Managing iOS profiles with the Shared iPad type in the Mobile Security Portal
Last adaptation to the version: 2.15 (03.2026)
New:
notempty
This article refers to a Beta version
Preamble
In a profile permissions, restrictions, password requirements, email settings and security settings are configured.
Several users or user groups (roles) can be assigned to a profile.
Several devices or device groups (devices designated by tags) can be assigned to a profile.
notempty
For a large number of devices and users it is recommended to map the assignment via groups.
- Device registration is directly tied to a profile
- A profile must be created first' (and configured) before a device can be registered
In Android Enterprise profiles, numerous security-relevant settings can be made, e.g.
- Disable Kamara
- Disable microphone
- Disable USB file transfer
- Disable outgoing calls
- Disable Bluetooth
- Disable contact sharing
- Disable tethering
- Disable sms
- Enable network only with VPN
- and much more.
notempty
Android Enterprise Profiles are used immediately and do not need to be published!
- Outdated Android profiles behave fundamentally different than Android Enterprise Profiles (EMM)
- It is no longer possible to assign a profile to a role, user or tag
Overview of profile management | ||||
| In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles. |  |
 | ||
General Options | ||||
| Filters on profile tiles that contain the search text | ||||
| Sort |
Clicking this button opens a menu where you can sort the tiles according to specific criteria | |||
| Sort |
Clicking this button opens a menu where you can sort the tiles according to specific criteria | |||
Sorts the tiles by profile name | ||||
Sorts the tiles according to the priority of the profile | ||||
Sorts the tiles in ascending or descending order according to the selected criterion | ||||
| Add profile | Creates a new profile. The settings in the profile vary depending on the operating system. | |||
| Import profile | Existing profiles that were previously exported from the Securepoint Mobile Security Portal can be imported here | |||
| Hide generated profiles | Hides the generated profiles | |||
| Show details | Show / hide details: For a large number of profiles, it can be useful to hide the most important details for clarity. | |||
| / List view / Grid view | Switch between lists and grid view | |||
| Refresh | Refreshes the display | |||
Profile tile
| ||||
Profile-Options
| ||||
| The button at the top right of each profile tile provides the following options: | ||||
| Edit | Editing the settings (see below) | |||
| Copy | Copying the profile to the clipboard | |||
| Export | Exporting the settings | |||
| Delete | The profile is deleted notempty Android profiles that have at least one assigned device cannot be deleted.New as of: 2.5 | |||
Details displayed in the profile tile: | ||||
| Updated | Changes have been made to the profile that have not yet been published! | |||
| Partially installed | Not all sub profiles were able to be installed | |||
Profile information | ||||
| Type | Profile type (see below) | |||
| Roles | Roles | |||
| Users | User | |||
| Devices | Devices | |||
| tags | Tags | |||
| Parts | Listing of the sub-profiles that make up the complete Mobile Security Profile. | |||
Copy & paste of profiles
| ||||
| Click on the logo of the profile tile to mark one or more profiles In the general options, another field now appears under the filter mask: | ||||
| Action for selected items | Execute the selected action with Ok | |||
| Copies one or more selected profiles to the clipboard | ||||
| Deletes one or more selected profiles notempty Android profiles that have at least one assigned device cannot be deleted.New as of: 2.5 | ||||
| Paste | Inserts a copy of a profile from the clipboard
| |||
General
General
Add profile
| Caption | Value | Description |  |
|---|---|---|---|
| Type | Device profile | Standard device profile | |
| Shared iPad | Profile that allows different users for one iPad | ||
| Apple TV profiles | Profile with limited settings options. Additional settings for Apple TV | ||
| User Enrollmant profile | Profile owned by the user on which managed apps of the company can be installed | ||
| Name | Name | Profile name | |
| Priority | 5 | The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles. | |
| Roles | Add roles | Click-Box: The profile will be assigned to all devices of all users with these roles | |
| Users | Add users | The profile will be assigned to all devices from these users | |
| Devices | Add devices | The profile will be assigned to these devices | |
| Tags | Add tags | The profile will be assigned to all devices with these tags | |
| Comment | Comment | Comment | |
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
Restrictions
Restrictions
| Caption | Value | Description |
|---|---|---|
|
| ||
| Allow automatic unlocking | When deactivated , the automatic unlocking is disabled | |
| When deactivated , today's lock screen view will be disabled | ||
| Force encrypted backups | When activated , encrypted backups are enforced | |
| When activated , ad tracking will be restricted | ||
| Allow trusting enterprise apps | When deactivated , Enterprise apps are not trusted | |
| When deactivated , wallet notifications will not be shown on the lock screen | ||
| When activated , Apple's Mail Privacy Protection (AMPP) is activated | ||
| When deactivated , Touch ID/Face ID is not allowed to unlock the device | ||
| When deactivated , the user is not permitted to change the Touch ID/Face ID | ||
| When deactivated , diagnostic and usage data is not sent to Apple | ||
| When deactivated , the user is not permitted to change the diagnostic settings | ||
|
| ||
| Allow network access for files | When deactivated , the connection to network drives is prevented in the file app | |
| When deactivated , changes to the Bluetooth settings are not permitted | ||
| When deactivated , the mobile data uses for app settings cannot be changed | ||
| When deactivated , the user is not allowed to accept untrusted certificates in TLS | ||
| When deactivated , handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | ||
|
| ||
| When deactivated , the use of the iCloud Photo Library on the device is not permitted | ||
| When deactivated , the backup with the iCloud is not permitted | ||
| When deactivated , automatic synchronisation is deactivated during roaming | ||
| When deactivated , Enterprise books are not saved | ||
| When deactivated , Enterprise books and highlights are not synchronised | ||
|
| ||
| When deactivated no in-app purchases can be made | ||
| When deactivated , multiplayer gaming is not allowed | ||
| When activated , the user's iTunes password is required for all purchases | ||
|
| ||
| When deactivated , Siri is not allowed | ||
| When deactivated , Siri is not allowed while the device is locked | ||
| When deactivated , it prevents Siri from querying requests with user-generated content | ||
| When deactivated , dictations are not allowed | ||
| When deactivated , the QuickPath keyboard is disabled | ||
| Force translation on the device only | When activated , the device does not connect to Siri servers for translation purposes | |
| Allow QuickPath keyboard | When deactivated , the QuickPath keyboard is disabled | |
|
| ||
| When deactivated , Apple Music will be disabled in the Music app | ||
| When deactivated , iTunes Radio will be disabled in the Music app | ||
| When deactivated no news can be used | ||
|
hide Klicken für dauerhafte Anzeige 17+ 12+ 9+ 4+
| ||
|
hide Klicken für dauerhafte Anzeige FSK 18 FSK 16 FSK 12 FSK 6 FSK 0
| ||
|
hide Klicken für dauerhafte Anzeige | ||
|
| ||
|
hide Klicken für dauerhafte Anzeige Never Always
| ||
| When deactivated , JavaScript is not allowed in Safari | ||
| When deactivated , pop-ups are not allowed in Safari | ||
| Enable fraud warning | When activated , the fraud warning in Safari is activated | |
|
| ||
| Allow OTAPKI updates | When deactivated , OTAPKI updates are disabled | |
| When deactivated , the temporary session of the shared device is disabled | ||
| When activated , all devices receiving AirPlay requests from this device will be forced to use a pairing password | ||
| When deactivated , the device name cannot be changed | ||
| Allow voice dialing while device is locked | When deactivated , no voice dialling is allowed, even if the device is locked | |
| Force Apple Watch wrist detection | When activated , Apple Watch wrist detection is enforced | |
| Allow pairing with Apple Watch | When deactivated , pairing with Apple Watch is not permitted | |
| When deactivated , search results from the web will not be shown in Spotlight | ||
| When deactivated , restricts Apple's personalized advertising. Available in iOS 14 and later | ||
| When deactivated , the user is not allowed to use the camera | ||
|
| ||
| When deactivated , writing unmanaged contacts will be disabled | ||
| When deactivated , unmanaged apps cannot access contacts of managed accounts and that managed apps do not save contacts in the local Contacts app | ||
| When deactivated , iCloud synchronisation is deactivated for managed apps | ||
| When deactivated , iCloud synchronisation is deactivated for managed apps | ||
| When deactivated , iCloud synchronisation is deactivated for managed apps | ||
| When activated , the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | ||
| Treat AirDrop as unmanaged destination | When activated , it prevents protected (managed) data from leaving the device without authorisation via Airdrop | |
Classroom-App
The Classroom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.
Show restrictions
Hide restrictions
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Restrictions | Default | Explanation |
|---|---|---|
| Allow remote screen monitoring | If not allowed, remote screen monitoring is disabled by the Classroom app. When screenshots are disabled, the Classroom app does not observe remote screens. | |
| If enforced, the instructor's requests are automatically accepted without prompting the student. | ||
| If enforced, a student enrolled in an unmanaged course through Classroom must ask the instructor for permission to leave the course. | ||
| If enforced, the teacher can lock apps or the device without prompting the student. | ||
| When enforced and remote screen monitoring is allowed, a student enrolled in a managed course through the classroom app automatically grants permission to watch the screen without being prompted. |
Restrictions for supervised devices
Restrictions for supervised devices| Restriction | Default | Explanation |
|---|---|---|
|
| ||
| Allow all apps |
hide Klicken für dauerhafte Anzeige Allow all apps Do not allow certain apps Allow only certain apps
| |
| Blocked apps | Choose application | Blocked apps |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. | |
| Erlaubte Apps | Choose application | Allowed apps |
| Add system apps | If the selection is limited to Allowed apps, all system apps can be added to the click box. The system apps can then be removed individually. | |
| Choose application | Allowed apps in single app mode | |
| Allows the user to remove apps | ||
| Allow only a connected Mac host to install applications | ||
| Allow automatic app downloads | Allows automatic app downloads | |
| Allow the user to install applications | ||
| When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. | ||
|
| ||
| Allow AirDrop | If set to false, AirDrop will be disabled | |
| Allow AirPrint | If set to false, AirPrint will be disabled | |
| Allow saving AirPrint credentials | If set to false, the storage of AirPrint credentials is disabled | |
| Allow AirPrint iBeacon detection | If set to false, AirPrint iBeacon detection will be disabled | |
| If set to true, AirPrint enforces the trusted TLS request | ||
| Allow change of mobile tariff | If set to false, the change of the mobile tariff will be disabled | |
| Allow iCloud keychain synchronization | If set to false, cloud keychain synchronization is disabled | |
| Allow private iCloud relay | If set to disabled, iCloud Private Relay will be disabled | |
| Allow eSIM changes | If set to false, the eSIM change will be disabled | |
| If set to false, access to the files USB drive is disabled | ||
| Allow host pairing | Allow host pairing notempty
If pairing is switched off, the end device can no longer be connected to a computer via USB
Please ensure that the end device always has a functioning Internet connection even without pairing | |
| Allow NFC | If set to false, NFC will be disabled | |
| If set to false, the change of the personal hotspot will be disabled | ||
| Allow VPN creation | If set to false, VPN creation will be disabled | |
|
| ||
| If set to false, the auto-completion of the password will be disabled | ||
| If set to true, authentication is enforced before autofilling | ||
| If set to false, password proximity requests are disabled | ||
| If set to false, password sharing will be disabled | ||
| If inactive, account modification will be disabled. notempty
This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps. notempty
iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. | ||
| If set to false, the modification will be disabled for find my friends | ||
|
| ||
| Allow Podcasts | If set to false, podcasts will be disabled | |
| Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. | ||
| Allow use of iMessage | ||
| Supervised only. If disabled, iBookstore will be disabled | ||
| Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica | ||
| When enabled the iTunes Music Store is activated | ||
| Allows the user to use Safari | ||
| Allow Game Center | ||
| Allow the user to add friends to the Game Center | ||
| Allow Game Center | ||
| Enables Siri profanity filter | ||
| Allow modifying wallpaper | Allow changing the background image | |
| Allow changing the background image | ||
|
| ||
| Allow removal of system apps | If set to false, the removal of system apps is disabled | |
| If set to false, unpaired external booting for recovery is disabled | ||
| Allow restricted USB mode | If set to false, the restricted USB mode will be disabled | |
| Force automatic date and time | If set to true, the date and time are automatically enforced | |
| If set to true, WLAN is forced only on allowed networks | ||
| If set to true, WLAN is forced only on allowed networks | ||
| Allow changing the passcode | ||
| If set to false, the user is prohibited from installing configuration profiles and certificates interactively | ||
| If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset | ||
| Allow configuration restrictions | ||
| Allow document synchronization with iCloud | ||
| When active, user visibility of software updates is delayed. | ||
| 30 | With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. | |
|
| ||
| Allow predictive keyboard. | ||
| Allow keyboard shortcuts. | ||
| Allow autocorrect. | ||
| Allow correction help. | ||
| Allow correction help. | ||
| If set to false, the hibernation of the device is disabled | ||
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
Notification settings
Notification settings
| Add settings |
The settings are made separately for each app | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Application | Enter id | The bundle ID of the application
notempty
Entering an unknown bundle ID can cause problems | |
| Enable notifications | Enables, respectively disables notifications for this app. | ||
| Alert type | Temporary banner | The notification type for notifications for this app: None/Banner/Warning | |
| Permanent banner | |||
| None | |||
| Badges enabled | Allow or disallow for this app. | ||
| Enable critical alerts | When active , critical alerts are enabled that can ignore "Do Not Disturb" and ringer settings for this app. | ||
| Grouping type | Automatic | The notification grouping type | |
| by App | |||
| Off | |||
| Preview type | Always | The notification type preview | |
| When unlocked | Displays the notification only when the device is unlocked | ||
| Never | Never displays the notifications | ||
| Show in CarPlay | When active, notifications are displayed in CarPlay | ||
| Show in lock screen | Determines whether notifications can be displayed in the lock screen | ||
| Show in notification center | Determines whether notifications are displayed in the notification center | ||
| Sounds enabled | Determines if sounds are allowed for this app | ||
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
AppsApps | |||
Profile created from portal version 1.31 onwardsnotempty Profile created from portal version 1.31 onwards notempty
New as of 1.31 | |||
| Managing apps and web clips via profiles is outdated and no longer available. Reassigning applications to devices is now done via the menu item . Further information can be found in the Wiki article on iOS apps |
 | ||
Profile created before portal version 1.31notempty Profile created before portal version 1.31 | |||
notempty
This function is deprecated. In profiles before version 1.31, apps can be removed but not newly added. Reassigning applications to devices is now handled via the menu item in the side menu. This also allows for later uninstallation of the application. Further information can be found in the Wiki article on iOS apps | |||
| Caption | Value | Description |  |
|---|---|---|---|
| Apps |
Securepoint VPN Client | The created apps can only be deleted. New apps cannot be added, Apps are added and removed from an iOS profile via the portal page | |
| Web clips | Securepoint Wiki [Label: SP Wiki] (https://wiki.securepoint.de) | The created Web clips can only be deleted. New Web clips cannot be added, Web clips are added and removed from an iOS profile via the portal page | |
App-Lock (Kiosk mode)
App-Lock (Kiosk mode)The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.
Activate configuration
Show restrictions
Hide restrictions
| 1. | 2. | 3. |
| Abb.1 | Abb.2 | Abb.3 |
| Abbildungen | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Bundle ID | Enter ID | The bundle ID of the application
notempty
Entering an unknown bundle ID can cause problems | |
Options
| |||
| Disable Touch Input | If true, the touch screen is disabled | ||
| Disable Auto-Rotation | If active, device rotation detection is disabled | ||
| Disable Volume Buttons | When active, the volume keys are disabled | ||
| Disable Ringer (Mute) Switch | When active, the ringtone switch is disabled | ||
| Disable Sleep/Wake Button | When active, the sleep / wake button is disabled | ||
| Disable Auto-Lock | If active, the device is not automatically set to sleep mode after an idle period | ||
Accessibility
| |||
| Force Enable VoiceOver | If active, voice over is enabled | ||
| Enable Zoom | When active, zoom is enabled | ||
| Enable Inverted Colors | If active, invert colors is enabled | ||
| Enable AssistiveTouch | When active, AssistiveTouch is enabled | ||
| Force Enable Speak Selection | |||
| Force Enable Mono Audio | When active, mono audio is enabled | ||
| Force Enable Voice Control | If active, the language selection is enabled. | ||
User Enabled Options
| |||
| Allow VoiceOver | If active, VoiceOver customization is allowed | ||
| Allow Zoom | If active, the zoom setting is allowed | ||
| Allow Inverted Colors | If active, the colors invert setting is allowed | ||
| Allow AssistiveTouch | If active, AssistiveTouch customization is allowed | ||
| Allow Voice Control | |||
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
Email & Exchange Active Sync
Email & Exchange Active Sync
Email accountsEmail accounts | |||||||||||||||||||||||||||||||||||||||
| Add account | Multiple mail accounts can be set up in the Email settings section. These settings affect IMAP or POP3 accounts. Settings for Exchange ActiveSync must be made in the corresponding menu item! | ||||||||||||||||||||||||||||||||||||||
| Caption | Value | Description |  | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Account description | Account description | The display name of the account (e.g. "Company Mail Account") | |||||||||||||||||||||||||||||||||||||
| Account name | Account name | Name of the user to be displayed Variables can be used as well. Show variables overview hide Klicken für dauerhafte Anzeige The values are taken from the user settings of the user to whom the respective device is assigned
The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AG → Martin Müller | ttt-Point AG | |||||||||||||||||||||||||||||||||||||
| Email address | Email address | The address of the account (e.g. "john@company.com") The entry $emailaddress$ reads the email address from the user settings of the user to whom the device is assigned. Variables can be used as well. The entries $variable1$, $variable2$ and $variable3$ can be defined individually. Show variables overview hide Klicken für dauerhafte Anzeige The values are taken from the user settings of the user to whom the respective device is assigned
| |||||||||||||||||||||||||||||||||||||
| Prevent move |
If set to true, messages may not be moved out of this email account into another account | ||||||||||||||||||||||||||||||||||||||
| Disable email recipient synchronization |
If set to true, this account is excluded from address "recent" syncing | ||||||||||||||||||||||||||||||||||||||
| Allow Mail drop |
If set to true, this account is allowed to use Mail drop | ||||||||||||||||||||||||||||||||||||||
| Prevent App Sheet |
If set to true, this account will not be available for sending mail in third party applications | ||||||||||||||||||||||||||||||||||||||
| S/MIME Enabled | If set to true, this account will support S/MIME | ||||||||||||||||||||||||||||||||||||||
| S/MIME signing enabled | If set to true, this account will enable message signing | ||||||||||||||||||||||||||||||||||||||
| S/MIME signing certificate | The UUID of the certificate used to sign messages sent by this user | ||||||||||||||||||||||||||||||||||||||
| If set to true, this account will support message encryption | |||||||||||||||||||||||||||||||||||||||
| S/MIME encryption certificate | The UUID of the certificate used to decrypt received messages | ||||||||||||||||||||||||||||||||||||||
| S/MIME enable Per-Message Switch | If set to true, enables the per-message encryption switch | ||||||||||||||||||||||||||||||||||||||
Incoming mails | |||||||||||||||||||||||||||||||||||||||
| Caption | Value | Description | |||||||||||||||||||||||||||||||||||||
| Mail server | Mail server | Hostname or IP address | |||||||||||||||||||||||||||||||||||||
| Port | 993 | Port number for incoming mail | |||||||||||||||||||||||||||||||||||||
| Account type | IMAP |
The protocol for accessing the email account | |||||||||||||||||||||||||||||||||||||
| Username | None | The username used to connect to the server for incoming emails Variables can be used as well. $emailaddress$, $username$, $variable1$, $variable2$, $variable3$ Show variables overview hide Klicken für dauerhafte Anzeige The values are taken from the user settings of the user to whom the respective device is assigned
Examples:
| |||||||||||||||||||||||||||||||||||||
| Path prefix | Path prefix | Path prefix for IMAP mail server | |||||||||||||||||||||||||||||||||||||
| Incoming Mail Server authentication | Password | The authentication method for the incoming mail server None Password CrammD5 NTLM HTTPMD5 | |||||||||||||||||||||||||||||||||||||
| Password | Password | The password for the incoming mail server | |||||||||||||||||||||||||||||||||||||
| Use SSL | Incoming email retrieval via Secure Socket Layer | ||||||||||||||||||||||||||||||||||||||
Outgoing mails | |||||||||||||||||||||||||||||||||||||||
| Caption | Value | Description | |||||||||||||||||||||||||||||||||||||
| Mail server | Hostname or IP address for outgoing email | ||||||||||||||||||||||||||||||||||||||
| Port | 587 | The port number for outgoing email | |||||||||||||||||||||||||||||||||||||
| Username | The username used to connect to the server for outgoing mail Variables can be used as well. $emailaddress$, $username$, $variable1$, $variable2$, $variable3$ Show variables overview hide Klicken für dauerhafte Anzeige The values are taken from the user settings of the user to whom the respective device is assigned
Examples:
| ||||||||||||||||||||||||||||||||||||||
| authentication type | Password | The authentication method for the outgoing mail server None CrammD5 NTLM HTTPMD5 | |||||||||||||||||||||||||||||||||||||
| Outgoing Password: Same as incoming | SMTP authentication uses the same password as POP/IMAP server for incoming emails | ||||||||||||||||||||||||||||||||||||||
| Password | Password | The password for the outgoing mail server | |||||||||||||||||||||||||||||||||||||
| Use SSL | Send outgoing email through Secure Socket Layer | ||||||||||||||||||||||||||||||||||||||
Exchange accountsExchange accounts | |||||||||||||||||||||||||||||||||||||||
| Add account | Configuration for Exchange mails retrieved via https connections | ||||||||||||||||||||||||||||||||||||||
| Caption | Value | Description |  | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Account name | The display name of the user (e.g. "John Appleseed"). Different variables can be used. Show variables overview hide Klicken für dauerhafte Anzeige The values are taken from the user settings of the user to whom the respective device is assigned
| ||||||||||||||||||||||||||||||||||||||
| Exchange ActiveSync Host | Enter host | Host name or IP address of the Exchange server | |||||||||||||||||||||||||||||||||||||
| Past days of mail to sync | For ever | Synchronization period | |||||||||||||||||||||||||||||||||||||
| Use SSL | Encrypts all messages with SSL (Secure Socket layer) | ||||||||||||||||||||||||||||||||||||||
| Email address | None | The address of the account to be synchronized (e.g. "john@company.com") Variables can be used as well. The entries $variable1$, $variable2$ and $variable3$ can be defined individually. Show variables overview hide Klicken für dauerhafte Anzeige The values are taken from the user settings of the user to whom the respective device is assigned
| |||||||||||||||||||||||||||||||||||||
| Domain\User | Mail domain and mail user
| ||||||||||||||||||||||||||||||||||||||
| Password | Password | The password for the account | |||||||||||||||||||||||||||||||||||||
| Use OAuth | Specifies whether the connection should use OAuth for authentication. notempty
If OAuth is specified, the password field should remain blank | ||||||||||||||||||||||||||||||||||||||
| URL | |||||||||||||||||||||||||||||||||||||||
| URL | |||||||||||||||||||||||||||||||||||||||
| Payload certificate UUID |
None | UUID of the certificate that is used for authentication notempty The user certificate usercertuser_certusercert can be used
New as of: 2.7 | |||||||||||||||||||||||||||||||||||||
| Prevent move |
If set to true, messages may not be moved out of this email account into another account | ||||||||||||||||||||||||||||||||||||||
| Prevent App Sheet |
If set to true, this account will not be available for sending mail in third party applications | ||||||||||||||||||||||||||||||||||||||
| Allow Mail drop |
If set to true, this account is allowed to use Mail Drop | ||||||||||||||||||||||||||||||||||||||
| S/MIME Enabled |
If set to true, this account will support S/MIME | ||||||||||||||||||||||||||||||||||||||
|
|
If set to true, this account will support message encryption | ||||||||||||||||||||||||||||||||||||||
|
Allow users to enable or disable S/MIME encryption | ||||||||||||||||||||||||||||||||||||||
|
If set to true, this account will enable message signing | ||||||||||||||||||||||||||||||||||||||
|
Allow users to enable or disable S/MIME signing | ||||||||||||||||||||||||||||||||||||||
|
None | The UUID of the certificate used to sign messages sent by this user notempty The user certificate usercertuser_certusercert can be used
New as of: 2.7 | |||||||||||||||||||||||||||||||||||||
|
Allow users to change the S/MIME signing certificate | ||||||||||||||||||||||||||||||||||||||
|
None | The UUID of the certificate used to decrypt received messages notempty The user certificate usercertuser_certusercert can be used
New as of: 2.7 | |||||||||||||||||||||||||||||||||||||
|
Allow users to change the S/MIME encryption certificate | ||||||||||||||||||||||||||||||||||||||
|
If set to true, enables the per-message encryption switch | ||||||||||||||||||||||||||||||||||||||
| Disable email recipient synchronization | If this value is set to true, this account will be excluded from the synchronization of the "Recent" addresses | ||||||||||||||||||||||||||||||||||||||
| Activate calendar | Activate calendar | ||||||||||||||||||||||||||||||||||||||
| Calendar overwritable | Allow account to enable/disable calendar | ||||||||||||||||||||||||||||||||||||||
| Enable/disable contacts | Enable contacts | ||||||||||||||||||||||||||||||||||||||
| Contacts overwritable | Allow account to enable/disable contacts | ||||||||||||||||||||||||||||||||||||||
| Enable email | Enable email | ||||||||||||||||||||||||||||||||||||||
| Mail overwritable | Allow account to enable/disable mail | ||||||||||||||||||||||||||||||||||||||
| Enable notes | Enable notes | ||||||||||||||||||||||||||||||||||||||
| Notes overwritable | Allow account to enable/disable notes | ||||||||||||||||||||||||||||||||||||||
| Enable reminders | Enable reminders | ||||||||||||||||||||||||||||||||||||||
| Reminders overwritable | Allow the account to enable/disable reminders | ||||||||||||||||||||||||||||||||||||||
| Overwrite previous password | Overwrite previous password | ||||||||||||||||||||||||||||||||||||||
| Audio calls | Enter ID | The bundle ID of the application that processes audio calls made to contacts from this account | |||||||||||||||||||||||||||||||||||||
Example: Office365 accounts
Example: Office365 accountsExample: Integration of an Office 365 account with OAuth
Configuration in the Email & Exchange Active Sync tab when adding an Exchange Account
| Caption | Value | Description |
|---|---|---|
| Account name | Account name | Name of the user to be displayed |
| Exchange ActiveSync Host | outlook.office365.com | Example for Office365 |
| Past days of mail to sync | For ever | Possible values: 1 day, 3 days, 1 week, 2 weeks, 1 month, forever |
| Use SSL | Incoming email retrieval via Secure Socket Layer
notempty
Securepoint recommends to activate the option | |
| Email address | alice@ttt-point.onmicrosoft.de | Possible addresses are selectable from the dropdown menu incl. variables that take the information from the user data |
| Domain\User | alice@ttt-point.onmicrosoft.de | The previously selected e-mail address of the user |
| Password | The password for the email account on the mail server notempty
If OAuth is specified, the password field should remain blank | |
| Use OAuth | Specifies whether the connection should use OAuth for authentication.
| |
| OAuth login URL | https://login.microsoftonline.com/common/oauth2/v2.0/authorize | Login URL Here shown for Office365 accounts (example) |
| OAuth token request URL | https://login.microsoftonline.com/common/oauth2/v2.0/token | OAuth token request URL Here shown for Office365 accounts (example) |
| Payload certificate UUID: | None | If the authentication on the Exchange server is to be done with a certificate, this can be selected here. Show important notes about this option hide Klicken für dauerhafte Anzeige notempty The certificate must be added under beforehand. Detailed information on this can be found in the wiki for certificates Additionally, in the Certificates tab, the desired certificate must be added in the click box to be transferred to the device. |
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
Calendar
Calendar
Calendar with user account
Calendar with user account Variables can be used as well.The values are taken from the user settings of the user to whom the respective device is assigned
| Variable name in profiles | Description | Example |  |
|---|---|---|---|
| $username$ alternative names: %device_user% %device_user_username% |
Username | jdoe | |
| $emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de | |
| $firstname$ alternative name: %device_user_firstname% |
First name | John | |
| $lastname$ alternative name: %device_user_lastname% |
Last name | Doe | |
| $name$ alternative name: %device_user_name% |
First name and surname | John Doe | |
| $variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local | |
| $variable2$ alternative name: %variable2% |
custom value | ||
| $variable3$ alternative name: %variable3% |
custom value | ||
| $device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller | |
| $device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Storage1 | |
| Defining the values in the user administration in the portal under: or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary. | |||
| User | Add account | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Hostname | Hostname | Server address of the calendar | |
| Username | Username | The username for the login The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible. | |
| Password | Password | Optional. The password of the user | |
| Use SSL | Enable Secure Socket Layer communication with the CalDAV server | ||
| Port | Port | Optional. The port of the server to which the connection is made. | |
| Main URL | Main URL | The URL to the user's calendar. | |
| Account description | Account description | Optional. The description of the account. | |
Add subscription
Subscribed calendar Variables can be used as well.The values are taken from the user settings of the user to whom the respective device is assigned
| Variable name in profiles | Description | Example | |
|---|---|---|---|
| $username$ alternative names: %device_user% %device_user_username% |
Username | jdoe | |
| $emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de | |
| $firstname$ alternative name: %device_user_firstname% |
First name | John | |
| $lastname$ alternative name: %device_user_lastname% |
Last name | Doe | |
| $name$ alternative name: %device_user_name% |
First name and surname | John Doe | |
| $variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local | |
| $variable2$ alternative name: %variable2% |
custom value | ||
| $variable3$ alternative name: %variable3% |
custom value | ||
| $device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller | |
| $device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Storage1 | |
| Defining the values in the user administration in the portal under: or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary. | |||
| Subscriptions | Add subscription | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Hostname | Hostname | Server address of the calendar | |
| Username | Username | The username for the login The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible. | |
| Password | Password | Optional. The password of the user | |
| Use SSL | Enable Secure Socket Layer communication with the CalDAV server | ||
| Account description | Account description | Optional. The description of the account. | |
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
CardDav
CardDav
Variables can be used as well.
The values are taken from the user settings of the user to whom the respective device is assigned
| Variable name in profiles | Description | Example | |
|---|---|---|---|
| $username$ alternative names: %device_user% %device_user_username% |
Username | jdoe | |
| $emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de | |
| $firstname$ alternative name: %device_user_firstname% |
First name | John | |
| $lastname$ alternative name: %device_user_lastname% |
Last name | Doe | |
| $name$ alternative name: %device_user_name% |
First name and surname | John Doe | |
| $variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local | |
| $variable2$ alternative name: %variable2% |
custom value | ||
| $variable3$ alternative name: %variable3% |
custom value | ||
| $device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller | |
| $device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Storage1 | |
| Defining the values in the user administration in the portal under: or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary. | |||
| User | Add account | ||
| Caption | Value | Description |  |
|---|---|---|---|
| Hostname | Hostname | The CardDAV server hostname or IP address | |
| Username | Username | The CardDAV username The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible. | |
| Password | Password | The CardDAV password | |
| Use SSL | When enabled , the Secure Socket Layer communicates with the CardDAV server. | ||
| Port | Port | The port number to connect to the CardDAV server | |
| Main URL | Main URL | The main URL for the CardDAV account | |
| Account description | Account description | The display name of the account (e.g. "Company CardDAV Account"). | |
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
Google account
Google account
| Caption | Value | Description |  |
|---|---|---|---|
| User | Add account | Adds a Google account. This also makes, for example, the history of Google searches or individual Google Maps configurations, such as special points, available on the device. | |
| Account description | Account description | The displayed name of the account (e.g. "Company Server Account"). | |
| Account name | Account name | Full user name of the Google account | |
| Email address | Email address | The address of the account (e.g. "mdm.ttt-point@gmailcom") Addresses of created users (from ) can be selected or freely entered. | |
| Audio calls | Enter ID | The bundle ID of the application that processes audio calls made to contacts from this account | |
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
Shared Device Configuration
notempty
The profile used with these settings can only be installed on an iPad if no users have been previously registered on this iPad. The iPad must therefore be reset to the factory settings. | |||
| Caption | Value | Description |  |
|---|---|---|---|
| Activate configuration | The shared device configuration can be set by activating . | ||
| Managed Apple ID default domains | Enter domains | A list of domains displayed on the login screen of the Shared iPad. When logging into the device, the user can select a domain from the list to complete their Managed Apple ID. The corresponding domain is added to their login. | |
| Online authentication grace period | 0 | ||
| Quota size | 0 | The quota size (in megabytes MB) for each user on the shared device or, if the quota size is too small, the minimum quota size. | |
| Resident users | 0 | The expected number of users. If this entered number is greater than the value for the maximum possible number of users that the device supports, the MDM server uses the maximum possible number instead. | |
| Skip language setup | When is activated, the system automatically selects the system language and regional scheme for the new Shared iPad user. | ||
| Temporary session only | If is activated, the user sees the welcome screen for guests and can only log in as a guest user. | ||
| Time limit for temporary session | 30 | The temporary session is automatically logged off after the specified period (in seconds) of inactivity. | |
| User session timeout | 30 | The user session is automatically logged off after the specified period (in seconds) of inactivity. | |
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |
Shared iPad User
| Caption | Value | Description |  |
|---|---|---|---|
| Apple IDs | admin@ttt-point.de | This profile will be available on all General selected Devices for these Apple IDs. | |
| Close | Closes the tab without applying changes |
| Save | Applies the changes / new creation, saves and closes the tab |