Configuration iOS profile: User Enrollment

Managing iOS profiles with the User Enrollment type in the Mobile Security Portal

Last adaptation to the version: 2.15 (03.2026)

New:

Die Optionen bei Einschränkungen wurden neu gruppiert und haben neue Beschreibungen erhalten
Neugruppierung und aktualisierte Beschreibung von Classroom-App
Beschreibungstexte bei Benachrichtigungseinstellungen wurden angepasst
Neugruppierung und angepasste Beschreibung bei App-Lock
Einige angepasste Optionsbeschreibungen bei E-Mail Konten und Exchange Konten
Aktualisiert Beschreibung von Mobilconfig

Neue Schaltfläche Sortieren

notempty

This article refers to a Beta version

Using the user registration profile type

This profile type is used to install paid apps provided by an organization on private iOS or iPadOS devices.
This requires managed Apple IDs.
Instructions can be found in the Enrollment Wiki article on user enrollment

Preamble

In a profile permissions, restrictions, password requirements, email settings and security settings are configured.
Several users or user groups (roles) can be assigned to a profile.
Several devices or device groups (devices designated by tags) can be assigned to a profile.

notempty

For a large number of devices and users it is recommended to map the assignment via groups.

Device registration is directly tied to a profile
A profile must be created first' (and configured) before a device can be registered

In Android Enterprise profiles, numerous security-relevant settings can be made, e.g.

Disable Kamara
Disable microphone
Disable USB file transfer
Disable outgoing calls
Disable Bluetooth
Disable contact sharing
Disable tethering
Disable sms
Enable network only with VPN
and much more.

notempty

Android Enterprise Profiles are used immediately and do not need to be published!

Outdated Android profiles behave fundamentally different than Android Enterprise Profiles (EMM)
It is no longer possible to assign a profile to a role, user or tag

Overview of profile management

In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.

Overview of profile management iOS

Overview of profile management Android

General Options

Search

Filters on profile tiles that contain the search text

Sort

Clicking this button opens a menu where you can sort the tiles according to specific criteria

Sort

Clicking this button opens a menu where you can sort the tiles according to specific criteria

Name
Sorts the tiles by profile name

Priority
Sorts the tiles according to the priority of the profile

Ascending
Sorts the tiles in ascending or descending order according to the selected criterion

Add profile

Creates a new profile. The settings in the profile vary depending on the operating system.

Import profile

Existing profiles that were previously exported from the Securepoint Mobile Security Portal can be imported here

Hide generated profiles

Hides the generated profiles

Show details

Show / hide details: For a large number of profiles, it can be useful to hide the most important details for clarity.

/ List view / Grid view

Switch between lists and grid view

Refresh

Refreshes the display

Profile tile

Profile-Options

The button at the top right of each profile tile provides the following options:

Edit

Editing the settings (see below)

Copy

Copying the profile to the clipboard

Export

Exporting the settings

Delete

The profile is deleted

notempty

New as of: 2.5

Android profiles that have at least one assigned device cannot be deleted.

Details displayed in the profile tile:

Updated

Changes have been made to the profile that have not yet been published!

Partially installed

Not all sub profiles were able to be installed

Profile information

Type

Profile type (see below)

Roles

Users

User

Devices

Copy & paste of profiles

Click on the logo of the profile tile to mark one or more profiles In the general options, another field now appears under the filter mask:

Action for selected items

Please choose

Execute the selected action with Ok

Copy

Copies one or more selected profiles to the clipboard

Delete

Deletes one or more selected profiles

notempty

New as of: 2.5

Android profiles that have at least one assigned device cannot be deleted.

Paste

Inserts a copy of a profile from the clipboard

This also works from one tenant / customer to another as long as they are assigned to the same reseller account

Configuration iOS profile User Enrollment

General

Add profile

Caption	Value	Description	General menu item
Type	Device profile	Standard device profile
	Shared iPad	Profile that allows different users for one iPad Only for devices with iPadOS
	Apple TV profiles	Profile with limited settings options. Additional settings for Apple TV
	User Enrollmant profile	Profile owned by the user on which managed apps of the company can be installed
Name	Name	Profile name
Priority	5	The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles.
Roles	Add roles	Click-Box: The profile will be assigned to all devices of all users with these roles
Users	Add users	The profile will be assigned to all devices from these users
Devices	Add devices	The profile will be assigned to these devices
Tags	Add tags	The profile will be assigned to all devices with these tags
Comment	Comment	Comment

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Restrictions

Caption	Value	Description
Geräte Sicherheit & Datenschutz
Allow automatic unlocking		When deactivated , the automatic unlocking is disabled
Kontrollzentrum im Sperrbildschirm zulassen		Wenn aktiviert ermöglicht es den Zugriff auf das Kontrollzentrum direkt vom Sperrbildschirm Dies erleichtert Schnellaktionen (WLAN, Taschenlampe), kann aber unerwünschte Änderungen ohne Anmeldung ermöglichen
Mitteilungsansicht im Sperrbildschirm erlauben		Wenn aktiviert ermöglicht es die Anzeige vergangener Mitteilungen auf dem Sperrbildschirm Dies verbessert die Sichtbarkeit wichtiger Informationen, erhöht jedoch das Risiko, dass sensible Inhalte von Dritten eingesehen werden
Heute-Ansicht im Sperrbildschirm zulassen		When deactivated , today's lock screen view will be disabled
Force encrypted backups		When activated , encrypted backups are enforced
Ad-Tracking beschränken		When activated , ad tracking will be restricted
Find My Device erlauben		Wenn aktiviert wird Find My Device in der Find My App zugelassen
Find My Friends erlauben		Wenn aktiviert wird Find My Friends in der Find My App zugelassen
Allow trusting enterprise apps		When deactivated , Enterprise apps are not trusted
Bildschirmfotos und Bildschirmaufnahmen zulassen		Wenn aktiviert erlaubt es dem Benutzer das Erstellen von Bildschirmfotos und Bildschirmaufnahmen
Wallet-Mitteilungen bei gesperrtem Bildschirm		When deactivated , wallet notifications will not be shown on the lock screen
E-Mail-Datenschutz zulassen		When activated , Apple's Mail Privacy Protection (AMPP) is activated
Entsperren mit Touch- & Face-ID zulassen		When deactivated , Touch ID/Face ID is not allowed to unlock the device
Änderung von Touch- & Face-ID zulassen		When deactivated , the user is not permitted to change the Touch ID/Face ID
Senden von Diagnosedaten zulassen		When deactivated , diagnostic and usage data is not sent to Apple
Ändern der Diagnoseeinstellungen zulassen		When deactivated , the user is not permitted to change the diagnostic settings

Allow network access for files		When deactivated , the connection to network drives is prevented in the file app
Änderung der Bluetooth-Einstellungen zulassen		When deactivated , changes to the Bluetooth settings are not permitted
Änderung der mobilen Datennutzung für Apps zulassen		When deactivated , the mobile data uses for app settings cannot be changed
Akzeptieren nicht vertrauenswürdiger TLS-Zertifikate zulassen		When deactivated , the user is not allowed to accept untrusted certificates in TLS
Handoff zulassen		When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
Cloud & Synchronisation Cloud & Synchronisation
iCloud-Fotos zulassen		When deactivated , the use of the iCloud Photo Library on the device is not permitted
iCloud-Backup zulassen		When deactivated , the backup with the iCloud is not permitted
Automatisches Synchronisieren bei Roaming zulassen		When deactivated , automatic synchronisation is deactivated during roaming
Backup von Enterprise-Büchern zulassen		When deactivated , Enterprise books are not saved
Synchronisation von Notizen/Markierungen in Enterprise-Büchern zulassen		When deactivated , Enterprise books and highlights are not synchronised

In-App-Käufe zulassen		When deactivated no in-app purchases can be made
Multiplayer-Gaming zulassen		When deactivated , multiplayer gaming is not allowed
iTunes Passwort für alle Käufe anfordern		When activated , the user's iTunes password is required for all purchases
Siri & Diktierfunktion Siri & Diktierfunktion
Siri zulassen		When deactivated , Siri is not allowed
Siri bei gesperrtem Bildschirm zulassen		When deactivated , Siri is not allowed while the device is locked
Siri Zugriff auf benutzergenerierte Inhalte zulassen		When deactivated , it prevents Siri from querying requests with user-generated content
Diktierfunktion zulassen		When deactivated , dictations are not allowed
On-Device Diktierfunktion		When deactivated , the QuickPath keyboard is disabled
Force translation on the device only		When activated , the device does not connect to Siri servers for translation purposes
Allow QuickPath keyboard		When deactivated , the QuickPath keyboard is disabled

Apple Music zulassen		When deactivated , Apple Music will be disabled in the Music app
iTunes Radio zulassen		When deactivated , iTunes Radio will be disabled in the Music app
News-App zulassen		When deactivated no news can be used
App-Altersfreigabe festlegen	Alle Apps erlauben	Legt die höchste erlaubte App-Altersfreigabe fest Auswahlmöglichkeiten App-Altersfreigaben festlegen anzeigen hide Klicken für dauerhafte Anzeige Alle Apps erlauben 17+ 12+ 9+ 4+ Nichts erlauben
Film-Altersfreigabe festlegen	Alle Filme	Legt die höchste erlaubte Film-Altersfreigabe fest (FSK) Auswahlmöglichkeiten Film-Altersfreigaben festlegen anzeigen hide Klicken für dauerhafte Anzeige Alle Filme FSK 18 FSK 16 FSK 12 FSK 6 FSK 0 Keine Filme
TV-Altersfreigabe festlegen	Alle TV-Sendungen	Legt die höchste erlaubte TV-Altersfreigabe fest Auswahlmöglichkeiten TV-Altersfreigaben festlegen anzeigen hide Klicken für dauerhafte Anzeige Alle TV-Sendungen Ab 18 Jahren Ab 16 Jahren Ab 12 Jahren Ab 6 Jahren Ab 0 Jahren Keine TV-Sendungen
Safari Browser Einstellungen Safari Browser Einstellungen
Cookies in Safari zulassen	Nur von aktueller Webseite (iOS 8) oder besuchten Seiten (pre-iOS 8)	Möglichkeiten zur Einstellung der Cookie Akzeptanz in Safari Auswahlmöglichkeiten Cookies in Safari akzeptiert anzeigen hide Klicken für dauerhafte Anzeige Nur von aktueller Webseite (iOS 8) oder besuchten Seiten (pre-iOS 8) Never Webseiten die ich besucht habe Always
JavaScript zulassen		When deactivated , JavaScript is not allowed in Safari
Pop-ups zulassen		When deactivated , pop-ups are not allowed in Safari
Enable fraud warning		When activated , the fraud warning in Safari is activated
System & Sonstiges System & Sonstiges
Allow OTAPKI updates		When deactivated , OTAPKI updates are disabled
Temporäre Sitzungen (Geteiltes iPad) zulassen		When deactivated , the temporary session of the shared device is disabled
AirPlay-Kopplungspasswort (ausgehend) erzwingen		When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password
Änderung des Gerätenamens zulassen		When deactivated , the device name cannot be changed
Allow voice dialing while device is locked		When deactivated , no voice dialling is allowed, even if the device is locked
Force Apple Watch wrist detection		When activated , Apple Watch wrist detection is enforced
Allow pairing with Apple Watch		When deactivated , pairing with Apple Watch is not permitted
Internetergebnisse in Spotlight zulassen		When deactivated , search results from the web will not be shown in Spotlight
Personalisierte Werbung zulassen		When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later
Kameranutzung zulassen		When deactivated , the user is not allowed to use the camera
Änderung der Mitteilungseinstellungen zulassen		Wenn aktiviert ermöglicht es das Ändern der Mitteilungseinstellungen
Datenfluss Datenfluss
Verwalteten Apps das Schreiben in nicht verwaltete Kontakte zulassen		When deactivated , writing unmanaged contacts will be disabled
Nicht verwalteten Apps das Lesen verwalteter Kontakte zulassen		When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app
iCloud-Synchronisierung für verwaltete Apps zulassen		When deactivated , iCloud synchronisation is deactivated for managed apps
Öffnen aus nicht verwalteten Quellen in verwalteten Apps zulassen		When deactivated , iCloud synchronisation is deactivated for managed apps
Öffnen aus verwalteten Quellen in nicht verwalteten Apps zulassen		When deactivated , iCloud synchronisation is deactivated for managed apps
Verwaltete Zwischenablage		When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints.
Treat AirDrop as unmanaged destination		When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Passcode

Configuration by clicking on Activate Passcode

Operation

Default

Description

Settings passcode

Request passcode on the device

Enforces the use of a passcode before using the device

Set maximum number of failed attempts

Number of passcode entry attempts allowed before all data on device will be erased

Maximum number of failed attempts 11

Set auto-lock

The number of minutes for which the device can be idle (without being unlocked by the user) before it gets locked by the system

Automatic lock after 15 minutes

Set maximum passcode age

The number of days for which the passcode can remain unchanged 730

Restrict password complexity

Allows restricting password complexity


Allow simple value		Permits the use of repeating, ascending, and descending character sequences
Require alphabetic value		Passcodes must contain at least one letter
Minimum number of complex characters	0	Smallest number of non-alphanumeric characters allowed
Minimum passcode length	0	Smallest allowed number of characters in passcode

Use passcode history

Allows defining the number of different passcodes required between the reuse of passcodes


Passcode history	1	Number of unique passcodes required between passcode reuse

Use grace period for device lock

Allows defining the maximum time in minutes to unlock the phone


Grace period for device lock	-1	The maximum grace period, in minutes, to unlock the phone without entering a passcode. The default value -1 predetermines iOS to not apply a time limit

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Apps Apps
Profile created from portal version 1.31 onwards notempty Profile created from portal version 1.31 onwards notempty New as of 1.31
Managing apps and web clips via profiles is outdated and no longer available. Reassigning applications to devices is now done via the menu item Mobile Security iOS/iPadOS Apps . Further information can be found in the Wiki article on iOS apps			Apps & Web clips
			Apps & Web clips
Profile created before portal version 1.31 notempty Profile created before portal version 1.31
notempty This function is deprecated. In profiles before version 1.31, apps can be removed but not newly added. Reassigning applications to devices is now handled via the menu item Mobile Security iOS/iPadOS Apps in the side menu. This also allows for later uninstallation of the application. Further information can be found in the Wiki article on iOS apps
Caption	Value	Description	Apps & Web clips
Apps	Securepoint VPN Client	The created apps can only be deleted. New apps cannot be added, Apps are added and removed from an iOS profile via the portal page Apps
Web clips	Securepoint Wiki [Label: SP Wiki] (https://wiki.securepoint.de)	The created Web clips can only be deleted. New Web clips cannot be added, Web clips are added and removed from an iOS profile via the portal page Apps

App-Lock (Kiosk mode)

The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.
Activate configuration

Show restrictions

Hide restrictions


1.	2.	3.


Abb.1	Abb.2	Abb.3


Abbildungen

Caption	Value	Description
Bundle ID	Enter ID	The bundle ID of the application notempty Entering an unknown bundle ID can cause problems
Options
Disable Touch Input		If true, the touch screen is disabled
Disable Auto-Rotation		If active, device rotation detection is disabled
Disable Volume Buttons		When active, the volume keys are disabled
Disable Ringer (Mute) Switch		When active, the ringtone switch is disabled
Disable Sleep/Wake Button		When active, the sleep / wake button is disabled
Disable Auto-Lock		If active, the device is not automatically set to sleep mode after an idle period
Accessibility
Force Enable VoiceOver		If active, voice over is enabled
Enable Zoom		When active, zoom is enabled
Enable Inverted Colors		If active, invert colors is enabled
Enable AssistiveTouch		When active, AssistiveTouch is enabled
Force Enable Speak Selection		Wenn aktiv wird die Aktivierung der Vorlese-Funktion erzwungen
Force Enable Mono Audio		When active, mono audio is enabled
Force Enable Voice Control		If active, the language selection is enabled.
User Enabled Options
Allow VoiceOver		If active, VoiceOver customization is allowed
Allow Zoom		If active, the zoom setting is allowed
Allow Inverted Colors		If active, the colors invert setting is allowed
Allow AssistiveTouch		If active, AssistiveTouch customization is allowed
Allow Voice Control		Wenn aktiv wird die Benutzersteuerung für Sprachsteuerung zugelassen

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Networks

In this section, access profiles for WiFi networks can be configured and pushed to the device.

Network configuration

Caption

Value

Description

Network configurations

Add configuration

Network configuration

Name

Name of the configuration

Type

WiFi

Configuration type (WiFi predefined)

Wifi

SSID

The SSID of the network

Security

Security level of the network key

None

No security

WEP-PSK

Insecure

WPA-PSK

Secure

Password

Password of the account for the server

Hidden SSID

When activated , the network's SSID is hidden

Autoconnect

When activated , the device automatically connects to the network

Deactivate MAC randomisation

When activated , the devices always identify themselves with the same MAC address in a network. Cannot be changed by the user.

This function also displays a data protection warning in the settings that the network has limited data protection.
This value is only locked if the profile is installed via an MDM.
If the value is set with the Apple Configurator, for example, it can be changed by the user.

EAP-Client / WPA2 Enterprise

Use EAP Client

When activated , the EAP client, the WPA2 Enterprise, can be used

Available options for the EAP type EAP-AKA. Additional options will be available for other EAP types

EAP Types

Select EAP Types

The EAP type is selected. Several types can be selected.
The choices are:

EAP-AKA
EAP-FAST
EAP-SIM
LEAP
PEAP
TLS
TTLS

Payload Certificate Anchor UUID

The certificate that is handed to the server by the client as authentication when logging on to the WLAN.

Apple: An array of the UUID of a certificate payload to trust for authentication

notempty

New as of: 2.7

The user certificate $user_cert$ can be used

System Mode Credentials Source

The server for the system mode credentials

Use Open Directory credentials

When activated logging in through Open Directory is possible

Allow two-factor authentication

When activated , two-factor authentication is possible

Trusted certificates

The certificates that are to be trusted are entered.
These certificates must first be stored in the

notempty

New as of: 2.7

The user certificate $user_cert$ can be used

Trusted server names

The names of the servers that are to be trusted are entered

Provision PAC		When activated PAC will be provided
Provision anonymously Displayed when Provision PAC is activated.		When activated PAC will be provided anonymously
Use existing PAC		When activated existing PAC will be used
One time user password		If activated , the user will be prompted to enter the password each time they connect
Outer Identity		A name that hides the user's true name
Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2
Username		Username of the account for the server
Password		Password of the account for the server

EAP SIM Number Of RANDs	3 default	The number of EAP SIMs of the RANDs is selected

One time user password		If activated , the user will be prompted to enter the password each time they connect
Username		Username of the account for the server
Password		Password of the account for the server

One time user password		If activated , the user will be prompted to enter the password each time they connect
Outer Identity		A name that hides the user's true name
Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2
Username		Username of the account for the server
Password		Password of the account for the server

Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2

One time user password		If activated , the user will be prompted to enter the password each time they connect
Outer Identity		A name that hides the user's true name
Max. TLS Version	1.2 default	The maximum TLS version is selected. The choice is: 1.0 1.1 1.2
Min. TLS Version	1.0 default	The minimum TLS version is selected. The choice is: 1.0 1.1 1.2
TTLS Inner Authentication	MSCHAPv2 default	The inner authentication of TTLS is selected. The choices are: PAP EAP CHAP MSCHAP MSCHAPv2
Username		Username of the account for the server
Password		Password of the account for the server

Global HTTP proxy

A Global HTTP proxy can be configured, for example, if devices are permanently on the same network and a local proxy is to be used on the device.
Especially recommended for devices that only have an MDM license. These can then use, for example, the protection functions of a Securepoint UTM with web filter, etc.

Global HTTP proxy configuration

Use global HTTP proxy

When activated the global HTTP proxy is used

Type

Manual
Automatic

For a manual proxy type, the profile contains the proxy server address, including the port, and optionally a user name and password. For an auto proxy type, you can enter a PAC URL.

Allow captive login

Username

The username used to authenticate to the proxy server

Password

The password used for authentication to the proxy server

Server

The network address of the proxy server

Server port

8080

The port used to connect to the proxy server

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Email & Exchange Active Sync

Email accounts

Add account

Multiple mail accounts can be set up in the Email settings section.
These settings affect IMAP or POP3 accounts. Settings for Exchange ActiveSync must be made in the corresponding menu item!

Caption

Value

Description

Email settings

Account description

The display name of the account (e.g. "Company Mail Account")

Account name

Name of the user to be displayed
Variables can be used as well.

Show variables overview

hide

Klicken für dauerhafte Anzeige

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AG → Martin Müller | ttt-Point AG

Email address

The address of the account (e.g. "john@company.com")
The entry $emailaddress$ reads the email address from the user settings of the user to whom the device is assigned.
Variables can be used as well.

The entries $variable1$, $variable2$ and $variable3$ can be defined individually.

Show variables overview

hide

Klicken für dauerhafte Anzeige

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Prevent move

If set to true, messages may not be moved out of this email account into another account

Disable email recipient synchronization

If set to true, this account is excluded from address "recent" syncing

Allow Mail drop

If set to true, this account is allowed to use Mail drop

Prevent App Sheet

If set to true, this account will not be available for sending mail in third party applications

S/MIME Enabled

If set to true, this account will support S/MIME Weitere Konfigurationen einblenden, wenn S/MIME aktiviert aktiv ist

S/MIME signing enabled

If set to true, this account will enable message signing Weitere Konfigurationen einblenden, wenn S/MIME Signierung aktiviert aktiv

S/MIME signing certificate

Keins

The UUID of the certificate used to sign messages sent by this user

S/MIME Verschlüsselung aktiviert

If set to true, this account will support message encryption Weitere Konfigurationen einblenden, wenn S/MIME Verschlüsselung aktiviert aktiv

S/MIME encryption certificate

Keins

The UUID of the certificate used to decrypt received messages

S/MIME enable Per-Message Switch

If set to true, enables the per-message encryption switch

Incoming mails

Caption

Value

Description

Mail server

Hostname or IP address

Port

993

Port number for incoming mail

Account type

IMAP

POP

The protocol for accessing the email account

Username

None

The username used to connect to the server for incoming emails
Variables can be used as well.
$emailaddress$, $username$, $variable1$, $variable2$, $variable3$

Show variables overview

hide

Klicken für dauerhafte Anzeige

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Examples:

The email user name is identical to the device user name: ttt-point.local\%device_user_username%
The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%

Path prefix

Path prefix for IMAP mail server

Incoming Mail Server authentication

Password

The authentication method for the incoming mail server
None
Password
CrammD5
NTLM
HTTPMD5

Password

The password for the incoming mail server

Use SSL

Incoming email retrieval via Secure Socket Layer

Outgoing mails

Caption

Value

Description

Mail server

Hostname or IP address for outgoing email

Port

587

The port number for outgoing email

Username

The username used to connect to the server for outgoing mail
Variables can be used as well. $emailaddress$, $username$, $variable1$, $variable2$, $variable3$

Show variables overview

hide

Klicken für dauerhafte Anzeige

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Examples:

The email user name is identical to the device user name: ttt-point.local\%device_user_username%
The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%

authentication type

Password

The authentication method for the outgoing mail server
None
CrammD5
NTLM
HTTPMD5

Outgoing Password: Same as incoming

SMTP authentication uses the same password as POP/IMAP server for incoming emails Weitere Konfigurationen einblenden, wenn Ausgehendes Passwort deaktiviert ist

Password

The password for the outgoing mail server

Use SSL

Send outgoing email through Secure Socket Layer

Exchange accounts

Add account

Configuration for Exchange mails retrieved via https connections

Caption

Value

Description

Settings Exchange ActiveSync

Account name

The display name of the user (e.g. "John Appleseed"). Different variables can be used.

Show variables overview

hide

Klicken für dauerhafte Anzeige

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Exchange ActiveSync Host

Enter host

Host name or IP address of the Exchange server

Past days of mail to sync

For ever

Synchronization period

Use SSL

Encrypts all messages with SSL (Secure Socket layer)

Email address

None

The address of the account to be synchronized (e.g. "john@company.com") Variables can be used as well.

The entries $variable1$, $variable2$ and $variable3$ can be defined individually.

Show variables overview

hide

Klicken für dauerhafte Anzeige

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Domain\User

Mail domain and mail user

The field must remain empty if the device should ask.
If the domain should be entered automatically, this can be configured on the server.

Variables can be used as well.
$emailaddress$, $username$, $variable1$, $variable2$, $variable3$

Show variables overview

hide

Klicken für dauerhafte Anzeige

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Examples:

The email user name is identical to the device user name: ttt-point.local\%device_user_username%
The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%

Password

The password for the account

Use OAuth

Specifies whether the connection should use OAuth for authentication.

notempty

If OAuth is specified, the password field should remain blank

Weitere Konfigurationen einblenden, wenn OAuth benutzen aktiviert ist

OAuth-Anmelde-URL

URL

Die OAuth-Anmelde-URL

OAuth-Token-Anforderungs-URL

URL

Die OAuth-Token-Anforderungs-URL

Payload certificate UUID

None

UUID of the certificate that is used for authentication

notempty

New as of: 2.7

The user certificate usercertuser_certusercert can be used

Prevent move

If set to true, messages may not be moved out of this email account into another account

Prevent App Sheet

If set to true, this account will not be available for sending mail in third party applications

Allow Mail drop

If set to true, this account is allowed to use Mail Drop

S/MIME Enabled

If set to true, this account will support S/MIME

S/MIME Verschlüsselung aktiviert

If set to true, this account will support message encryption

S/MIME encryption overridable

Allow users to enable or disable S/MIME encryption

S/MIME signing enabled

If set to true, this account will enable message signing

S/MIME signing overridable

Allow users to enable or disable S/MIME signing

S/MIME signing certificate

None

The UUID of the certificate used to sign messages sent by this user

notempty

New as of: 2.7

The user certificate usercertuser_certusercert can be used

S/MIME signing certificate overridable

Allow users to change the S/MIME signing certificate

S/MIME encryption certificate

None

The UUID of the certificate used to decrypt received messages

notempty

New as of: 2.7

The user certificate usercertuser_certusercert can be used

S/MIME encryption certificate overridable

Allow users to change the S/MIME encryption certificate

S/MIME enable Per-Message Switch

If set to true, enables the per-message encryption switch

Disable email recipient synchronization

If this value is set to true, this account will be excluded from the synchronization of the "Recent" addresses

Activate calendar

Calendar overwritable

Allow account to enable/disable calendar

Enable/disable contacts

Enable contacts

Contacts overwritable

Allow account to enable/disable contacts

Enable email

Mail overwritable

Allow account to enable/disable mail

Enable notes

Notes overwritable

Allow account to enable/disable notes

Enable reminders

Reminders overwritable

Allow the account to enable/disable reminders

Overwrite previous password

Audio calls

Enter ID

The bundle ID of the application that processes audio calls made to contacts from this account

Example: Office365 accounts

Example: Integration of an Office 365 account with OAuth

OAuth only works with ActiveSync
Configuration in the Email & Exchange Active Sync tab when adding an Exchange Account

The OAuth data of other providers can be obtained exclusively and directly from these providers

Caption	Value	Description
Account name	Account name	Name of the user to be displayed
Exchange ActiveSync Host	outlook.office365.com	Example for Office365
Past days of mail to sync	For ever	Possible values: 1 day, 3 days, 1 week, 2 weeks, 1 month, forever
Use SSL		Incoming email retrieval via Secure Socket Layer notempty Securepoint recommends to activate the option
Email address	alice@ttt-point.onmicrosoft.de	Possible addresses are selectable from the dropdown menu incl. variables that take the information from the user data
Domain\User	alice@ttt-point.onmicrosoft.de	The previously selected e-mail address of the user
Password		The password for the email account on the mail server notempty If OAuth is specified, the password field should remain blank
Use OAuth		Specifies whether the connection should use OAuth for authentication. Must be activated on the mail server! If OAuth is specified, the password field should remain blank
OAuth login URL	https://login.microsoftonline.com/common/oauth2/v2.0/authorize	Login URL Here shown for Office365 accounts (example)
OAuth token request URL	https://login.microsoftonline.com/common/oauth2/v2.0/token	OAuth token request URL Here shown for Office365 accounts (example)
Payload certificate UUID:	None	If the authentication on the Exchange server is to be done with a certificate, this can be selected here. Show important notes about this option hide Klicken für dauerhafte Anzeige notempty The certificate must be added under Mobile Security Certificate beforehand. Detailed information on this can be found in the wiki for certificates Additionally, in the Certificates tab, the desired certificate must be added in the click box to be transferred to the device.

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Calendar

Calendar with user account

Calendar with user account Variables can be used as well.

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

User	Add account
Caption	Value	Description	Calendar with user account
Hostname	Hostname	Server address of the calendar
Username	Username	The username for the login The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible.
Password	Password	Optional. The password of the user
Use SSL		Enable Secure Socket Layer communication with the CalDAV server
Port	Port	Optional. The port of the server to which the connection is made.
Main URL	Main URL	The URL to the user's calendar. In iOS/iPadOS, this URL is required when the user does not provide a password, because the service auto-detection fails and the account is not created. Optional.
Account description	Account description	Optional. The description of the account.

Add subscription

Subscribed calendar Variables can be used as well.

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Subscriptions	Add subscription
Caption	Value	Description	Subscribed calendar
Hostname	Hostname	Server address of the calendar
Username	Username	The username for the login The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible.
Password	Password	Optional. The password of the user
Use SSL		Enable Secure Socket Layer communication with the CalDAV server
Account description	Account description	Optional. The description of the account.

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

CardDav

Variables can be used as well.

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

User	Add account
Caption	Value	Description	Include address books
Hostname	Hostname	The CardDAV server hostname or IP address
Username	Username	The CardDAV username The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible.
Password	Password	The CardDAV password
Use SSL		When enabled , the Secure Socket Layer communicates with the CardDAV server.
Port	Port	The port number to connect to the CardDAV server
Main URL	Main URL	The main URL for the CardDAV account
Account description	Account description	The display name of the account (e.g. "Company CardDAV Account").

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Google account

Caption	Value	Description	Google Accounts menu item
User	Add account	Adds a Google account. This also makes, for example, the history of Google searches or individual Google Maps configurations, such as special points, available on the device.
Account description	Account description	The displayed name of the account (e.g. "Company Server Account").
Account name	Account name	Full user name of the Google account
Email address	Email address	The address of the account (e.g. "mdm.ttt-point@gmailcom") Addresses of created users (from General Users ) can be selected or freely entered.
Audio calls	Enter ID	The bundle ID of the application that processes audio calls made to contacts from this account

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

AirPrint

Caption	Value	Description	AirPrint menu item
Printer	Add printer	Adds a printer configuration that should always be displayed
IP address	IP address	The IP address of the AirPrint destination
Resource path	ipp/print	The resource path associated with the printer. This corresponds to the rp parameter of the _ipps.tcp Bonjour record. For example: printers/Canon_MG5300_series, printers/Xerox_Phaser_7600 or ipp/print
Port	Port	The port through which to connect to the printer
Force TLS		Secures active AirPrint connections through Transport Layer Security (TLS) when it is enabled.

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Certificates

Certificates are required, for example, to retrieve emails from an Exchange server with https or to confirm the authenticity of self-signed apps.

Caption	Values	Description	Certificates
Activate certificates		After activation , certificates can be added
Certificates	Select certificates	Selection of certificates, Base-64-encoded X.509 or PKCS#12, imported in the Mobile Security Certificate menu. Further information can be found in the Wiki article Certificates. notempty New as of: 2.7 The user certificate $user_cert$ can be used

Status reporting

Apple devices have various system information that (according to Apple's conception at least) can theoretically change.
With Apple's declarative management, device information can be kept up to date in the portal via status reports.

Here you can configure which of these values are automatically transmitted to the MDM portal when changes are made.
The display in the device dashboard then does not need to be updated manually.

The Changes are logged in the Operations Log menu item in the device details.

notempty

For privacy reasons, the options can be enabled or disabled individually.

For full functionality the iOS iPadOS tvOS version 16.1 is required

Caption	Default	Description	Available as of version	Menu option Status message
Activate configuration		When activated , the details of the status information can be specified.
Model family		A string that describes the hardware family of the device, such as Mac, iPhone, or iPad.	iOS 15.0 iPadOS 15.0
Model identifier		A status report of the device’s hardware identifier.	iOS 15.0 iPadOS 15.0
Model name		A string that identifies the device’s marketing name, such as iPhone 12.	iOS 15.0 iPadOS 15.0
OS build version		A string that identifies the operating system’s build version on the device, such as 18F132.	iOS 15.0 iPadOS 15.0
OS family		A string that identifies the operating system family in use on the device, such as macOS or iOS.	iOS 15.0 iPadOS 15.0
OS version		A string that identifies the operating system’s version in use on the device, such as 15.0.	iOS 15.0 iPadOS 15.0
OS name		A string that identifies the operating system’s marketing name in use on the device, such as Catalina.	iOS 15.0 iPadOS 15.0
OS supplemental build version		Identifies the operating system’s build and rapid security response versions in use on the device (for example, 20A123a, or 20B27c).	iOS 16.1 iPadOS 16.1
OS supplemental extra version		Identifies the operating system’s rapid security response version in use on the device (for example, a).	iOS 16.1 iPadOS 16.1
Passcode compliance		If true, the passcode is in compliance with all passcode policies set on the device. If false, the passcode isn’t in compliance with one or more passcode policies set on the device. When there are no passcode policies on the device, this value true.	iOS 16.0 iPadOS 16.0
Passcode presence		If true, a passcode is present on the device. If false, a passcode isn’t present on the device. When a passcode is present, the specific attributes of the passcode (length, number of complex characters, etc), isn’t reported.	iOS 16.0 iPadOS 16.0
MDM installed apps		Ein Statusbericht über die auf dem Gerät, vom MDM, installierten Anwendungen. Dauerhaft aktiviert, um die deklarative Verwaltung vollständig zu unterstützen (ab iOS 17) Dauerhaft aktiv für alle Declarative Device Management (DDM)-fähigen Apple-Geräte .	iOS 16.0 iPadOS 16.0

Close	Closes the tab without applying changes
Save	Applies the changes / new creation, saves and closes the tab

Mobileconfig

Caption	Value	Description	Mobileconfig menu item
Mobileconfig	Upload	Opens a system dialog for uploading a mobile configuration from the Apple Configurator II
All values are purely for information. They are defined by the .mobileconfig and cannot be changed
Name	Securepoint MDM	Name of the configuration
Type	Configuration	File type
Version	1	Version of the file
Identifier	com.apple.mgmt.Externa…	Can be set manually in the Apple Configurator (composed of the device name and a string)
UUID	cd222e1d-38ca-…	Clear identification
Replace		Opens the dialog for importing a configuration that replaces an existing configuration
Delete		Deletes configuration from the devices

Using the user registration profile type

Preamble

Overview of profile management

General Options

Profile tile

Profile-Options

Details displayed in the profile tile:

Profile information

Copy & paste of profiles

Configuration iOS profile User Enrollment

General

Restrictions

Geräte Sicherheit & Datenschutz

Cloud & Synchronisation

Siri & Diktierfunktion

Safari Browser Einstellungen

System & Sonstiges

Datenfluss

Passcode

Apps

Profile created from portal version 1.31 onwards

Profile created before portal version 1.31

App-Lock (Kiosk mode)

Options

Accessibility

User Enabled Options

Networks

Network configuration

Wifi

EAP-Client / WPA2 Enterprise

Global HTTP proxy

Email & Exchange Active Sync

Email accounts

Incoming mails

Outgoing mails

Exchange accounts

Example: Office365 accounts

Calendar

Calendar with user account

Add subscription

CardDav

Google account

AirPrint

Certificates

Status reporting

Mobileconfig