacy | If activated, Apple's Mail Privacy Protection (AMPP) is activated | |||||||||||||||||||||||
| Allow In App purchases | Allows the user to make purchases within applications | |||||||||||||||||||||||
| Allow multiplayer gaming | Allows multiplayer gaming | |||||||||||||||||||||||
| Allow voice dialing while device is locked | Allows voice dialing while device is locked | |||||||||||||||||||||||
| Force Apple Watch wrist detection | Forces Apple watch wrist detection | |||||||||||||||||||||||
| Allow pairing with Apple Watch | Allows pairing with Apple Watch | |||||||||||||||||||||||
| Allow Internet results in Spotlight | If set to false, search results from the web will not be shown in Spotlight | |||||||||||||||||||||||
| Allow user to accept untrusted TLS certificates | Allows user to accept untrusted TLS certificates | |||||||||||||||||||||||
| Photo-Stream erlauben | Allows Photo Stream to be used on the device | |||||||||||||||||||||||
| Allow iCloud Photo Library | Allows iCloud photo library to be used on the device | |||||||||||||||||||||||
| Allow iCloud Backup | Allows backup using iCloud | |||||||||||||||||||||||
| Allow personalized advertising | When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later. | |||||||||||||||||||||||
| Requires iTunes password for all purchases | Requires the user's iTunes password to be entered for every purchase | |||||||||||||||||||||||
| Apps ranking number | 1000
|
Der eingegebene Wert beschreibt das maximal erlaubte Level an jugendschutzrelevanten Apps auf dem Gerät. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| Movie-Ranking-Nummer | 1000
|
Der eingegebene Wert beschreibt das maximal erlaubte Level an jugendschutzrelevanten Filmen auf dem Gerät. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| TV-Serien-Ranking-Nummer | 1000
|
The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| Regionscode | Germany | Two-character code for the region used to specify ratings | ||||||||||||||||||||||
| Accept cookies in Safari | Never | Cookies akzeptieren: Does not accept cookies | ||||||||||||||||||||||
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |||||||||||||||||||||||
| From websites I visited | Accepts cookies from all visited websites | |||||||||||||||||||||||
| Always | Accepts all cookies | |||||||||||||||||||||||
| JavaScript erlauben | Allows JavaScript in Safari | |||||||||||||||||||||||
| Allow Pop-ups | Allows Pop-ups in Safari | |||||||||||||||||||||||
| Enable fraud warning | Enables fraud warning in Safari | |||||||||||||||||||||||
| Force translation on the device only | When this option is enabled, the device does not connect to Siri servers for translation purposes | |||||||||||||||||||||||
| Allow unmanaged documents in managed apps | Allows managed apps to access unmanaged documents | |||||||||||||||||||||||
| Allow managed documents in unmanaged apps | Allows unmanaged apps to access managed documents | |||||||||||||||||||||||
| Managed clipboard required | When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |||||||||||||||||||||||
| Treat AirDrop as unmanaged destination | ||||||||||||||||||||||||
| Handoff erlauben | If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |||||||||||||||||||||||
| Allow Touch ID/Face ID for unlocking | Allows Touch ID/Face ID to unlock device | |||||||||||||||||||||||
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |||||||||||||||||||||||
| Allow modifying notification settings | Allows modifying notification settings | |||||||||||||||||||||||
| Allow incoming AirPlay requests | Allows incoming AirPlay requests | |||||||||||||||||||||||
| Allow pairing with Remote app | Allows pairing with Remote app | |||||||||||||||||||||||
| Diktat erlauben | Allows dictation | |||||||||||||||||||||||
| Allow camera use | Allows the user to use the camera | |||||||||||||||||||||||
| Siri erlauben | Erlaubt Siri. | |||||||||||||||||||||||
| Allow Siri while locked | Allows Siri while device is locked | |||||||||||||||||||||||
| Allow Siri user generated content | When inactive, it prevents Siri from querying requests with user-generated content | |||||||||||||||||||||||
| Allow modifying Touch ID/Face ID | The user is allowed to change the Touch ID/Face ID | |||||||||||||||||||||||
| Allow diagnostic submission | Send diagnostic and usage stats to Apple | |||||||||||||||||||||||
| Allow modifying diagnostics settings | The user is allowed to change the diagnostic settings |
For Apple TVs
| Einschränkung | Default | Erläuterung | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |||||||||||||||||||||||
| Allow automatic unlocking | If set to false, the automatic unlocking is disabled | |||||||||||||||||||||||
| Allow cloud address book | If set to false, the cloud address book will be disabled | |||||||||||||||||||||||
| Allow cloud bookmarks | If set to false, cloud bookmarks will be disabled | |||||||||||||||||||||||
| Allow cloud calendar | If set to false, the cloud calendar will be disabled | |||||||||||||||||||||||
| Allow cloud desktop & documents | If set to false, cloud desktop and documents will be disabled | |||||||||||||||||||||||
| Allow cloud mail | If set to false, cloud mail will be disabled | |||||||||||||||||||||||
| Allow cloud notes | If set to false, cloud notes will be disabled | |||||||||||||||||||||||
| Allow cloud reminders | If set to false, cloud reminders will be disabled | |||||||||||||||||||||||
| Allow content caching | If set to false, content caching will be disabled | |||||||||||||||||||||||
| Allow iTunes file sharing | If set to false, iTunes file sharing will be disabled | |||||||||||||||||||||||
| Allow automatic screen saver | Allow automatic screen saver | |||||||||||||||||||||||
| Allow lock screen ControlCenter | If set to false, the ControlCenter is disabled for the lock screen | |||||||||||||||||||||||
| Allow lock screen notifications to display | If set to false, the notification preview of the lock screen will be disabled | |||||||||||||||||||||||
| Allow lock screen view today | If set to false, today's lock screen view will be disabled | |||||||||||||||||||||||
| Allow to write unmanaged contacts | If set to false, writing unmanaged contacts will be disabled | |||||||||||||||||||||||
| Allow unmanaged reading of managed contacts | These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app | |||||||||||||||||||||||
| Allow OTAPKI updates | If set to false, OTAPKI updates are disabled | |||||||||||||||||||||||
| Allow temporary session of the shared device | If set to false, the temporary session of the shared device is disabled | |||||||||||||||||||||||
| Force password for outgoing AirPlay requests | If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password | |||||||||||||||||||||||
| Force encrypted backups | Force encrypted backups | |||||||||||||||||||||||
| Limit ad tracking | If set to true, ad tracking will be restricted | |||||||||||||||||||||||
| Dictation only | If set to true, connections to Siri servers for dictation are disabled | |||||||||||||||||||||||
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |||||||||||||||||||||||
| Allow QuickPath keyboard | If set to inactive, the QuickPath keyboard is disabled | |||||||||||||||||||||||
| Allow network access for files | If inactive, the connection to network drives is prevented in the file app | |||||||||||||||||||||||
| Allow USB drive for files | When inactive, it prevents the File app from connecting to connected USB devices | |||||||||||||||||||||||
| Allow Find My Device | When inactive, Find My Device is disabled in the Find my App | |||||||||||||||||||||||
| Allow Find My Friends | When inactive, Find My Friends is disabled in the Find My app | |||||||||||||||||||||||
| Force WiFi activation | If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use. | |||||||||||||||||||||||
| Erlaubt Enterprise-Apps zu vertrauen | Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple) | |||||||||||||||||||||||
| Allow screenshots and screen recording | Allows the user to take screenshots or screen recordings | |||||||||||||||||||||||
| Apple Music erlauben | If set to false, Apple Music will be disabled in the Music app | |||||||||||||||||||||||
| iTunes Radio erlauben | If set to false, iTunes Radio will be disabled in the Music app | |||||||||||||||||||||||
| Allow shared stream | If set to false, the shared stream is disabled | |||||||||||||||||||||||
| Allow Wallet while locked | If set to false, wallet notifications will not be shown on the lock screen | |||||||||||||||||||||||
| Allow use of News | Allows the user to access and use News | |||||||||||||||||||||||
| Allow modifying bluetooth settings | Allow modifying bluetooth settings | |||||||||||||||||||||||
| Allow modifying cellular data usage for app settings | If set to false, the mobile data uses for app settings cannot be changed | |||||||||||||||||||||||
| Allow modifying device name | Allows the user to change device names | |||||||||||||||||||||||
| Allow automatic sync while roaming | Allows automatic synchronization during roaming | |||||||||||||||||||||||
| Allow iCloud sync for managed apps | Allows iCloud synchronization for managed apps | |||||||||||||||||||||||
| Allow enterprise books backup | Allows enterprise books to be backed up | |||||||||||||||||||||||
| Allow enterprise books and highlights to sync | Allows enterprise books to synchronize notes and highlights | |||||||||||||||||||||||
| Allow email privacy | If activated, Apple's Mail Privacy Protection (AMPP) is activated | |||||||||||||||||||||||
| Allow In App purchases | Allows the user to make purchases within applications | |||||||||||||||||||||||
| Allow multiplayer gaming | Allows multiplayer gaming | |||||||||||||||||||||||
| Allow voice dialing while device is locked | Allows voice dialing while device is locked | |||||||||||||||||||||||
| Force Apple Watch wrist detection | Forces Apple watch wrist detection | |||||||||||||||||||||||
| Allow pairing with Apple Watch | Allows pairing with Apple Watch | |||||||||||||||||||||||
| Allow Internet results in Spotlight | If set to false, search results from the web will not be shown in Spotlight | |||||||||||||||||||||||
| Allow user to accept untrusted TLS certificates | Allows user to accept untrusted TLS certificates | |||||||||||||||||||||||
| Photo-Stream erlauben | Allows Photo Stream to be used on the device | |||||||||||||||||||||||
| Allow iCloud Photo Library | Allows iCloud photo library to be used on the device | |||||||||||||||||||||||
| Allow iCloud Backup | Allows backup using iCloud | |||||||||||||||||||||||
| Allow personalized advertising | When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later. | |||||||||||||||||||||||
| Requires iTunes password for all purchases | Requires the user's iTunes password to be entered for every purchase | |||||||||||||||||||||||
| Apps ranking number | 1000
|
Der eingegebene Wert beschreibt das maximal erlaubte Level an jugendschutzrelevanten Apps auf dem Gerät. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| Movie-Ranking-Nummer | 1000
|
Der eingegebene Wert beschreibt das maximal erlaubte Level an jugendschutzrelevanten Filmen auf dem Gerät. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| TV-Serien-Ranking-Nummer | 1000
|
The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| Regionscode | Germany | Two-character code for the region used to specify ratings | ||||||||||||||||||||||
| Accept cookies in Safari | Never | Cookies akzeptieren: Does not accept cookies | ||||||||||||||||||||||
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |||||||||||||||||||||||
| From websites I visited | Accepts cookies from all visited websites | |||||||||||||||||||||||
| Always | Accepts all cookies | |||||||||||||||||||||||
| JavaScript erlauben | Allows JavaScript in Safari | |||||||||||||||||||||||
| Allow Pop-ups | Allows Pop-ups in Safari | |||||||||||||||||||||||
| Enable fraud warning | Enables fraud warning in Safari | |||||||||||||||||||||||
| Force translation on the device only | When this option is enabled, the device does not connect to Siri servers for translation purposes | |||||||||||||||||||||||
| Allow unmanaged documents in managed apps | Allows managed apps to access unmanaged documents | |||||||||||||||||||||||
| Allow managed documents in unmanaged apps | Allows unmanaged apps to access managed documents | |||||||||||||||||||||||
| Managed clipboard required | When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |||||||||||||||||||||||
| Treat AirDrop as unmanaged destination | ||||||||||||||||||||||||
| Handoff erlauben | If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |||||||||||||||||||||||
| Allow Touch ID/Face ID for unlocking | Allows Touch ID/Face ID to unlock device | |||||||||||||||||||||||
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |||||||||||||||||||||||
| Allow modifying notification settings | Allows modifying notification settings | |||||||||||||||||||||||
| Allow incoming AirPlay requests | Allows incoming AirPlay requests | |||||||||||||||||||||||
| Allow pairing with Remote app | Allows pairing with Remote app | |||||||||||||||||||||||
| Diktat erlauben | Allows dictation | |||||||||||||||||||||||
| Allow camera use | Allows the user to use the camera | |||||||||||||||||||||||
| Siri erlauben | Erlaubt Siri. | |||||||||||||||||||||||
| Allow Siri while locked | Allows Siri while device is locked | |||||||||||||||||||||||
| Allow Siri user generated content | When inactive, it prevents Siri from querying requests with user-generated content | |||||||||||||||||||||||
| Allow modifying Touch ID/Face ID | The user is allowed to change the Touch ID/Face ID | |||||||||||||||||||||||
| Allow diagnostic submission | Send diagnostic and usage stats to Apple | |||||||||||||||||||||||
| Allow modifying diagnostics settings | The user is allowed to change the diagnostic settings |
For User registration
| Einschränkung | Default | Erläuterung | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |||||||||||||||||||||||
| Allow automatic unlocking | If set to false, the automatic unlocking is disabled | |||||||||||||||||||||||
| Allow cloud address book | If set to false, the cloud address book will be disabled | |||||||||||||||||||||||
| Allow cloud bookmarks | If set to false, cloud bookmarks will be disabled | |||||||||||||||||||||||
| Allow cloud calendar | If set to false, the cloud calendar will be disabled | |||||||||||||||||||||||
| Allow cloud desktop & documents | If set to false, cloud desktop and documents will be disabled | |||||||||||||||||||||||
| Allow cloud mail | If set to false, cloud mail will be disabled | |||||||||||||||||||||||
| Allow cloud notes | If set to false, cloud notes will be disabled | |||||||||||||||||||||||
| Allow cloud reminders | If set to false, cloud reminders will be disabled | |||||||||||||||||||||||
| Allow content caching | If set to false, content caching will be disabled | |||||||||||||||||||||||
| Allow iTunes file sharing | If set to false, iTunes file sharing will be disabled | |||||||||||||||||||||||
| Allow automatic screen saver | Allow automatic screen saver | |||||||||||||||||||||||
| Allow lock screen ControlCenter | If set to false, the ControlCenter is disabled for the lock screen | |||||||||||||||||||||||
| Allow lock screen notifications to display | If set to false, the notification preview of the lock screen will be disabled | |||||||||||||||||||||||
| Allow lock screen view today | If set to false, today's lock screen view will be disabled | |||||||||||||||||||||||
| Allow to write unmanaged contacts | If set to false, writing unmanaged contacts will be disabled | |||||||||||||||||||||||
| Allow unmanaged reading of managed contacts | These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app | |||||||||||||||||||||||
| Allow OTAPKI updates | If set to false, OTAPKI updates are disabled | |||||||||||||||||||||||
| Allow temporary session of the shared device | If set to false, the temporary session of the shared device is disabled | |||||||||||||||||||||||
| Force password for outgoing AirPlay requests | If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password | |||||||||||||||||||||||
| Force encrypted backups | Force encrypted backups | |||||||||||||||||||||||
| Limit ad tracking | If set to true, ad tracking will be restricted | |||||||||||||||||||||||
| Dictation only | If set to true, connections to Siri servers for dictation are disabled | |||||||||||||||||||||||
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |||||||||||||||||||||||
| Allow QuickPath keyboard | If set to inactive, the QuickPath keyboard is disabled | |||||||||||||||||||||||
| Allow network access for files | If inactive, the connection to network drives is prevented in the file app | |||||||||||||||||||||||
| Allow USB drive for files | When inactive, it prevents the File app from connecting to connected USB devices | |||||||||||||||||||||||
| Allow Find My Device | When inactive, Find My Device is disabled in the Find my App | |||||||||||||||||||||||
| Allow Find My Friends | When inactive, Find My Friends is disabled in the Find My app | |||||||||||||||||||||||
| Force WiFi activation | If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use. | |||||||||||||||||||||||
| Erlaubt Enterprise-Apps zu vertrauen | Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple) | |||||||||||||||||||||||
| Allow screenshots and screen recording | Allows the user to take screenshots or screen recordings | |||||||||||||||||||||||
| Apple Music erlauben | If set to false, Apple Music will be disabled in the Music app | |||||||||||||||||||||||
| iTunes Radio erlauben | If set to false, iTunes Radio will be disabled in the Music app | |||||||||||||||||||||||
| Allow shared stream | If set to false, the shared stream is disabled | |||||||||||||||||||||||
| Allow Wallet while locked | If set to false, wallet notifications will not be shown on the lock screen | |||||||||||||||||||||||
| Allow use of News | Allows the user to access and use News | |||||||||||||||||||||||
| Allow modifying bluetooth settings | Allow modifying bluetooth settings | |||||||||||||||||||||||
| Allow modifying cellular data usage for app settings | If set to false, the mobile data uses for app settings cannot be changed | |||||||||||||||||||||||
| Allow modifying device name | Allows the user to change device names | |||||||||||||||||||||||
| Allow automatic sync while roaming | Allows automatic synchronization during roaming | |||||||||||||||||||||||
| Allow iCloud sync for managed apps | Allows iCloud synchronization for managed apps | |||||||||||||||||||||||
| Allow enterprise books backup | Allows enterprise books to be backed up | |||||||||||||||||||||||
| Allow enterprise books and highlights to sync | Allows enterprise books to synchronize notes and highlights | |||||||||||||||||||||||
| Allow email privacy | If activated, Apple's Mail Privacy Protection (AMPP) is activated | |||||||||||||||||||||||
| Allow In App purchases | Allows the user to make purchases within applications | |||||||||||||||||||||||
| Allow multiplayer gaming | Allows multiplayer gaming | |||||||||||||||||||||||
| Allow voice dialing while device is locked | Allows voice dialing while device is locked | |||||||||||||||||||||||
| Force Apple Watch wrist detection | Forces Apple watch wrist detection | |||||||||||||||||||||||
| Allow pairing with Apple Watch | Allows pairing with Apple Watch | |||||||||||||||||||||||
| Allow Internet results in Spotlight | If set to false, search results from the web will not be shown in Spotlight | |||||||||||||||||||||||
| Allow user to accept untrusted TLS certificates | Allows user to accept untrusted TLS certificates | |||||||||||||||||||||||
| Photo-Stream erlauben | Allows Photo Stream to be used on the device | |||||||||||||||||||||||
| Allow iCloud Photo Library | Allows iCloud photo library to be used on the device | |||||||||||||||||||||||
| Allow iCloud Backup | Allows backup using iCloud | |||||||||||||||||||||||
| Allow personalized advertising | When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later. | |||||||||||||||||||||||
| Requires iTunes password for all purchases | Requires the user's iTunes password to be entered for every purchase | |||||||||||||||||||||||
| Apps ranking number | 1000
|
Der eingegebene Wert beschreibt das maximal erlaubte Level an jugendschutzrelevanten Apps auf dem Gerät. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| Movie-Ranking-Nummer | 1000
|
Der eingegebene Wert beschreibt das maximal erlaubte Level an jugendschutzrelevanten Filmen auf dem Gerät. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| TV-Serien-Ranking-Nummer | 1000
|
The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. Possible values based on US valuation levels:
The US Parental Guide rating is comparable to the German FSK rating | ||||||||||||||||||||||
| Regionscode | Germany | Two-character code for the region used to specify ratings | ||||||||||||||||||||||
| Accept cookies in Safari | Never | Cookies akzeptieren: Does not accept cookies | ||||||||||||||||||||||
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |||||||||||||||||||||||
| From websites I visited | Accepts cookies from all visited websites | |||||||||||||||||||||||
| Always | Accepts all cookies | |||||||||||||||||||||||
| JavaScript erlauben | Allows JavaScript in Safari | |||||||||||||||||||||||
| Allow Pop-ups | Allows Pop-ups in Safari | |||||||||||||||||||||||
| Enable fraud warning | Enables fraud warning in Safari | |||||||||||||||||||||||
| Force translation on the device only | When this option is enabled, the device does not connect to Siri servers for translation purposes | |||||||||||||||||||||||
| Allow unmanaged documents in managed apps | Allows managed apps to access unmanaged documents | |||||||||||||||||||||||
| Allow managed documents in unmanaged apps | Allows unmanaged apps to access managed documents | |||||||||||||||||||||||
| Managed clipboard required | When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |||||||||||||||||||||||
| Treat AirDrop as unmanaged destination | ||||||||||||||||||||||||
| Handoff erlauben | If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |||||||||||||||||||||||
| Allow Touch ID/Face ID for unlocking | Allows Touch ID/Face ID to unlock device | |||||||||||||||||||||||
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |||||||||||||||||||||||
| Allow modifying notification settings | Allows modifying notification settings | |||||||||||||||||||||||
| Allow incoming AirPlay requests | Allows incoming AirPlay requests | |||||||||||||||||||||||
| Allow pairing with Remote app | Allows pairing with Remote app | |||||||||||||||||||||||
| Diktat erlauben | Allows dictation | |||||||||||||||||||||||
| Allow camera use | Allows the user to use the camera | |||||||||||||||||||||||
| Siri erlauben | Erlaubt Siri. | |||||||||||||||||||||||
| Allow Siri while locked | Allows Siri while device is locked | |||||||||||||||||||||||
| Allow Siri user generated content | When inactive, it prevents Siri from querying requests with user-generated content | |||||||||||||||||||||||
| Allow modifying Touch ID/Face ID | The user is allowed to change the Touch ID/Face ID | |||||||||||||||||||||||
| Allow diagnostic submission | Send diagnostic and usage stats to Apple | |||||||||||||||||||||||
| Allow modifying diagnostics settings | The user is allowed to change the diagnostic settings |
Classroom-App
The Classroom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.
| Restrictions | Default | Explanation | |
|---|---|---|---|
| Allow remote screen monitoring | If not allowed, remote screen monitoring is disabled by the Classroom app. When screenshots are disabled, the Classroom app does not observe remote screens. | ||
| Force courses to be joined automatically | If enforced, the instructor's requests are automatically accepted without prompting the student. | ||
| Force permission to leave classes | If enforced, a student enrolled in an unmanaged course through Classroom must ask the instructor for permission to leave the course. | ||
| Force app and device lock | If enforced, the teacher can lock apps or the device without prompting the student. | ||
| Force screen monitoring | When enforced and remote screen monitoring is allowed, a student enrolled in a managed course through the classroom app automatically grants permission to watch the screen without being prompted. |
Restrictions for supervised devices
A range of restrictions is only available for devices in the Supervised embedding mode.
| Restrictions | Default | Explanation |
|---|---|---|
| Restrict app use | Allow all apps Do not allow certain apps Allow only certain apps |
Configures whether no restriction, a blocklist or a allowlist is used for apps. supervised devices only |
|
Click box for app selection | Depending on the selection in the line above: Blocklisted Apps / Allowlisted Apps Searches the entire App Store for possible apps. supervised devices only |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only | |
| Allow AirDrop | If set to false, AirDrop will be disabled supervised devices only | |
| Allow AirPrint | If set to false, AirPrint will be disabled supervised devices only | |
| Allow saving AirPrint credentials | If set to false, the storage of AirPrint credentials is disabled supervised devices only | |
| Allow AirPrint iBeacon detection | If set to false, AirPrint iBeacon detection will be disabled supervised devices only | |
| Allow change of mobile tariff | If set to false, the change of the mobile tariff will be disabled supervised devices only
non | |
| Allow cloud keychain synchronization | If set to false, cloud keychain synchronization is disabled supervised devices only | |
| Allow private cloud relay | If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only | |
| Allow eSIM changes | If set to false, the eSIM change will be disabled | |
| Allow access to files on USB drive | If set to false, access to the files USB drive is disabled supervised devices only | |
| Allow change to find my friends | If set to false, the modification will be disabled for find my friends supervised devices only | |
| Allow host pairing | If set to false, host pairing is disabled supervised devices only | |
| Allow NFC | If set to false, NFC will be disabled supervised devices only | |
| Allow auto-complete password | If set to false, the auto-completion of the password will be disabled supervised devices only | |
| Allow device to enter sleep mode | If set to false, the hibernation of the device is disabled supervised devices only | |
| Allow requests for password proximity | If set to false, password proximity requests are disabled supervised devices only | |
| Allow password sharing | If set to false, password sharing will be disabled supervised devices only | |
| Allow change of personal hotspot | If set to false, the change of the personal hotspot will be disabled supervised devices only | |
| Allow Podcasts | If set to false, podcasts will be disabled supervised devices only | |
| Allow proximity settings for new device | If set to false, the proximity set-up for the new device will be disabled supervised devices only | |
| Allow removal of system apps | If set to false, the removal of system apps is disabled supervised devices only | |
| Allow non-paired external boot for recovery | If set to false, unpaired external booting for recovery is disabled supervised devices only | |
| Allow restricted USB mode | If set to false, the restricted USB mode will be disabled supervised devices only | |
| Allow VPN creation | If set to false, VPN creation will be disabled supervised devices only | |
| Allowed apps in single app mode | Choose application | Allowed apps in single app mode supervised devices only |
| Force AirPrint Trusted TLS Requirement | If set to true, AirPrint enforces the trusted TLS request supervised devices only | |
| Enforce authentication before autofill | If set to true, authentication is enforced before autofilling supervised devices only | |
| Force automatic date and time | If set to true, the date and time are automatically enforced supervised devices only | |
| Force WLAN to approved networks only | If set to true, WLAN is forced only on allowed networks supervised devices only | |
| Allow account modification | If inactive, account modification will be disabled. notempty This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps.
notempty iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. supervised devices only
| |
| Allow app removal | Allows the user to remove apps supervised devices only | |
| Allow explicit content | Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only | |
| Allow use of iMessage | Allow use of iMessage supervised devices only | |
| Allow iBookstore | Supervised only. If disabled, iBookstore will be disabled supervised devices only | |
| Allow erotica in the iBookstore | Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only | |
| Allow use of iTunes | Allow the user to access and use iTunes supervised devices only | |
| Allow use of Safari | Allows the user to use Safari supervised devices only | |
| Allow Game Center | Allow Game Center | |
| Allow adding Game Center friends | Allow the user to add friends to the Game Center supervised devices only | |
| Allow modifying wallpaper | Allow changing the background image supervised devices only</smMS/deployment/profile.langall> | |
| Permit configuration of the screen time | Allow configuration restrictions supervised devices only | |
| Allow iCloud document sync | Allow document synchronization with iCloud supervised devices only | |
| Allow auto-fill in Safari | Allows autocomplete in Safari browser supervised devices only | |
| Allow predictive keyboard. | Allow predictive keyboard. supervised devices only | |
| Allow keyboard shortcuts. | Allow keyboard shortcuts. supervised devices only | |
| Allow autocorrect. | Allow autocorrect. supervised devices only | |
| Allow correction help. | Allow correction help. supervised devices only | |
| Allow definition. | Allow definition. supervised devices only | |
| Allow video conferencing | Allow video conferencing supervised devices only | |
| Enable Siri profanity filter | Enables Siri profanity filter. supervised devices only | |
| Allow app installation from Apple Configurator and iTunes | Allow only a connected Mac host to install applications supervised devices only | |
| Allow automatic app downloads | Allows automatic app downloads supervised devices only | |
| Allow app installation from the app store | Allow the user to install applications supervised devices only | |
| Allow modifying passcode | Allow changing the passcode supervised devices only | |
| Allow UI configuration profile installation | If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only | |
| Allow erase all content and settings | If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only | |
| Allow app clips | When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only | |
| Force delayed app updates | If set to true, delayed app updates are forced supervised devices only | |
| Force delayed software updates | When active, user visibility of software updates is delayed. supervised devices only | |
| Software Update Delay in days | 30
|
With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only |
For Apple TVs
| Restrictions | Default | Explanation |
|---|---|---|
| Restrict app use | Allow all apps Do not allow certain apps Allow only certain apps |
Configures whether no restriction, a blocklist or a allowlist is used for apps. supervised devices only |
|
Click box for app selection | Depending on the selection in the line above: Blocklisted Apps / Allowlisted Apps Searches the entire App Store for possible apps. supervised devices only |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only | |
| Allow AirDrop | If set to false, AirDrop will be disabled supervised devices only | |
| Allow AirPrint | If set to false, AirPrint will be disabled supervised devices only | |
| Allow saving AirPrint credentials | If set to false, the storage of AirPrint credentials is disabled supervised devices only | |
| Allow AirPrint iBeacon detection | If set to false, AirPrint iBeacon detection will be disabled supervised devices only | |
| Allow change of mobile tariff | If set to false, the change of the mobile tariff will be disabled supervised devices only
non | |
| Allow cloud keychain synchronization | If set to false, cloud keychain synchronization is disabled supervised devices only | |
| Allow private cloud relay | If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only | |
| Allow eSIM changes | If set to false, the eSIM change will be disabled | |
| Allow access to files on USB drive | If set to false, access to the files USB drive is disabled supervised devices only | |
| Allow change to find my friends | If set to false, the modification will be disabled for find my friends supervised devices only | |
| Allow host pairing | If set to false, host pairing is disabled supervised devices only | |
| Allow NFC | If set to false, NFC will be disabled supervised devices only | |
| Allow auto-complete password | If set to false, the auto-completion of the password will be disabled supervised devices only | |
| Allow device to enter sleep mode | If set to false, the hibernation of the device is disabled supervised devices only | |
| Allow requests for password proximity | If set to false, password proximity requests are disabled supervised devices only | |
| Allow password sharing | If set to false, password sharing will be disabled supervised devices only | |
| Allow change of personal hotspot | If set to false, the change of the personal hotspot will be disabled supervised devices only | |
| Allow Podcasts | If set to false, podcasts will be disabled supervised devices only | |
| Allow proximity settings for new device | If set to false, the proximity set-up for the new device will be disabled supervised devices only | |
| Allow removal of system apps | If set to false, the removal of system apps is disabled supervised devices only | |
| Allow non-paired external boot for recovery | If set to false, unpaired external booting for recovery is disabled supervised devices only | |
| Allow restricted USB mode | If set to false, the restricted USB mode will be disabled supervised devices only | |
| Allow VPN creation | If set to false, VPN creation will be disabled supervised devices only | |
| Allowed apps in single app mode | Choose application | Allowed apps in single app mode supervised devices only |
| Force AirPrint Trusted TLS Requirement | If set to true, AirPrint enforces the trusted TLS request supervised devices only | |
| Enforce authentication before autofill | If set to true, authentication is enforced before autofilling supervised devices only | |
| Force automatic date and time | If set to true, the date and time are automatically enforced supervised devices only | |
| Force WLAN to approved networks only | If set to true, WLAN is forced only on allowed networks supervised devices only | |
| Allow account modification | If inactive, account modification will be disabled. notempty This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps.
notempty iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. supervised devices only
| |
| Allow app removal | Allows the user to remove apps supervised devices only | |
| Allow explicit content | Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only | |
| Allow use of iMessage | Allow use of iMessage supervised devices only | |
| Allow iBookstore | Supervised only. If disabled, iBookstore will be disabled supervised devices only | |
| Allow erotica in the iBookstore | Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only | |
| Allow use of iTunes | Allow the user to access and use iTunes supervised devices only | |
| Allow use of Safari | Allows the user to use Safari supervised devices only | |
| Allow Game Center | Allow Game Center | |
| Allow adding Game Center friends | Allow the user to add friends to the Game Center supervised devices only | |
| Allow modifying wallpaper | Allow changing the background image supervised devices only</smMS/deployment/profile.langall> | |
| Permit configuration of the screen time | Allow configuration restrictions supervised devices only | |
| Allow iCloud document sync | Allow document synchronization with iCloud supervised devices only | |
| Allow auto-fill in Safari | Allows autocomplete in Safari browser supervised devices only | |
| Allow predictive keyboard. | Allow predictive keyboard. supervised devices only | |
| Allow keyboard shortcuts. | Allow keyboard shortcuts. supervised devices only | |
| Allow autocorrect. | Allow autocorrect. supervised devices only | |
| Allow correction help. | Allow correction help. supervised devices only | |
| Allow definition. | Allow definition. supervised devices only | |
| Allow video conferencing | Allow video conferencing supervised devices only | |
| Enable Siri profanity filter | Enables Siri profanity filter. supervised devices only | |
| Allow app installation from Apple Configurator and iTunes | Allow only a connected Mac host to install applications supervised devices only | |
| Allow automatic app downloads | Allows automatic app downloads supervised devices only | |
| Allow app installation from the app store | Allow the user to install applications supervised devices only | |
| Allow modifying passcode | Allow changing the passcode supervised devices only | |
| Allow UI configuration profile installation | If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only | |
| Allow erase all content and settings | If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only | |
| Allow app clips | When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only | |
| Force delayed app updates | If set to true, delayed app updates are forced supervised devices only | |
| Force delayed software updates | When active, user visibility of software updates is delayed. supervised devices only | |
| Software Update Delay in days | 30
|
With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only |
Save
Notification settings
Notification settingsAdd setting The settings are made separately for each app
| Caption | Value | Description |  |
|---|---|---|---|
| Application | Installed application | The bundle ID of the application. WARNING: Entering an unknown bundle ID can cause problems | |
| Enable notifications | Enables or disables notifications for this app | ||
| Alert type | Temporary banner | The alert type for this app's notifications: None/Banner/Alert | |
| Permanent banner | |||
| None | |||
| Badges enabled | Allow or disallow for this app | ||
| Enable critical alerts | When active, enables critical alerts that can ignore "Do not disturb" and ringtone settings for this app | ||
| Grouping type | Automatic | The notification grouping type | |
| by App | |||
| Off | |||
| Preview type | The notification type preview | ||
| When unlocked | Displays the notification only when the device is unlocked | ||
| Never | Never shows the notifications | ||
| Show on lock screen | Determines whether notifications can be displayed on the lock screen | ||
| Show in the Notification Center | Determines whether notifications are displayed in the Notification Center | ||
| Sounds enabled | Determines if sounds are allowed for this app | ||
Password
Password
Configuration by clicking on Activate Passcode
| Operation | Default | Description | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Request passcode on the device | Enforces the use of a passcode before using the device | ||||||||||||||||
| Set maximum number of failed attempts | Number of passcode entry attempts allowed before all data on device will be erased Maximum number of failed attempts 11
| ||||||||||||||||
| Set auto-lock | The number of minutes for which the device can be idle (without being unlocked by the user) before it gets locked by the system | ||||||||||||||||
| Set maximum passcode age | The number of days for which the passcode can remain unchanged 730
| ||||||||||||||||
| Restrict password complexity | Allows restricting password complexity
| ||||||||||||||||
| Use passcode history | Allows defining the number of different passcodes required between the reuse of passcodes
| ||||||||||||||||
| Use grace period for device lock | Allows defining the maximum time in minutes to unlock the phone
| ||||||||||||||||
Save
Apps
Apps| Caption | Value | Description |  |
|---|---|---|---|
AppsApps |
DieMaus | Selected apps previously created in the menu will be installed on the assigned devices | |
Web clipsWeb clips |
Securepoint Wiki (https://wiki.securepoint.de) | The Web Clips are web sites that can be viewed and accessed like a standalone application. Selected web clips are installed on the assigned devices. | |
App-Lock (Kiosk mode)
App-Lock (Kiosk mode)
The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.
Activate configuration
| Caption | Default | Description |
|---|---|---|
| Bundle ID | Bundle ID | Nur für interne Prüfzwecke |
| Optionen | ||
| Disable touch | If true, the touch screen is disabled | |
| Disable device rotation | If active, device rotation detection is disabled | |
| Disabling the volume keys | When active, the volume keys are disabled | |
| Deactivating bell switch | When active, the ringtone switch is disabled | |
| Disable sleep wake button | When active, the sleep / wake button is disabled | |
| Disable auto lock | ||
| Activate Voice-Over | If active, voice over is enabled | |
| Activate zoom | When active, zoom is enabled | |
| Enable inverting colors | If active, invert colors is enabled | |
| Enable AssistiveTouch | When active, AssistiveTouch is enabled | |
| Enable language selection | If active, the language selection is enabled. | |
| Enable mono audio | When active, mono audio is enabled | |
| User Enabled Options | ||
| Voice-Over | If active, VoiceOver customization is allowed | |
| Zoom | If active, the zoom setting is allowed | |
| Invert colors | If active, the colors invert setting is allowed | |
| AssistiveTouch | If active, AssistiveTouch customization is allowed | |
Finish the configuration with Save
Home screen layout
Home screen layout| Caption | Value | Description |  |
|---|---|---|---|
| Enable Home screen layout | After activation, settings can be made on the home screen layout | ||
| Select type | Use predefined layout | Uses an already existing home screen layout | |
| Creat a specific Home Screen Layout | Creates a profile specific layout | ||
| Select layout Only with Use predefined layout |
Test layout | Displays a selection of the layouts predefined under | |
| Only with Creating an individual home screen layout: |  | ||
| Type | Application | Applications from the Apple Appstore' | |
| System application | Provides a list of Apple system applications on the device as a selection | ||
| Web clip | Provides a list of apps created as Web clips as a selection | ||
| Folder | Adds a folder. Apps can then be moved into it via drag'n drop. Once the maximum number of apps that can be added to a page is reached, the folder can be configured by clicking the gear icon in the upper left corner and adding another page with +. | ||
| Choose app Only for the type Application and System application |
Choose app |
| |
| Web clip Only for the type Web clip |
Choose a web clip | List of Web Clips | |
| Name Only for the type Folder |
Name | Name of the folder on the home screen | |
| Add | Adds the selected element to the last page of the home screen The elements can be subsequently moved to other areas | ||
| Add all system applications Only for the type System application |
Adds the selected element to the last page of the home screen The elements can be subsequently moved to other areas | ||
| Add all apps Only for the type Application |
Adds all apps from the menu or apps with to the last page of the homescreen The elements can be subsequently moved to other areas | ||
| Save | Creates the home screen layout, saves the profile and exits the profile edit mode | ||
| Close | Closes the menu without saving the layout or applying changes | ||
Wallpaper
Wallpaper| Caption | Value |  |
|---|---|---|
| Enable wallpaper | Activates the settings for wallpaper configuration | |
| Select Wallpaper | Opens a dialog where an image can be uploaded in .jpg or .png format. Then the image can be checked and selected. | |
| Use wallpaper also as lock screen | Uses the same image for the lock screen as well | |
| Select lock screen | Opens a dialog where an image can be uploaded in .jpg or .png format. Then the image can be checked and selected. | |
Networks
Networks
In this section, access profiles for WiFi networks can be configured and pushed to the device.
Add a network configuration with
| Caption | Value | Description |  |
|---|---|---|---|
Network configurations | |||
| Name | Name | Name of the configuration | |
| Type | WiFi | Configuration type (WiFi predefined) | |
| SSID | SSID | The SSID of the network | |
| Security | Security Level of the network key | ||
| None | No security | ||
| WEP-PSK | insecure | ||
| WPA-PSK | secure | ||
| Password | Password | The networks passphrases. Hidden with placeholders. shows the password in plain text. | |
| Hidden SSID | Specifies whether the SSID of the network is visible (button off) or hidden (button on). | ||
| Autoconnect | Enable to automatically connect the device to the network. | ||
Global HTTP proxyA Global HTTP proxy can be configured, for example, if devices are permanently on the same network and a local proxy is to be used on the device. | |||
| Use global HTTP proxy | Activates the global HTTP proxy | ||
| Type | Manual Automatic |
For a manual proxy type, the profile contains the proxy server address, including the port, and optionally a user name and password. For an auto proxy type, you can enter a PAC URL. | |
| Allow captive login | When active, the device can bypass the proxy server to display the login page for networks with a captive portal | ||
| User name | User name | The username used to authenticate to the proxy server | |
| Password | Password | The password used for authentication to the proxy server | |
| Server | Server | The network address of the proxy server | |
| Serverport | 8080 |
||
Finish the configuration with Save
E-Mail & Exchange Active Sync
E-Mail & Exchange Active SyncMultiple mail accounts can be set up in the E-mail settings section.
These settings affect IMAP or POP3 accounts.
Email accounts
| Email accounts | Add account | ||||||||||||||||||||||||||||||||||||||
| Operation | Default | Description |  | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Account description | Account description | The display name of the account (e.g. "Company Mail Account") | |||||||||||||||||||||||||||||||||||||
| Account name | Account name | The display name of the user (e.g. "John Appleseed") Variables can be used as well. The values are taken from the user settings of the user to whom the respective device is assigned
| |||||||||||||||||||||||||||||||||||||
| Email address | Email address | The address of the account (e.g. "john@company.com") Variables can be used as well. The values are taken from the user settings of the user to whom the respective device is assigned
The entry %device_email% reads the email address from the user settings of the user to whom the device is assigned. | |||||||||||||||||||||||||||||||||||||
| Prevent move | If set to true, messages may not be moved out of this email account into another account | ||||||||||||||||||||||||||||||||||||||
| Disable Mail Recents Syncing | If set to true, this account is excluded from address recents syncing | ||||||||||||||||||||||||||||||||||||||
| Allow Mail drop | If set to true, this account is allowed to use Mail drop | ||||||||||||||||||||||||||||||||||||||
| Prevent App Sheet | If set to true, this account will not be available for sending mail in third party applications | ||||||||||||||||||||||||||||||||||||||
| S/MIME Enabled | If set to true, this account will support S/MIME | ||||||||||||||||||||||||||||||||||||||
| S/MIME signing enabled | If set to true, this account will enable message signing | ||||||||||||||||||||||||||||||||||||||
| S/MIME Encryption Enabled | If set to true, this account will support message encryption | ||||||||||||||||||||||||||||||||||||||
| If set to true, enables the per-message encryption switch | |||||||||||||||||||||||||||||||||||||||
| Incoming mails | |||||||||||||||||||||||||||||||||||||||
| Operation | Default | Description | |||||||||||||||||||||||||||||||||||||
| Mail server | Mail server | Hostname or IP address | |||||||||||||||||||||||||||||||||||||
| Port | 993 |
Port number for incoming mail | |||||||||||||||||||||||||||||||||||||
| Account type | IMAP |
The protocol for accessing the email account | |||||||||||||||||||||||||||||||||||||
| User name | Select user | The username used to connect to the server for incoming emails Variables can be used as well. The values are taken from the user settings of the user to whom the respective device is assigned
| |||||||||||||||||||||||||||||||||||||
| Path prefix | Path prefix | Path prefix for IMAP mail server | |||||||||||||||||||||||||||||||||||||
| Incoming Mail Server authentification | authentication method | The authentication method for the incoming mail server None Password CrammD5 NTLM HTTPMD5 | |||||||||||||||||||||||||||||||||||||
| Password | Password | The password for the incoming mail server | |||||||||||||||||||||||||||||||||||||
| Use SSL | Send outgoing mail through Secure Socket Layer | ||||||||||||||||||||||||||||||||||||||
| Outgoing mails | |||||||||||||||||||||||||||||||||||||||
| Operation | Default | Description | |||||||||||||||||||||||||||||||||||||
| Mail server | Mail server | Hostname or IP address for outgoing email | |||||||||||||||||||||||||||||||||||||
| Port | 587 |
The port number for outgoing email | |||||||||||||||||||||||||||||||||||||
| User name | Select user | The username used to connect to the server for outgoing mail Examples:
The values are taken from the user settings of the user to whom the respective device is assigned
| |||||||||||||||||||||||||||||||||||||
| authentication type | authentication method | The authentication method for the outgoing mail server Password CrammD5 NTLM HTTPMD5 | |||||||||||||||||||||||||||||||||||||
| Outgoing Password: Same as incoming | SMTP authentication uses the same password as POP/IMAP server for incoming emails
| ||||||||||||||||||||||||||||||||||||||
| Use SSL | end outgoing mail through Secure Socket Layer | ||||||||||||||||||||||||||||||||||||||
Exchange accounts
Exchange accounts Add account
Configuration for Exchange mails retrieved via https connections Configuration by clicking on Activate Exchange
| Operation | Default | Description |  | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Account name | The display name of the user (e.g. "John Appleseed"). Different variables can be used. The values are taken from the user settings of the user to whom the respective device is assigned
| ||||||||||||||||||||||||||||||||||||||
| Exchange ActiveSync-Host | Enter host | Host name or IP address of the Exchange server | |||||||||||||||||||||||||||||||||||||
| Past days of mail to sync | Forever | Synchronization period | |||||||||||||||||||||||||||||||||||||
| Use SSL | Send all communication through Secure Socket layer | ||||||||||||||||||||||||||||||||||||||
| Email address | Select email address | The address of the account to be synchronized (e.g. "john@company.com") Variables can be used as well. The values are taken from the user settings of the user to whom the respective device is assigned
| |||||||||||||||||||||||||||||||||||||
| User | User name | Mail domain and mail user
| |||||||||||||||||||||||||||||||||||||
| Password | Password | The password for the account | |||||||||||||||||||||||||||||||||||||
| Payload-Zertifikats-UUID | Select certificate | UUID of the certificate that is used for authentication | |||||||||||||||||||||||||||||||||||||
| Prevent move | If set to true, messages may not be moved out of this email account into another account | ||||||||||||||||||||||||||||||||||||||
| Prevent App Sheet | If set to true, this account will not be available for sending mail in third party applications | ||||||||||||||||||||||||||||||||||||||
| Allow Mail Drop | If set to true, this account is allowed to use Mail Drop | ||||||||||||||||||||||||||||||||||||||
| S/MIME Enabled | If set to true, this account will support S/MIME | ||||||||||||||||||||||||||||||||||||||
|
If set to true, this account will enable message signing | ||||||||||||||||||||||||||||||||||||||
|
If set to true, this account will support message encryption | ||||||||||||||||||||||||||||||||||||||
|
|
If set to true, enables the per-message encryption switch | ||||||||||||||||||||||||||||||||||||||
| Disable Mail Recents Syncing | If set to true, this account is excluded from address Recents syncing | ||||||||||||||||||||||||||||||||||||||
Save
Example: Office365 accounts
Integration of an Office 365 account with OAuth (Example)
Configuration in the Email & Exchange Active Sync tab when adding an Exchange Account
| Operation | Value | Description |
|---|---|---|
| Account name | Account name | Name of the user to be displayed |
| Exchange ActiveSync-Host | outlook.office365.com | Example for Office365 |
| Forever | Possible values: 1 day, 3 days, 1 week, 2 weeks, 1 month, forever | |
| Use SSL | Sends all communications via Secure Socket Layer.
notempty Securepoint recommends to activate the option
| |
| Use SSL | support.ttt-point.onmicrosoft.de | Possible addresses are selectable from the dropdown menu incl. variables that take the information from the user data |
| User | support.ttt-point.onmicrosoft.de | Domain and user must remain empty if the device is expected to query |
| Password | The password for the email account on the mail server notempty If OAuth is specified, the password field should remain blank
| |
| Use OAuth | Specifies whether the connection should use OAuth for authentication.
| |
| OAuth login URL | https://login.microsoftonline.com/common/oauth2/v2.0/authorize | |
| OAuth token request URL | https://login.microsoftonline.com/common/oauth2/v2.0/token | OAuth token request URL Here shown for Office365 accounts |
| Payload certificate UUID: | None | If the authentication on the Exchange server is to be done with a certificate, this can be selected here. notempty The certificate must be added under beforehand. Detailed information on this can be found in the wiki for certificates Additionally, in the Certificates tab, the desired certificate must be added in the click box to be transferred to the device. |
Calendar
CalendarCalendar with user account
Calendar with user account
The values are taken from the user settings of the user to whom the respective device is assigned
| Variable name in profiles | Description | Example |  |
|---|---|---|---|
| $username$ alternative names: %device_user% %device_user_username% |
Username | jdoe | |
| $emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de | |
| $firstname$ alternative name: %device_user_firstname% |
First name | John | |
| $lastname$ alternative name: %device_user_lastname% |
Last name | Doe | |
| $name$ alternative name: %device_user_name% |
First name and surname | John Doe | |
| $variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local | |
| $variable2$ alternative name: %variable2% |
custom value | ||
| $variable3$ alternative name: %variable3% |
custom value | ||
| $device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller | |
| $device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Storage1 | |
| Defining the values in the user administration in the portal under: or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary. | |||
| User | Add account | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Hostname | Hostname | Server address of the calendar | |
| User name | User name | The username used to authenticate to the proxy server | |
| Password | Optional. The password of the user | ||
| Use SSL | Sends all communications via Secure Socket Layer. | ||
| Port | Port |
Optional. The port of the server to which the connection is made. | |
| Main URL | Main URL | The URL to the user's calendar. In iOS/iPadOS, this URL is required when the user does not provide a password, because the service auto-detection fails and the account is not created. Optional.
| |
| Account description | Account description | Optional. The description of the account. | |
Add subscription
Subscribed calendar
The values are taken from the user settings of the user to whom the respective device is assigned
| Variable name in profiles | Description | Example | |
|---|---|---|---|
| $username$ alternative names: %device_user% %device_user_username% |
Username | jdoe | |
| $emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de | |
| $firstname$ alternative name: %device_user_firstname% |
First name | John | |
| $lastname$ alternative name: %device_user_lastname% |
Last name | Doe | |
| $name$ alternative name: %device_user_name% |
First name and surname | John Doe | |
| $variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local | |
| $variable2$ alternative name: %variable2% |
custom value | ||
| $variable3$ alternative name: %variable3% |
custom value | ||
| $device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller | |
| $device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Storage1 | |
| Defining the values in the user administration in the portal under: or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary. | |||
| Subscriptions | Add subscription | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Hostname | Hostname | Server address of the calendar | |
| User name | User name | The username used to authenticate to the proxy server | |
| Password | Optional. The password of the user | ||
| Use SSL | Sends all communications via Secure Socket Layer. | ||
| Port | Port |
Optional. The port of the server to which the connection is made. | |
| Account description | Account description | Optional. The description of the account. | |
CardDav
CardDav Variables can be used as well.The values are taken from the user settings of the user to whom the respective device is assigned
| Variable name in profiles | Description | Example | |
|---|---|---|---|
| $username$ alternative names: %device_user% %device_user_username% |
Username | jdoe | |
| $emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de | |
| $firstname$ alternative name: %device_user_firstname% |
First name | John | |
| $lastname$ alternative name: %device_user_lastname% |
Last name | Doe | |
| $name$ alternative name: %device_user_name% |
First name and surname | John Doe | |
| $variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local | |
| $variable2$ alternative name: %variable2% |
custom value | ||
| $variable3$ alternative name: %variable3% |
custom value | ||
| $device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller | |
| $device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Storage1 | |
| Defining the values in the user administration in the portal under: or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary. | |||
| User | Add account | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Hostname | Hostname | Address of the address book server | |
| User name | User name | The username used to authenticate to the proxy server | |
| Password | Password | Optional. The password of the user | |
| Use SSL | Sends all communications via Secure Socket Layer. | ||
| Port | Port |
Optional. The port of the server to which the connection is made. | |
| Main URL | Main URL | The URL to the user's address book | |
| Account description | Account description | Optional. The description of the account. | |
Google account
Google account| Caption | Value | Description |  |
|---|---|---|---|
| User | Add account | Adds a Google account. This also makes available, for example, the history of Google searches or individual Google Maps configurations such as special points on the device | |
| Account description | Account description | The display name of the account (for example, "Enterprise Server Account") | |
| Account name | Account name | Full username of the Google account | |
| Email address | m.mueller.ttt-point@gmailcom | The account address (e.g. "mdm.ttt-point@gmail.com") Addresses can be selected from created user addresses (from ) or entered freely. | |
| Audio calls | Enter id | The app to be used for making calls when contacts of this account are dialed | |
AirPrint
AirPrint| Caption | Value | Description |  |
|---|---|---|---|
| Printer | Add printer | Adds a printer configuration that should always be displayed | |
| IP address | IP address | The IP address of the AirPrint destination | |
| Resource path | ipp/print | The resource path associated with the printer. This corresponds to the rp parameter of the _ipps.tcp Bonjour record. For example: printers/Canon_MG5300_series, printers/Xerox_Phaser_7600 or ipp/print | |
| Port | Port |
The port to use to connect to the printer or print server | |
| Force TLS | Secures active AirPrint connections through Transport Layer Security (TLS) when enabled. | ||
Certificates
Certificates
Certificates are required, for example, to retrieve emails from an Exchange server with https or to confirm the authenticity of self-signed apps.
| Caption | Value | Description |
|---|---|---|
| Certificates | Select certificates | Selection of Base-64-encoded X.509 certificates imported in the menu. |
Security
Security
| Caption | Value | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Allow Suspend Always-On-VPN | Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Allow other VPN profiles | Allows adding other VPN profiles in addition to the security profile | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Authentifizierung nach App-Start erforderlich notempty New as of 2.1 |
Wenn aktiviert, ist eine Authentifizierung (PIN oder biometrisch) beim App-Start erforderlich. Diese muss der User festlegen. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Activate security | To be able to use Mobile Security, the "Securepoint VPN Client" app is first installed automatically. This requires either a VPP license from the Apple Business Manager or an Apple ID on the device. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Protocol | TCP | Protocol used for VPN tunnel. TCP or UDP | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Portfilter Type | Open | Filter network traffic based on network ports.all ports are open | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Closed | Only port 80 (http) and 443 (https) are enabled | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Selection | Port filter rule selection: Specify which port collections are open for network traffic:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SSL interception | Default | Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Content-Filter Allowlist | Add entries | Click box: Web pages that are to be added to a allowlist. Possible entries: Contentfilter | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Content-Filter Blocklist | Add entries | Click box: Websites that are to be added to a blocklist. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Disable for SSIDs | Add SSIDs | Enter WLAN SSIDs for which the security features shall be disabled. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Disable for IP addresses | Add IPs | IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Exclude local WLAN from VPN | If enabled, a route is added that excludes the local WLAN IP range from the tunnel. |
Lockscreen Message
Lockscreen Message
Information that can be displayed on the login screen and lock screen.
Devices used by different people can thus display accessible information for everyone (e.g. an inventory number).
Devices used by different people
Shared device in Apple terminology
Supervised devices only.
The values are taken from the user settings of the user to whom the respective device is assigned
| Variable name in profiles | Description | Example | |
|---|---|---|---|
| $username$ alternative names: %device_user% %device_user_username% |
Username | jdoe | |
| $emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de | |
| $firstname$ alternative name: %device_user_firstname% |
First name | John | |
| $lastname$ alternative name: %device_user_lastname% |
Last name | Doe | |
| $name$ alternative name: %device_user_name% |
First name and surname | John Doe | |
| $variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local | |
| $variable2$ alternative name: %variable2% |
custom value | ||
| $variable3$ alternative name: %variable3% |
custom value | ||
| $device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller | |
| $device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Storage1 | |
| Defining the values in the user administration in the portal under: or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary. | |||
| Caption | Default | Description |
|---|---|---|
| Activate configuration | After setting this, you can set the shared device configuration. Shared device configuration options allow you to specify optional text to be displayed in the login window and lock screen (i.e. a ”If lost, return to” message and Asset Tag information). It is supported on iOS 9.3 and later.HALLO DU | |
| Lockscreen footnote | Optional. A footnote displayed on the login window and lock screen. | |
| Asset Tag Information | Optional. Asset tag information for the device, displayed on the login window and lock screen. |
Save
Apple TV
Apple TV| Conference room display | |||
| Caption | Value | Description |  |
|---|---|---|---|
| Activate Conference room display | Conference room display mode locks Apple TV in this mode to prevent other uses | ||
| Message | Enter message | The custom message displayed on the screen in the conference room display mode | |
| TV remote control | |||
| Caption | Value | Description | |
| Activate TV remote control | Enables configuration of the Apple TV Remote | ||
| Allowed remotes | Add remotes | Add remotes | |
| Remote devices ID | MAC address | A valid device that Apple TV can connect to | |
| Allowd TVs | Add TV | Add TVs | |
| Name | Name of the TV | The name of the TV | |
| TV ID | MAC address | A valid Apple TV identifier that the Remote can connect to | |
| AirPlay security | |||
| Caption | Value | Description | |
| Activate AirPlay security | Enables AirPlay security settings | ||
| Access type | The AirPlay access policy Any Wifi only | ||
| Security level | The AirPlay security policy One time passcode Forever passcode Password | ||
Save