Managing iOS profiles with the Apple TV type in the Mobile Security Portal
Last adaptation to the version: 1.28 (07.2024)
New:
- Changed menu navigation
This article refers to a Beta version
Preamble
In a profile permissions, restrictions, password requirements, email settings and security settings are configured.
Several users or user groups (roles) can be assigned to a profile.
Several devices or device groups (devices designated by tags) can be assigned to a profile.
For a large number of devices and users it is recommended to map the assignment via groups.
- Device registration is directly tied to a profile
- A profile must be created first' (and configured) before a device can be registered
In Android Enterprise profiles, numerous security-relevant settings can be made, e.g.
- Disable Kamara
- Disable microphone
- Disable USB file transfer
- Disable outgoing calls
- Disable Bluetooth
- Disable contact sharing
- Disable tethering
- Disable sms
- Enable network only with VPN
- and much more.
Android Enterprise Profiles are used immediately and do not need to be published!
- Outdated Android profiles behave fundamentally different than Android Enterprise Profiles (EMM)
- It is no longer possible to assign a profile to a role, user or tag
Overview of profile management | ||||
| In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles. |  |
 | ||
General Options | ||||
| Sorts the tiles by profile name | ||||
| Sorts the tiles according to the priority of the profile | ||||
| Sorts the tiles in ascending or descending order according to the selected criterion | ||||
| Filters on profile tiles that contain the search text | ||||
| Add profile | Creates a new profile. The settings in the profile vary depending on the operating system. | |||
| Import profile | Existing profiles that were previously exported from the Securepoint Mobile Security Portal can be imported here | |||
| Hide generated profiles | Hides the generated profiles | |||
| Show details | Show / hide details: For a large number of profiles, it can be useful to hide the most important details for clarity. | |||
| / List view / Grid view | Switch between lists and grid view | |||
| Refresh | Refreshes the display | |||
Profile tile
| ||||
Profile-Options
| ||||
| The button at the top right of each profile tile provides the following options: | ||||
| Edit | Editing the settings (see below) | |||
| Copy | Copying the profile to the clipboard | |||
| Export | Exporting the settings | |||
| Delete | The profile is deleted notempty
New as of: 2.5 | |||
Details displayed in the profile tile: | ||||
| Updated | Changes have been made to the profile that have not yet been published! | |||
| Partially installed | Not all sub profiles were able to be installed | |||
Profile information | ||||
| Type | Profile type (see below) | |||
| Roles | Roles | |||
| Users | User | |||
| Devices | Devices | |||
| tags | Tags | |||
| Parts | Listing of the sub-profiles that make up the complete Mobile Security Profile. | |||
Copy & paste of profiles
| ||||
| Click on the logo of the profile tile to mark one or more profiles In the general options, another field now appears under the filter mask: | ||||
| Action for selected items | Execute the selected action with Ok | |||
| Copies one or more selected profiles to the clipboard | ||||
| Deletes one or more selected profiles notempty
New as of: 2.5 | ||||
| Paste | Inserts a copy of a profile from the clipboard
| |||
Configuration iOS profile AppleTV
General iOS
General
Add profile
| Caption | Values | Description |  |
|---|---|---|---|
| Type | Device profile | Standard device profile | |
| Shared iPad | Profile that allows different users for one iPad | ||
| Apple TV profiles | Profile with limited settings options. Additional settings for Apple TV | ||
| User Enrollmant profile | Profile owned by the user on which managed apps of the company can be installed | ||
| Name | Name | Profile name | |
| Priority | 5 | The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles. | |
| Roles | Add roles | Click-Box: The profile will be assigned to all devices of all users with these roles | |
| Users | Add users | The profile will be assigned to all devices from these users | |
| Devices | Add devices | The profile will be assigned to these devices | |
| Tags | Add tags | The profile will be assigned to all devices with these tags | |
| Comment | Comment | Comment | |
| Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
| Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Restrictions
Restrictions
Configuration by clicking on Activate restrictions
Numerous restrictions can be configured to control the behavior of a device.
List of possible restrictions with default values and explanations:
General restrictions
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restriction | Default | Explanation |
|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
| Allow automatic unlocking | When deactivated , the automatic unlocking is disabled | |
| Allow cloud address book | When deactivated , the cloud address book will be disabled | |
| Allow cloud bookmarks | When deactivated , cloud bookmarks will be disabled | |
| Allow cloud calendar | When deactivated , the cloud calendar will be disabled | |
| Allow cloud desktop & documents | When deactivated , cloud desktop and documents will be disabled | |
| Allow cloud mail | When deactivated , cloud mail will be disabled | |
| Allow cloud notes | When deactivated , cloud notes will be disabled | |
| Allow cloud reminders | When deactivated , cloud reminders will be disabled | |
| Allow content caching | When deactivated , content caching will be disabled | |
| Allow iTunes file sharing | When deactivated , iTunes file sharing will be disabled | |
| Allow automatic screen saver | When deactivated , automatic screen savers are not permitted | |
| Allow lock screen ControlCenter | When deactivated , the ControlCenter is disabled for the lock screen | |
| Allow lock screen notifications to display | When deactivated , the notification preview of the lock screen will be disabled | |
| Allow lock screen view today | When deactivated , today's lock screen view will be disabled | |
| Allow to write unmanaged contacts | When deactivated , writing unmanaged contacts will be disabled | |
| Allow unmanaged reading of managed contacts | When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app | |
| Allow OTAPKI updates | When deactivated , OTAPKI updates are disabled | |
| Allow temporary session of the shared device | When deactivated , the temporary session of the shared device is disabled | |
| Force password for outgoing AirPlay requests | When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
| Force encrypted backups | When activated , encrypted backups are enforced | |
| Limit ad tracking | When activated , ad tracking will be restricted | |
| Dictation only | When activated , connections to Siri servers for dictation are disabled | |
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
| Allow QuickPath keyboard | When deactivated , the QuickPath keyboard is disabled | |
| Allow network access for files | When deactivated , the connection to network drives is prevented in the file app | |
| Allow USB drive for files | When deactivated , it prevents the File app from connecting to connected USB devices | |
| Allow Find My Device | When deactivated , Find My Device is disabled in the Find my App | |
| Allow Find My Friends | When deactivated , Find My Friends is disabled in the Find My app | |
| Force WiFi activation | When activated it prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode.
It does not prevent selecting which Wi-Fi network to use. | |
| Allow trusting enterprise apps | When deactivated , Enterprise apps are not trusted | |
| Allow screenshots and screen recording | When deactivated , screenshots and screen recordings cannot be created | |
| Allow Apple Music | When deactivated , Apple Music will be disabled in the Music app | |
| Allow iTunes Radio | Allow iTunes Radio | |
| Allow shared stream | When deactivated , the shared stream is disabled | |
| Allow Wallet while locked | When deactivated , wallet notifications will not be shown on the lock screen | |
| Allow use of News | When deactivated no news can be used | |
| Allow modifying bluetooth settings | When deactivated , changes to the Bluetooth settings are not permitted | |
| Allow modifying cellular data usage for app settings | When deactivated , the mobile data uses for app settings cannot be changed | |
| Allow modifying device name | When deactivated , the device name cannot be changed | |
| Allow automatic sync while roaming | When deactivated , automatic synchronisation is deactivated during roaming | |
| Allow iCloud sync for managed apps | When deactivated , iCloud synchronisation is deactivated for managed apps | |
| Allow enterprise books backup | When deactivated , Enterprise books are not saved | |
| Allow enterprise books and highlights to sync | When deactivated , Enterprise books and highlights are not synchronised | |
| Allow email privacy | When activated , Apple's Mail Privacy Protection (AMPP) is activated | |
| Allow In App purchases | When deactivated no in-app purchases can be made | |
| Allow multiplayer gaming | When deactivated , multiplayer gaming is not allowed | |
| Allow voice dialing while device is locked | When deactivated , no voice dialling is allowed, even if the device is locked | |
| Force Apple Watch wrist detection | When activated , Apple Watch wrist detection is enforced | |
| Allow pairing with Apple Watch | When deactivated , pairing with Apple Watch is not permitted | |
| Allow Internet results in Spotlight | When deactivated , search results from the web will not be shown in Spotlight | |
| Allow user to accept untrusted TLS certificates | When deactivated , the user is not allowed to accept untrusted certificates in TLS | |
| Allow Photo Stream | When deactivated , the use of Photo-Stream is not permitted on the device | |
| Allow iCloud Photo Library | When deactivated , the use of the iCloud Photo Library on the device is not permitted | |
| Allow iCloud backup | When deactivated , the backup with the iCloud is not permitted | |
| Allow personalized advertising | When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later | |
| Requires iTunes password for all purchases | When activated , the user's iTunes password is required for all purchases | |
| Apps ranking number | 1000 | The value entered describes the maximum permitted level of apps relevant to youth protection on the device. |
| Movies ranking number | 1000 | The value entered describes the maximum permitted level of films relevant to youth protection on the device. |
| TV Shows ranking number | 1000 | The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. |
| Region code | Germany | Two-character code for the region used to specify ratings |
| Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
| From websites I visited | Accepts cookies from all visited websites | |
| Always | Accepts all cookies | |
| Allow JavaScript | When deactivated , JavaScript is not allowed in Safari | |
| Allow Pop-ups | When deactivated , pop-ups are not allowed in Safari | |
| Enable fraud warning | When activated , the fraud warning in Safari is activated | |
| Force translation on the device only | When activated , the device does not connect to Siri servers for translation purposes | |
| Allow unmanaged documents in managed apps | When activated , it allows managed apps to access unmanaged documents | |
| Allow managed documents in unmanaged apps | When activated , allows unmanaged apps to access managed documents | |
| Managed clipboard required | When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
| Treat AirDrop as unmanaged destination | When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop | |
| Allows Handoff | When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
| Allow Touch ID/Face ID for unlocking | When deactivated , Touch ID/Face ID is not allowed to unlock the device | |
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
| Allow modifying notification settings | When deactivated , changing the notification settings is not allowed | |
| Allow incoming AirPlay requests | When deactivated , incoming AirPlay requests are not allowed | |
| Allow pairing with Remote app | When deactivated , pairing with remote app is not permitted | |
| Allow dictation | When deactivated , dictations are not allowed | |
| Allow camera use | When deactivated , the user is not allowed to use the camera | |
| Allow Siri | When deactivated , Siri is not allowed | |
| Allow Siri while locked | When deactivated , Siri is not allowed while the device is locked | |
| Allow Siri user generated content | When deactivated , it prevents Siri from querying requests with user-generated content | |
| Allow modifying Touch ID/Face ID | When deactivated , the user is not permitted to change the Touch ID/Face ID | |
| Allow diagnostic submission | When deactivated , diagnostic and usage data is not sent to Apple | |
| Allow modifying diagnostics settings | When deactivated , the user is not permitted to change the diagnostic settings | |
| notempty New as of: 2.6 |
When deactivated , the system deactivates the Apple Intelligence reports. Available in iOS 18.4 and higher. |
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restriction | Default | Explanation |
|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
| Allow automatic unlocking | When deactivated , the automatic unlocking is disabled | |
| Allow cloud address book | When deactivated , the cloud address book will be disabled | |
| Allow cloud bookmarks | When deactivated , cloud bookmarks will be disabled | |
| Allow cloud calendar | When deactivated , the cloud calendar will be disabled | |
| Allow cloud desktop & documents | When deactivated , cloud desktop and documents will be disabled | |
| Allow cloud mail | When deactivated , cloud mail will be disabled | |
| Allow cloud notes | When deactivated , cloud notes will be disabled | |
| Allow cloud reminders | When deactivated , cloud reminders will be disabled | |
| Allow content caching | When deactivated , content caching will be disabled | |
| Allow iTunes file sharing | When deactivated , iTunes file sharing will be disabled | |
| Allow automatic screen saver | When deactivated , automatic screen savers are not permitted | |
| Allow lock screen ControlCenter | When deactivated , the ControlCenter is disabled for the lock screen | |
| Allow lock screen notifications to display | When deactivated , the notification preview of the lock screen will be disabled | |
| Allow lock screen view today | When deactivated , today's lock screen view will be disabled | |
| Allow to write unmanaged contacts | When deactivated , writing unmanaged contacts will be disabled | |
| Allow unmanaged reading of managed contacts | When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app | |
| Allow OTAPKI updates | When deactivated , OTAPKI updates are disabled | |
| Allow temporary session of the shared device | When deactivated , the temporary session of the shared device is disabled | |
| Force password for outgoing AirPlay requests | When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
| Force encrypted backups | When activated , encrypted backups are enforced | |
| Limit ad tracking | When activated , ad tracking will be restricted | |
| Dictation only | When activated , connections to Siri servers for dictation are disabled | |
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
| Allow QuickPath keyboard | When deactivated , the QuickPath keyboard is disabled | |
| Allow network access for files | When deactivated , the connection to network drives is prevented in the file app | |
| Allow USB drive for files | When deactivated , it prevents the File app from connecting to connected USB devices | |
| Allow Find My Device | When deactivated , Find My Device is disabled in the Find my App | |
| Allow Find My Friends | When deactivated , Find My Friends is disabled in the Find My app | |
| Force WiFi activation | When activated it prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode.
It does not prevent selecting which Wi-Fi network to use. | |
| Allow trusting enterprise apps | When deactivated , Enterprise apps are not trusted | |
| Allow screenshots and screen recording | When deactivated , screenshots and screen recordings cannot be created | |
| Allow Apple Music | When deactivated , Apple Music will be disabled in the Music app | |
| Allow iTunes Radio | Allow iTunes Radio | |
| Allow shared stream | When deactivated , the shared stream is disabled | |
| Allow Wallet while locked | When deactivated , wallet notifications will not be shown on the lock screen | |
| Allow use of News | When deactivated no news can be used | |
| Allow modifying bluetooth settings | When deactivated , changes to the Bluetooth settings are not permitted | |
| Allow modifying cellular data usage for app settings | When deactivated , the mobile data uses for app settings cannot be changed | |
| Allow modifying device name | When deactivated , the device name cannot be changed | |
| Allow automatic sync while roaming | When deactivated , automatic synchronisation is deactivated during roaming | |
| Allow iCloud sync for managed apps | When deactivated , iCloud synchronisation is deactivated for managed apps | |
| Allow enterprise books backup | When deactivated , Enterprise books are not saved | |
| Allow enterprise books and highlights to sync | When deactivated , Enterprise books and highlights are not synchronised | |
| Allow email privacy | When activated , Apple's Mail Privacy Protection (AMPP) is activated | |
| Allow In App purchases | When deactivated no in-app purchases can be made | |
| Allow multiplayer gaming | When deactivated , multiplayer gaming is not allowed | |
| Allow voice dialing while device is locked | When deactivated , no voice dialling is allowed, even if the device is locked | |
| Force Apple Watch wrist detection | When activated , Apple Watch wrist detection is enforced | |
| Allow pairing with Apple Watch | When deactivated , pairing with Apple Watch is not permitted | |
| Allow Internet results in Spotlight | When deactivated , search results from the web will not be shown in Spotlight | |
| Allow user to accept untrusted TLS certificates | When deactivated , the user is not allowed to accept untrusted certificates in TLS | |
| Allow Photo Stream | When deactivated , the use of Photo-Stream is not permitted on the device | |
| Allow iCloud Photo Library | When deactivated , the use of the iCloud Photo Library on the device is not permitted | |
| Allow iCloud backup | When deactivated , the backup with the iCloud is not permitted | |
| Allow personalized advertising | When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later | |
| Requires iTunes password for all purchases | When activated , the user's iTunes password is required for all purchases | |
| Apps ranking number | 1000 | The value entered describes the maximum permitted level of apps relevant to youth protection on the device. |
| Movies ranking number | 1000 | The value entered describes the maximum permitted level of films relevant to youth protection on the device. |
| TV Shows ranking number | 1000 | The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. |
| Region code | Germany | Two-character code for the region used to specify ratings |
| Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
| From websites I visited | Accepts cookies from all visited websites | |
| Always | Accepts all cookies | |
| Allow JavaScript | When deactivated , JavaScript is not allowed in Safari | |
| Allow Pop-ups | When deactivated , pop-ups are not allowed in Safari | |
| Enable fraud warning | When activated , the fraud warning in Safari is activated | |
| Force translation on the device only | When activated , the device does not connect to Siri servers for translation purposes | |
| Allow unmanaged documents in managed apps | When activated , it allows managed apps to access unmanaged documents | |
| Allow managed documents in unmanaged apps | When activated , allows unmanaged apps to access managed documents | |
| Managed clipboard required | When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
| Treat AirDrop as unmanaged destination | When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop | |
| Allows Handoff | When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
| Allow Touch ID/Face ID for unlocking | When deactivated , Touch ID/Face ID is not allowed to unlock the device | |
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
| Allow modifying notification settings | When deactivated , changing the notification settings is not allowed | |
| Allow incoming AirPlay requests | When deactivated , incoming AirPlay requests are not allowed | |
| Allow pairing with Remote app | When deactivated , pairing with remote app is not permitted | |
| Allow dictation | When deactivated , dictations are not allowed | |
| Allow camera use | When deactivated , the user is not allowed to use the camera | |
| Allow Siri | When deactivated , Siri is not allowed | |
| Allow Siri while locked | When deactivated , Siri is not allowed while the device is locked | |
| Allow Siri user generated content | When deactivated , it prevents Siri from querying requests with user-generated content | |
| Allow modifying Touch ID/Face ID | When deactivated , the user is not permitted to change the Touch ID/Face ID | |
| Allow diagnostic submission | When deactivated , diagnostic and usage data is not sent to Apple | |
| Allow modifying diagnostics settings | When deactivated , the user is not permitted to change the diagnostic settings | |
| notempty New as of: 2.6 |
When deactivated , the system deactivates the Apple Intelligence reports. Available in iOS 18.4 and higher. |
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restriction | Default | Explanation |
|---|---|---|
| Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
| Allow automatic unlocking | When deactivated , the automatic unlocking is disabled | |
| Allow cloud address book | When deactivated , the cloud address book will be disabled | |
| Allow cloud bookmarks | When deactivated , cloud bookmarks will be disabled | |
| Allow cloud calendar | When deactivated , the cloud calendar will be disabled | |
| Allow cloud desktop & documents | When deactivated , cloud desktop and documents will be disabled | |
| Allow cloud mail | When deactivated , cloud mail will be disabled | |
| Allow cloud notes | When deactivated , cloud notes will be disabled | |
| Allow cloud reminders | When deactivated , cloud reminders will be disabled | |
| Allow content caching | When deactivated , content caching will be disabled | |
| Allow iTunes file sharing | When deactivated , iTunes file sharing will be disabled | |
| Allow automatic screen saver | When deactivated , automatic screen savers are not permitted | |
| Allow lock screen ControlCenter | When deactivated , the ControlCenter is disabled for the lock screen | |
| Allow lock screen notifications to display | When deactivated , the notification preview of the lock screen will be disabled | |
| Allow lock screen view today | When deactivated , today's lock screen view will be disabled | |
| Allow to write unmanaged contacts | When deactivated , writing unmanaged contacts will be disabled | |
| Allow unmanaged reading of managed contacts | When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app | |
| Allow OTAPKI updates | When deactivated , OTAPKI updates are disabled | |
| Allow temporary session of the shared device | When deactivated , the temporary session of the shared device is disabled | |
| Force password for outgoing AirPlay requests | When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
| Force encrypted backups | When activated , encrypted backups are enforced | |
| Limit ad tracking | When activated , ad tracking will be restricted | |
| Dictation only | When activated , connections to Siri servers for dictation are disabled | |
| Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
| Allow QuickPath keyboard | When deactivated , the QuickPath keyboard is disabled | |
| Allow network access for files | When deactivated , the connection to network drives is prevented in the file app | |
| Allow USB drive for files | When deactivated , it prevents the File app from connecting to connected USB devices | |
| Allow Find My Device | When deactivated , Find My Device is disabled in the Find my App | |
| Allow Find My Friends | When deactivated , Find My Friends is disabled in the Find My app | |
| Force WiFi activation | When activated it prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode.
It does not prevent selecting which Wi-Fi network to use. | |
| Allow trusting enterprise apps | When deactivated , Enterprise apps are not trusted | |
| Allow screenshots and screen recording | When deactivated , screenshots and screen recordings cannot be created | |
| Allow Apple Music | When deactivated , Apple Music will be disabled in the Music app | |
| Allow iTunes Radio | Allow iTunes Radio | |
| Allow shared stream | When deactivated , the shared stream is disabled | |
| Allow Wallet while locked | When deactivated , wallet notifications will not be shown on the lock screen | |
| Allow use of News | When deactivated no news can be used | |
| Allow modifying bluetooth settings | When deactivated , changes to the Bluetooth settings are not permitted | |
| Allow modifying cellular data usage for app settings | When deactivated , the mobile data uses for app settings cannot be changed | |
| Allow modifying device name | When deactivated , the device name cannot be changed | |
| Allow automatic sync while roaming | When deactivated , automatic synchronisation is deactivated during roaming | |
| Allow iCloud sync for managed apps | When deactivated , iCloud synchronisation is deactivated for managed apps | |
| Allow enterprise books backup | When deactivated , Enterprise books are not saved | |
| Allow enterprise books and highlights to sync | When deactivated , Enterprise books and highlights are not synchronised | |
| Allow email privacy | When activated , Apple's Mail Privacy Protection (AMPP) is activated | |
| Allow In App purchases | When deactivated no in-app purchases can be made | |
| Allow multiplayer gaming | When deactivated , multiplayer gaming is not allowed | |
| Allow voice dialing while device is locked | When deactivated , no voice dialling is allowed, even if the device is locked | |
| Force Apple Watch wrist detection | When activated , Apple Watch wrist detection is enforced | |
| Allow pairing with Apple Watch | When deactivated , pairing with Apple Watch is not permitted | |
| Allow Internet results in Spotlight | When deactivated , search results from the web will not be shown in Spotlight | |
| Allow user to accept untrusted TLS certificates | When deactivated , the user is not allowed to accept untrusted certificates in TLS | |
| Allow Photo Stream | When deactivated , the use of Photo-Stream is not permitted on the device | |
| Allow iCloud Photo Library | When deactivated , the use of the iCloud Photo Library on the device is not permitted | |
| Allow iCloud backup | When deactivated , the backup with the iCloud is not permitted | |
| Allow personalized advertising | When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later | |
| Requires iTunes password for all purchases | When activated , the user's iTunes password is required for all purchases | |
| Apps ranking number | 1000 | The value entered describes the maximum permitted level of apps relevant to youth protection on the device. |
| Movies ranking number | 1000 | The value entered describes the maximum permitted level of films relevant to youth protection on the device. |
| TV Shows ranking number | 1000 | The value entered describes the maximum permitted level of TV content relevant to youth protection on the device. |
| Region code | Germany | Two-character code for the region used to specify ratings |
| Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
| From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
| From websites I visited | Accepts cookies from all visited websites | |
| Always | Accepts all cookies | |
| Allow JavaScript | When deactivated , JavaScript is not allowed in Safari | |
| Allow Pop-ups | When deactivated , pop-ups are not allowed in Safari | |
| Enable fraud warning | When activated , the fraud warning in Safari is activated | |
| Force translation on the device only | When activated , the device does not connect to Siri servers for translation purposes | |
| Allow unmanaged documents in managed apps | When activated , it allows managed apps to access unmanaged documents | |
| Allow managed documents in unmanaged apps | When activated , allows unmanaged apps to access managed documents | |
| Managed clipboard required | When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
| Treat AirDrop as unmanaged destination | When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop | |
| Allows Handoff | When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
| Allow Touch ID/Face ID for unlocking | When deactivated , Touch ID/Face ID is not allowed to unlock the device | |
| Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
| Allow modifying notification settings | When deactivated , changing the notification settings is not allowed | |
| Allow incoming AirPlay requests | When deactivated , incoming AirPlay requests are not allowed | |
| Allow pairing with Remote app | When deactivated , pairing with remote app is not permitted | |
| Allow dictation | When deactivated , dictations are not allowed | |
| Allow camera use | When deactivated , the user is not allowed to use the camera | |
| Allow Siri | When deactivated , Siri is not allowed | |
| Allow Siri while locked | When deactivated , Siri is not allowed while the device is locked | |
| Allow Siri user generated content | When deactivated , it prevents Siri from querying requests with user-generated content | |
| Allow modifying Touch ID/Face ID | When deactivated , the user is not permitted to change the Touch ID/Face ID | |
| Allow diagnostic submission | When deactivated , diagnostic and usage data is not sent to Apple | |
| Allow modifying diagnostics settings | When deactivated , the user is not permitted to change the diagnostic settings | |
| notempty New as of: 2.6 |
When deactivated , the system deactivates the Apple Intelligence reports. Available in iOS 18.4 and higher. |
Classroom-App
The Classroom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restrictions | Default | Explanation |
|---|---|---|
| Allow remote screen monitoring | If not allowed, remote screen monitoring is disabled by the Classroom app. When screenshots are disabled, the Classroom app does not observe remote screens. | |
| Force courses to be joined automatically | If enforced, the instructor's requests are automatically accepted without prompting the student. | |
| Force permission to leave classes | If enforced, a student enrolled in an unmanaged course through Classroom must ask the instructor for permission to leave the course. | |
| Force app and device lock | If enforced, the teacher can lock apps or the device without prompting the student. | |
| Force screen monitoring | When enforced and remote screen monitoring is allowed, a student enrolled in a managed course through the classroom app automatically grants permission to watch the screen without being prompted. |
Restrictions for supervised devices
A range of restrictions is only available for devices in the Supervised embedding mode.
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restrictions | Default | Explanation |
|---|---|---|
| Restrict app use | Allow all apps Do not allow certain apps Allow only certain apps |
Configures whether no restriction, a blocklist or a allowlist is used for apps. supervised devices only |
|
Click box for app selection | Depending on the selection in the line above: Blocklisted Apps / Allowlisted Apps Searches the entire App Store for possible apps. supervised devices only |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only | |
| Allow AirDrop | If set to false, AirDrop will be disabled supervised devices only | |
| Allow AirPrint | If set to false, AirPrint will be disabled supervised devices only | |
| Allow saving AirPrint credentials | If set to false, the storage of AirPrint credentials is disabled supervised devices only | |
| Allow AirPrint iBeacon detection | If set to false, AirPrint iBeacon detection will be disabled supervised devices only | |
| Allow change of mobile tariff | If set to false, the change of the mobile tariff will be disabled supervised devices only
non | |
| Allow cloud keychain synchronization | If set to false, cloud keychain synchronization is disabled supervised devices only | |
| Allow private cloud relay | If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only | |
| Allow eSIM changes | If set to false, the eSIM change will be disabled | |
| Allow access to files on USB drive | If set to false, access to the files USB drive is disabled supervised devices only | |
| Allow change to find my friends | If set to false, the modification will be disabled for find my friends supervised devices only | |
| Allow host pairing |
||
| Allow NFC | If set to false, NFC will be disabled supervised devices only | |
| Allow auto-complete password | If set to false, the auto-completion of the password will be disabled supervised devices only | |
| Allow device to enter sleep mode | If set to false, the hibernation of the device is disabled supervised devices only | |
| Allow requests for password proximity | If set to false, password proximity requests are disabled supervised devices only | |
| Allow password sharing | If set to false, password sharing will be disabled supervised devices only | |
| Allow change of personal hotspot | If set to false, the change of the personal hotspot will be disabled supervised devices only | |
| Allow Podcasts | If set to false, podcasts will be disabled supervised devices only | |
| Allow proximity settings for new device | If set to false, the proximity set-up for the new device will be disabled supervised devices only | |
| Allow removal of system apps | If set to false, the removal of system apps is disabled supervised devices only | |
| Allow non-paired external boot for recovery | If set to false, unpaired external booting for recovery is disabled supervised devices only | |
| Allow restricted USB mode | If set to false, the restricted USB mode will be disabled supervised devices only | |
| Allow VPN creation | If set to false, VPN creation will be disabled supervised devices only | |
| Allowed apps in single app mode | Choose application | Allowed apps in single app mode supervised devices only |
| Force AirPrint Trusted TLS Requirement | If set to true, AirPrint enforces the trusted TLS request supervised devices only | |
| Enforce authentication before autofill | If set to true, authentication is enforced before autofilling supervised devices only | |
| Force automatic date and time | If set to true, the date and time are automatically enforced supervised devices only | |
| Force WLAN to approved networks only | If set to true, WLAN is forced only on allowed networks supervised devices only | |
| Allow account modification | If inactive, account modification will be disabled. notempty This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps. notempty iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. | |
| Allow app removal | Allows the user to remove apps supervised devices only | |
| Allow explicit content | Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only | |
| Allow use of iMessage | Allow use of iMessage supervised devices only | |
| Allow iBookstore | Supervised only. If disabled, iBookstore will be disabled supervised devices only | |
| Allow erotica in the iBookstore | Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only | |
| Allow use of iTunes | Allow the user to access and use iTunes supervised devices only | |
| Allow use of Safari | Allows the user to use Safari supervised devices only | |
| Allow Game Center | Allow Game Center | |
| Allow adding Game Center friends | Allow the user to add friends to the Game Center supervised devices only | |
| Allow modifying wallpaper | Allow changing the background image supervised devices only</smMS/deployment/profile.langall> | |
| Permit configuration of the screen time | Allow configuration restrictions supervised devices only | |
| Allow iCloud document sync | Allow document synchronization with iCloud supervised devices only | |
| Allow auto-fill in Safari | Automatisches Ausfüllen in Safari zulassen supervised devices only | |
| Allow predictive keyboard. | Allow predictive keyboard. supervised devices only | |
| Allow keyboard shortcuts. | Allow keyboard shortcuts. supervised devices only | |
| Allow autocorrect. | Allow autocorrect. supervised devices only | |
| Allow correction help. | Allow correction help. supervised devices only | |
| Allow definition. | Allow definition. supervised devices only | |
| Allow video conferencing | Allow video conferencing supervised devices only | |
| Enable Siri profanity filter | Enables Siri profanity filter. supervised devices only | |
| Allow app installation from Apple Configurator and iTunes | Allow only a connected Mac host to install applications supervised devices only | |
| Allow automatic app downloads | Allows automatic app downloads supervised devices only | |
| Allow app installation from the app store | Allow the user to install applications supervised devices only | |
| Allow modifying passcode | Allow changing the passcode supervised devices only | |
| Allow UI configuration profile installation | If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only | |
| Allow erase all content and settings | If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only | |
| Allow app clips | When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only | |
| Force delayed app updates | If set to true, delayed app updates are forced supervised devices only | |
| Force delayed software updates | When active, user visibility of software updates is delayed. supervised devices only | |
| Software Update Delay in days | 30 | With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only |
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restrictions | Default | Explanation |
|---|---|---|
| Restrict app use | Allow all apps Do not allow certain apps Allow only certain apps |
Configures whether no restriction, a blocklist or a allowlist is used for apps. supervised devices only |
|
Click box for app selection | Depending on the selection in the line above: Blocklisted Apps / Allowlisted Apps Searches the entire App Store for possible apps. supervised devices only |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. supervised devices only | |
| Allow AirDrop | If set to false, AirDrop will be disabled supervised devices only | |
| Allow AirPrint | If set to false, AirPrint will be disabled supervised devices only | |
| Allow saving AirPrint credentials | If set to false, the storage of AirPrint credentials is disabled supervised devices only | |
| Allow AirPrint iBeacon detection | If set to false, AirPrint iBeacon detection will be disabled supervised devices only | |
| Allow change of mobile tariff | If set to false, the change of the mobile tariff will be disabled supervised devices only
non | |
| Allow cloud keychain synchronization | If set to false, cloud keychain synchronization is disabled supervised devices only | |
| Allow private cloud relay | If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only | |
| Allow eSIM changes | If set to false, the eSIM change will be disabled | |
| Allow access to files on USB drive | If set to false, access to the files USB drive is disabled supervised devices only | |
| Allow change to find my friends | If set to false, the modification will be disabled for find my friends supervised devices only | |
| Allow host pairing |
||
| Allow NFC | If set to false, NFC will be disabled supervised devices only | |
| Allow auto-complete password | If set to false, the auto-completion of the password will be disabled supervised devices only | |
| Allow device to enter sleep mode | If set to false, the hibernation of the device is disabled supervised devices only | |
| Allow requests for password proximity | If set to false, password proximity requests are disabled supervised devices only | |
| Allow password sharing | If set to false, password sharing will be disabled supervised devices only | |
| Allow change of personal hotspot | If set to false, the change of the personal hotspot will be disabled supervised devices only | |
| Allow Podcasts | If set to false, podcasts will be disabled supervised devices only | |
| Allow proximity settings for new device | If set to false, the proximity set-up for the new device will be disabled supervised devices only | |
| Allow removal of system apps | If set to false, the removal of system apps is disabled supervised devices only | |
| Allow non-paired external boot for recovery | If set to false, unpaired external booting for recovery is disabled supervised devices only | |
| Allow restricted USB mode | If set to false, the restricted USB mode will be disabled supervised devices only | |
| Allow VPN creation | If set to false, VPN creation will be disabled supervised devices only | |
| Allowed apps in single app mode | Choose application | Allowed apps in single app mode supervised devices only |
| Force AirPrint Trusted TLS Requirement | If set to true, AirPrint enforces the trusted TLS request supervised devices only | |
| Enforce authentication before autofill | If set to true, authentication is enforced before autofilling supervised devices only | |
| Force automatic date and time | If set to true, the date and time are automatically enforced supervised devices only | |
| Force WLAN to approved networks only | If set to true, WLAN is forced only on allowed networks supervised devices only | |
| Allow account modification | If inactive, account modification will be disabled. notempty This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps. notempty iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. | |
| Allow app removal | Allows the user to remove apps supervised devices only | |
| Allow explicit content | Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only | |
| Allow use of iMessage | Allow use of iMessage supervised devices only | |
| Allow iBookstore | Supervised only. If disabled, iBookstore will be disabled supervised devices only | |
| Allow erotica in the iBookstore | Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only | |
| Allow use of iTunes | Allow the user to access and use iTunes supervised devices only | |
| Allow use of Safari | Allows the user to use Safari supervised devices only | |
| Allow Game Center | Allow Game Center | |
| Allow adding Game Center friends | Allow the user to add friends to the Game Center supervised devices only | |
| Allow modifying wallpaper | Allow changing the background image supervised devices only</smMS/deployment/profile.langall> | |
| Permit configuration of the screen time | Allow configuration restrictions supervised devices only | |
| Allow iCloud document sync | Allow document synchronization with iCloud supervised devices only | |
| Allow auto-fill in Safari | Automatisches Ausfüllen in Safari zulassen supervised devices only | |
| Allow predictive keyboard. | Allow predictive keyboard. supervised devices only | |
| Allow keyboard shortcuts. | Allow keyboard shortcuts. supervised devices only | |
| Allow autocorrect. | Allow autocorrect. supervised devices only | |
| Allow correction help. | Allow correction help. supervised devices only | |
| Allow definition. | Allow definition. supervised devices only | |
| Allow video conferencing | Allow video conferencing supervised devices only | |
| Enable Siri profanity filter | Enables Siri profanity filter. supervised devices only | |
| Allow app installation from Apple Configurator and iTunes | Allow only a connected Mac host to install applications supervised devices only | |
| Allow automatic app downloads | Allows automatic app downloads supervised devices only | |
| Allow app installation from the app store | Allow the user to install applications supervised devices only | |
| Allow modifying passcode | Allow changing the passcode supervised devices only | |
| Allow UI configuration profile installation | If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only | |
| Allow erase all content and settings | If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only | |
| Allow app clips | When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only | |
| Force delayed app updates | If set to true, delayed app updates are forced supervised devices only | |
| Force delayed software updates | When active, user visibility of software updates is delayed. supervised devices only | |
| Software Update Delay in days | 30 | With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only |
| Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
| Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
AppsApps | |||
Profile created from portal version 1.31 onwardsnotemptyProfile created from portal version 1.31 onwards New as of 1.31 | |||
| Managing apps and web clips via profiles is outdated and no longer available. Reassigning applications to devices is now done via the menu item . Further information can be found in the Wiki article on iOS apps |
 | ||
Profile created before portal version 1.31notemptyProfile created before portal version 1.31 | |||
| notempty This function is deprecated. In profiles before version 1.31, apps can be removed but not newly added. Reassigning applications to devices is now handled via the menu item in the side menu. This also allows for later uninstallation of the application. Further information can be found in the Wiki article on iOS apps | |||
| Caption | Value | Description |  |
|---|---|---|---|
| Apps |
Securepoint VPN Client | The created apps can only be deleted. New apps cannot be added, Apps are added and removed from an iOS profile via the portal page | |
| Web clips | Securepoint Wiki [Label: SP Wiki] (https://wiki.securepoint.de) | The created Web clips can only be deleted. New Web clips cannot be added, Web clips are added and removed from an iOS profile via the portal page | |
App-Lock (Kiosk mode)
App-Lock (Kiosk mode)The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.
Activate configuration
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Caption | Default | Description |  |
|---|---|---|---|
| Bundle ID | Enter ID | The bundle ID of the application. WARNING: Entering an unknown bundle ID can cause problems | |
Options | |||
| Disable touch | If true, the touch screen is disabled | ||
| Disable device rotation | If active, device rotation detection is disabled | ||
| Disabling the volume keys | When active, the volume keys are disabled | ||
| Deactivating bell switch | When active, the ringtone switch is disabled | ||
| Disable sleep wake button | When active, the sleep / wake button is disabled | ||
| Disable auto lock | |||
| Activate Voice-Over | If active, voice over is enabled | ||
| Activate zoom | When active, zoom is enabled | ||
| Enable inverting colors | If active, invert colors is enabled | ||
| Enable AssistiveTouch | When active, AssistiveTouch is enabled | ||
| Enable language selection | If active, the language selection is enabled. | ||
| Enable mono audio | When active, mono audio is enabled | ||
User Enabled Options | |||
| Voice-Over | If active, VoiceOver customization is allowed | ||
| Zoom | If active, the zoom setting is allowed | ||
| Invert colors | If active, the colors invert setting is allowed | ||
| AssistiveTouch | If active, AssistiveTouch customization is allowed | ||
| Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
| Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Home screen layout
Home screen layout
| Caption | Value | Description |  |
|---|---|---|---|
| Enable home screen layout | After activation, changes can be made to the home screen layout | ||
| Select type | Use a predefined layout | Uses an already existing home screen layout | |
| Create an individual home screen layout | Creates a profile specific layout | ||
| Select layout Only for Use predefined layout |
Test layout | Displays a selection of predefined layouts under . | |
Only for Create an individual home screen layout: |
 | ||
| Type | Application | Applications from the Apple Appstore' | |
| System application | Provides a list of Apple system applications on the device as a selection | ||
| Web clip | Provides a list of apps created as Web clips as a selection | ||
| Folder | Adds a folder. Apps can then be moved into it via drag'n drop. Once the maximum number of apps that can be added to a page is reached, the folder can be configured by clicking the gear icon in the upper left corner and adding another page with +. | ||
| Choose app Only for the type Application and System application |
Choose app |
| |
| Web clip Only for the type Web clip |
Choose a web clip | List of Web Clips | |
| Name Only for the type Folder |
Name | Name of the folder on the home screen | |
| Add | Adds the selected element to the last page of the home screen The elements can be subsequently moved to other areas | ||
| Add all system applications Only for the type System application |
Adds the selected element to the last page of the home screen The elements can be subsequently moved to other areas | ||
| Add all apps Only for the type Application |
Adds all apps from the menu or apps with to the last page of the homescreen The elements can be subsequently moved to other areas | ||
| Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
| Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Networks
Networks
In this section, access profiles for WiFi networks can be configured and pushed to the device.
Network configuration | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Caption | Value | Description |  | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Network configurations | Add configuration | Network configuration | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Name | Name | Name of the configuration | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Type | WiFi | Configuration type (WiFi predefined) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Wifi | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SSID | SSID | The SSID of the network | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Security | Security level of the network key | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| None | No security | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WEP-PSK | Insecure | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WPA-PSK | Secure | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Password | Password | Password of the account for the server | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Hidden SSID | When activated , the network's SSID is hidden | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Autoconnect | When activated , the device automatically connects to the network | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Deactivate MAC randomisation | When activated , the devices always identify themselves with the same MAC address in a network.
Cannot be changed by the user. This function also displays a data protection warning in the settings that the network has limited data protection. This value is only locked if the profile is installed via an MDM. If the value is set with the Apple Configurator, for example, it can be changed by the user. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
EAP-Client / WPA2 Enterprise
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Use EAP Client | When activated , the EAP client, the WPA2 Enterprise, can be used |  | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EAP Types | Select EAP Types | The EAP type is selected. Several types can be selected. The choices are: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Payload Certificate Anchor UUID |
The certificate that is handed to the server by the client as authentication when logging on to the WLAN. Apple: An array of the UUID of a certificate payload to trust for authentication notempty New as of: 2.7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| System Mode Credentials Source | The server for the system mode credentials | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Use Open Directory credentials | When activated logging in through Open Directory is possible | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Allow two-factor authentication | When activated , two-factor authentication is possible | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Trusted certificates |
The certificates that are to be trusted are entered. These certificates must first be stored in the notempty New as of: 2.7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Trusted server names | The names of the servers that are to be trusted are entered | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Global HTTP proxy | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| A Global HTTP proxy can be configured, for example, if devices are permanently on the same network and a local proxy is to be used on the device. Especially recommended for devices that only have an MDM license. These can then use, for example, the protection functions of a Securepoint UTM with web filter, etc. |
 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Use global HTTP proxy | When activated the global HTTP proxy is used | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Type | Manual Automatic |
For a manual proxy type, the profile contains the proxy server address, including the port, and optionally a user name and password. For an auto proxy type, you can enter a PAC URL. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Allow captive login | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Username | Username | The username used to authenticate to the proxy server | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Password | Password | The password used for authentication to the proxy server | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Server | Server | The network address of the proxy server | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Server port | 8080 | The port used to connect to the proxy server | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
| Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Certificates
Certificates
Certificates are required, for example, to retrieve emails from an Exchange server with https or to confirm the authenticity of self-signed apps.
| Caption | Values | Description |  |
|---|---|---|---|
| Activate certificates | After activation , certificates can be added | ||
| Certificates |
Select certificates | Selection of certificates, Base-64-encoded X.509 or PKCS#12, imported in the menu. Further information can be found in the Wiki article Certificates. notempty New as of: 2.7 | |
| Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
| Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Apple TV
Apple TV
| Conference room display | |||
| Caption | Value | Description |  |
|---|---|---|---|
| Activate conference room display | When enabled , the conference room display mode locks the Apple TV in this mode to prevent other types of usage | ||
| Message | Type message | The custom message displayed on the screen in the conference room display mode | |
TV-remote |
|||
| Caption | Value | Description | |
| Activate TV-remote | Activating enables the remote configuration of the Apple TV | ||
| Allowed remotes | Add remote | Add remotes | |
| Remote devices ID | MAC address | Either the MAC address of a device is entered, or a configured device is selected from the drop-down menu | |
| Allowed TVs | Add TV | Add TVs | |
| Name | Name of the TV | The name of the TV | |
| TV ID | MAC address | Either the MAC address of a device is entered, or a configured device is selected from the drop-down menu | |
AirPlay-Security |
|||
| Caption | Value | Description | |
| Activate AirPlay-Security | When is enabled, the AirPlay security settings are activated | ||
| Access type | |||
| Any | The access policy for AirPlay: Allows connections both via Ethernet/WiFi and Apple Wireless Direct Link | ||
| WiFi only | Allows connections only from devices on the same Ethernet/WiFi network as Apple TV | ||
| Security level | |||
| Passcode once | The AirPlay security policy: Requires a screen passcode for the first connection from a device. Subsequent connections from the same device are not prompted | ||
| Always passcode | Requires a screen passcode for each AirPlay connection | ||
| Password | Requires a passphrase as specified in the password key | ||
| Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
| Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |