Configuration iOS profiles

Managing profiles for iOS devices in the Mobile Security Portal

Last adaptation to the version: 1.5.6 (03.2021)

New:

Preamble

In a profile, permissions, restrictions, password requirements, e-mail settings and security settings are configured.

Several users or user groups (roles) can be assigned to a profile.
Many devices or device groups (devices designated by tags) can be assigned to a profile.
For a large number of devices and users it is recommended to map the assignment via groups.

Overview of profile management

Overview of profile management

In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.

General Options

Profile tile

		Profile tile
	The button at the top right of each profile tile provides the following options:
Edit	Editing the settings (see below)
Kopieren	Copying the profile to the clipboard
Export	Exporting the settings
Revoke	The profile is withdrawn, i.e. it is no longer available on the devices, but can be configured.
Delete	The profile is deleted.
Details displayed in the profile tile:
Updated	Changes have been made to the profile that have not yet been published!
PARTIALLY INSTALLED	Die Übertragung des Profils konnte nicht vollständig abgeschlossen werden.
Type
Roles	Roles
Users	User
Devices	Devices
Tags	Tags
Parts

Copy & paste of profiles

Click on the logo of the profile tile to mark on or more profiles. In the general options, another field now appears under the filter mask:

iOS profile

General iOS

Caption	Values	Description	Tab General
Type	Typ--Device-Profile
Name	Name	Profilname
Priority	5	The higher the number, the higher the priority. Is only used if a device is affected by multiple profiles.
Roles	Add roles	Klick-Box: The profile will be assigned to all devices of all users with these roles
Users	Add users	The profile will be assigned to all devices from these users
Devices	Add devices	The profile will be assigned to these devices
Tags	Add tags	The profile will be assigned to all devices with these Tags
Comment	Comment	Kommentar

  Save

Restrictions

Configuration by clicking on Activate restrictions

Numerous restrictions can be configured to control the behavior of a device.

   List of possible restrictions with default values and explanations

General restrictions

Restriction	Default	Explication
Allow QuickPath Keyboard	Default:	If set to false, disables QuickPath keyboard.
Allow Network access for Files	Default:	If set to false, prevents connecting to network drives in the Files app.
Allow USB drive for Files	Default:	If set to false, prevents connecting to any connected USB devices in the Files app.
Allow Find My Device	Default:	If set to false, disables Find My Device in the Find My app.
Allow Find My Friends	Default:	If set to false, disables Find My Friends in the Find My app.
Force WiFi on	Default:	If set to true, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use.
Allow Trusting Enterprise Apps	Default:	Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
Allow Screenshots and Screen Recording	Default:	Allows the user to take screenshots or screen recordings
Allow Apple Music	Default:	If set to false, Apple Music will be disabled in the Music app.
Allow iTunes Radio	Default:	If set to false, iTunes Radio will be disabled in the Music app.
Allow Shared Stream	Default:	If set to false, the shared stream is disabled.
Allow Wallet While Locked	Default:	If set to false, Wallet notifications will not be shown on the lock screen.
Allow use of News	Default:	Allows the user to access and use News
Allow modifying Bluetooth settings	Default:	Allow modifying Bluetooth settings
Allow Modifying Cellular Data Usage for Apps Settings	Default:	Allows modifying cellular data usage for apps settings
Allow Modifying Device Name	Default:	Allows the user to change device names.
Allow Automatic Sync While Roaming	Default:	Allows automatic synchronization during roaming.
Allow iCloud Sync for Managed Apps	Default:	Allows iCloud synchronization for managed apps.
Allow Enterprise Books Backup	Default:	Allows Enterprise books to be backed up.
Allow Enterprise Books Notes and Highlights Sync	Default:	Allows Enterprise Books to synchronize notes and highlights.
Allow In App Purchases	Default:	Allows the user to make purchases within applications
Allow Multiplayer Gaming	Default:	Allows Multiplayer Gaming
Allow voice dialing while device is locked	Default:	Allows voice dialing while device is locked
Force Apple Watch Wrist Detection	Default:	Forces Apple Watch Wrist Detection
Allow Pairing With Apple Watch	Default:	Allows Pairing With Apple Watch
Allow Internet results in Spotlight	Default:	If set to false, search results from the web will not be shown in Spotlight.
Allow user to accept untrusted TLS certificates	Default:	Allows user to accept untrusted TLS certificates
Allow Photo Stream	Default:	Allows Photo Stream to be used on the device
Allow iCloud Photo Library	Default:	Allows iCloud Photo Library to be used on the device
Allow iCloud Backup	Default:	Allows backup using iCloud
	Default:
Require iTunes password for all purchases	Default:	Require the user's iTunes password to be entered for every purchase
Apps Ranking Number	1000	Ranking number for apps
Movies Ranking Number	1000	Ranking number for movies
TV Shows Ranking Number	1000	Ranking number for TV Shows
Region Code	Germany	Two-character code for the region used to specify ratings
Accept Cookies in Safari	Never	Accepting cookies Does not accept cookies
	From current website only (iOS 8) or visited sites (pre-iOS 8)	Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages
	From websites I visit	Accepts cookies from all visited websites
	Alwys	Accepts all cookies
Allow JavaScript	Default:	AllowS JavaScript in Safari
Allow Pop-ups	Default:	AllowS Pop-ups in Safari
Enable Fraud Warning	Default:	Enables fraud warning in Safari
Enable allow open from unmanaged to managed	Default:	Allows managed apps to access unmanaged documents.
Enable allow open from managed to unmanaged	Default:	Allows unmanaged apps to access managed documents.
Treat AirDrop as Unmanaged Destination	Default:	When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
Allow Handoff	Default:	If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
Touch ID/Face ID zum Entsperren erlauben	Default:	Allow Touch ID/Face ID to Unlock Device
Allow Modifying Notifications Settings	Default:	Allows Modifying Notifications Settings
Allow incoming AirPlay requests	Default:	Allows incoming AirPlay requests
Allow pairing with Remote app	Default:	Allows pairing with Remote app
Allow dictation	Default:	Allows dictation
Allow Camera Use	Default:	Allows the user to use the camera
Allow Siri	Default:	Allows Siri
Allow Siri While Locked	Default:	Allows Siri while device is locked
Allow Siri User Generated Content	Default:	When false, prevents Siri from querying user-generated content from the web.
Allow Modifying Touch ID/Face ID	Default:	The user is allowed to change the Touch ID/Face ID.
Allow diagnostic submission	Default:	Send diagnostic and usage stats to Apple
Allow modifying diagnostics settings	Default:	The user is allowed to change the diagnostic settings.

Classroom-App

The Classrom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.

Restriction	Default	Explication	(Supervised mode only) SOSO
Remote-Bildschirmbeobachtung zulassen	Default:	Wenn nicht erlaubt, wird die Remote-Bildschirmbeobachtung durch die Classroom-App deaktiviert. Wenn Screenshots deaktiviert sind, beobachtet die Classroom-App keine Remote-Bildschirme.
Erzwingen, dass Kursen automatisch beigetreten werden	Default:	Wenn erzwungen, werden die Anfragen des Lehrers automatisch akzeptiert, ohne dass der Schüler dazu aufgefordert wird.
Erzwinge die Erlaubnis, Klassen zu verlassen	Default:	Wenn erzwungen, muss ein Schüler, der über das Classroom in einen nicht verwalteten Kurs eingeschrieben ist, den Lehrer um Erlaubnis bitten, um den Kurs zu verlassen.
Erzwingen der App- und Gerätesperre	Default:	Wenn erzwungen, kann der Lehrer Apps oder das Gerät sperren, ohne den Schüler dazu aufzufordern.
Bildschirmbeobachtung erzwingen	Default:	Wenn erzwungen wird und eine Fernüberwachung des Bildschirms erlaubt ist, erteilt ein Schüler, der über die Classroom-App in einem verwalteten Kurs eingeschrieben ist, automatisch die Erlaubnis, den Bildschirm zu beobachten, ohne aufgefordert zu werden.

Supervised only

A range of restrictions is only available for devices in the Supervised embedding mode.

Restriction	Default	Explication
Restrict App Usage (supervised only).	Default: Allow all apps Do not allow specific apps Do allow only specific apps	Konfiguriert, ob für Apps keine Einschränkung, eine Blacklist oder eine Whitelist verwendet wird. (supervised only)
Blacklisted Apps Whitelisted Apps	Clickbox for selecting apps	Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps 'Searches the entire app store for possible apps.(supervised only)
Allow Account Modification	Default:	If set to false, account modification is disabled. (Supervised only)(supervised only)
Allow App Removal	Default:	Allows the user to remove apps (supervised only)
Allow Explicit Content	Default:	Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. (supervised only)
Allow use of iMessage	Default:	Allow use of iMessage (supervised only)
Allow Bookstore	Default:	If this value is set to false, the iBookstore will be disabled. . (supervised only)
Allow Bookstore Erotica	Default:	If set to false, the user will not be able to download media from the iBookstore that is tagged as erotica. . (supervised only)
Allow use of iTunes	Default:	Allows the user to use iTunes (supervised only)
Allow use of Safari	Default:	Allows the user to use Safari (supervised only)
Allow Game Center	Default:	Allows the Game Center . (supervised only)
Allow Adding Game Center Friends	Default:	Allows the user to add Friends on Game Center (supervised only)
Allow Modifying Wallpaper	Default:	Allows you to change the background image. (supervised only)
	Default:	(supervised only)
Allow iCloud Document Sync	Default:	Allows document syncing with iCloud (supervised only)
Allow AutoFill in Safari	Default:	Allows autocomplete in Safari browser. (supervised only)
Allow Predictive Keyboard	Default:	Allows Predictive Keyboard (supervised only)
Allow Keyboard Shortcuts	Default:	Allows Keyboard Shortcuts(supervised only)
Allow Auto Correction	Default:	Allows Auto Correction (supervised only)
Allow Spell Check	Default:	Allows Spell Check (supervised only)
Allow Define	Default:	Allows Define Was ist das?(supervised only)
Video-Konferenz erlauben	Default:	Allow Video Conferencing (supervised only)
Enable Siri Profanity Filter	Default:	Enables Siri Profanity Filter (supervised only)
Allow App Installation from Apple Configurator and iTunes	Default:	Allow only a connected Mac host to install applications (supervised only)
Allow Automatic App Downloads	Default:	Allows Automatic App Downloads(supervised only)
Force Delayed Software Updates	Default:	If set to true, delays user visibility of Software Updates. (Supervised only)(supervised only)
Software Update Delay in days	Default: 30	This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. (Supervised only)(supervised only)
	Default:	(supervised only)
Allow Modifying Passcode	Default:	The user is allowed to change the pass code. (supervised only)
Allow UI Configuration Profile Installation	Default:	If set to false, the user is prohibited from installing configuration profiles and certificates interactively. . (supervised only)
Allow Erase All Content and Settings	Default:	If set to false, the user cannot choose the option "Erase All Content and Settings" in Settings → General → Reset (supervised only)
	Default:	(supervised only)

  Save

Settings Passcode

Configuration by clicking on Activate Passcode   

Operation	Default	Description
Require Passcode on Device		Enforces the use of a passcode before using the device
Set maximum number of failed attempts		Anzahl der zulässigen Eingabeversuche, bevor alle Daten auf dem Gerät gelöscht werden    Maximum Number of Failed Attempts 11
Set auto-lock		The number of minutes for which the device can be idle (without being unlocked by the user) before it gets locked by the system Automatic lock after 15 minutes
Set maximum passcode age		The number of days for which the passcode can remain unchanged 730
Restrict password complexity		Allows restricting password complexity    Allow Simple Value    Permits the use of repeating, ascending, and descending character sequences Require Alphabetic Value    Require passcodes to contain at least one letter Minimum Number of Complex Characters 0 Smallest number of non-alphanumeric characters allowed Minimum Passcode Length 0 Smallest allowable number of characters in passcode
Use Passcode History		Allows defining the number of different passcodes required between the reuse of passcodes    Passcode History 1 Number of unique passcodes required between passcode reuse
Use grace period for device lock		Allows defining the maximum time in minutes to unlock the phone    Grace period for device lock -1 The maximum grace period, in minutes, to unlock the phone without entering a passcode. The default value -1 pretends iOS does not apply a time limit.

  Save

Apps & Web clips

caption:	value:	Description:	Apps & Web clips
Apps Apps	✕DieMaus
	✕

App-Lock

The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.

Activate configuration  

In der letzten Spalte (SO) ist vermerkt, wenn diese Funktion ausschließlich im betreuten Modus (supervised only) verfügbar ist.

caption:	Default	Description:
Bundle ID	Default: Bundle ID	The bundle identifier of the application.
Options
Disable touch	Default:	If true, the touch screen is disabled.
Gerätedrehung deaktivieren	Default:
Deaktivieren Sie die Lautstärketasten	Default:
Klingelschalter deaktivieren	Default:
Deaktivieren Sie de Sleep-Wake-Button	Default:
Deaktivieren Sie die automatische Sperre	Default:
Voice-Over aktivieren	Default:
Zoom aktivieren	Default:
Invertieren von Farben aktivieren	Default:
Assistive touch aktivieren	Default:
Sprachauswahl aktivieren	Default:
Mono-Audio aktivieren	Default:
User Enabled Options
Voice-Over	Default:
Zoom	Default:
Farben invertieren	Default:
Assistive touch	Default:

Finish the configuration with   Save

---

Homescreen Layout

Homescreen Layout

---

Network

Network

In this section, access profiles for WiFi networks can be configured and pushed to the device.

Add a network configuration with   Konfiguration hinzufügen

Caption	Values	Description	Network configurations
Network configurations
Name	Name	Name of the configuration
Type	WiFi	Configuration type (WiFi predefined)
SSID	SSID	The SSID of the network
Security		Security Level
	None	no security
	WEP-PSK	insecure
	WPA-PSK	secure
Password	Password	The networks passphrases. Hidden with placeholders<.br> shows the password in plain text.
Hidden SSID		Specifies whether the SSID of the network is visible (button off) or hidden (button on).
Autoconnect		Enable to automatically connect the device to the network.
Type

Finish the configuration with   Save

---

Email & Exchange Active Sync

Email & Exchange Active Sync

Several mail accounts can be set up in the email settings.
These settings affect IMAP or POP3 accounts.
Settings for Exchange ActiveSync must be made in the corresponding tab!

Email accounts

Email accounts	Add account
Operation	Default	Description	Settings Email
Account Description	Account Description	The display name of the account (e.g. "Company Mail Account")
Account Name	Account Name	The display name of the user (e.g. "John Appleseed") Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. The values are taken from the user settings of the user to whom the respective device is assigned * Description: Example %device_user_username% %device_user% $username$ Username mmueller %device_email% $emailaddress$ Email address mmueller@ttt-point.de %device_user_firstname% $firstname$ First name Markus %device_user_lastname% $lastname$ Last name Mueller %device_user_name% $name$ First name and surname Markus Mueller %variable1% $variable1$ custom value %variable2% $variable2$ custom value %variable3% $variable3$ custom value %device_name% $device_name$ %device_alias% $device_alias$ → The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AG → Martin Müller | ttt-Point AG
Email Address	Email Address	The address of the account (e.g. "john@company.com") Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. The values are taken from the user settings of the user to whom the respective device is assigned * Description: Example %device_user_username% %device_user% $username$ Username mmueller %device_email% $emailaddress$ Email address mmueller@ttt-point.de %device_user_firstname% $firstname$ First name Markus %device_user_lastname% $lastname$ Last name Mueller %device_user_name% $name$ First name and surname Markus Mueller %variable1% $variable1$ custom value %variable2% $variable2$ custom value %variable3% $variable3$ custom value %device_name% $device_name$ %device_alias% $device_alias$ → The entry %device_email% reads the email address from the user settings of the user to whom the device is assigned.
Prevent Move		If set to true, messages may not be moved out of this email account into another account.
Disable Mail Recents Syncing		If set to true, this account is excluded from address Recents syncing.
Allow Mail Drop		If set to true, this account is allowed to use Mail Drop.
Prevent App Sheet		If set to true, this account will not be available for sending mail in third party applications
S/MIME Enabled		If set to true, this account will support S/MIME
S/MIME Signing Enabled		If set to true, this account will enable message signing.
S/MIME Encryption Enabled		If set to true, this account will support message encryption.
S/MIME Enable Per-Message Switch		If set to true, enable the per-message encryption switch.
Incoming mails
Operation	Default	Description
Mailserver	Mailserver	Hostname or IP Address
Port	993	Port number for incoming mail
Account Type	IMAP POP	The protocol for accessing the email account
Username	Select user	The username used to connect to the server for incoming mail Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. The values are taken from the user settings of the user to whom the respective device is assigned * Description: Example %device_user_username% %device_user% $username$ Username mmueller %device_email% $emailaddress$ Email address mmueller@ttt-point.de %device_user_firstname% $firstname$ First name Markus %device_user_lastname% $lastname$ Last name Mueller %device_user_name% $name$ First name and surname Markus Mueller %variable1% $variable1$ custom value %variable2% $variable2$ custom value %variable3% $variable3$ custom value %device_name% $device_name$ %device_alias% $device_alias$ → Examples: The email user name is identical to the device user name: ttt-point.local\%device_user_username% The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%
Path Prefix	Path Prefix	Path prefix for IMAP mail server
Incoming Mail Server Authentification	authentication method	The authentication method for the incoming mail server None Password CrammD5 NTLM HTTPMD5
Password	Password	The password for the incoming mail server
Use SSL		Send outgoing mail through Secure Socket Layer
Outgoing mails
Operation	Default	Description
Mail Server	Mail Server	Hostname or IP address for outgoing mail
Port	587	The port number for outgoing mail
Username	Select user	The username used to connect to the server for outgoing mail. Examples: The email user name is identical to the device user name: ttt-point.local\%device_user_username% The email user name is stored in the user settings as variable1: ttt-point.local\%variable1% Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. The values are taken from the user settings of the user to whom the respective device is assigned * Description: Example %device_user_username% %device_user% $username$ Username mmueller %device_email% $emailaddress$ Email address mmueller@ttt-point.de %device_user_firstname% $firstname$ First name Markus %device_user_lastname% $lastname$ Last name Mueller %device_user_name% $name$ First name and surname Markus Mueller %variable1% $variable1$ custom value %variable2% $variable2$ custom value %variable3% $variable3$ custom value %device_name% $device_name$ %device_alias% $device_alias$ →
authentication type	authentication method	The authentication method for the outgoing mail server Password CrammD5 NTLM HTTPMD5
Outgoing Password Same As Incoming		SMTP authentication uses the same password as POP/IMAP    Password Password The password for the outgoing mail server
Use SSL		end outgoing mail through Secure Socket Layer

---

Exchange accounts

Exchange accounts  Add account

Configuration for Exchange mails retrieved via https connections.

Configuration by clicking on Activate exchange   

Operation	Default	Description	Settings Exchange ActiveSync
Account Name		The display name of the user (e.g. "John Appleseed"). Different variables can be used. Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. The values are taken from the user settings of the user to whom the respective device is assigned * Description: Example %device_user_username% %device_user% $username$ Username mmueller %device_email% $emailaddress$ Email address mmueller@ttt-point.de %device_user_firstname% $firstname$ First name Markus %device_user_lastname% $lastname$ Last name Mueller %device_user_name% $name$ First name and surname Markus Mueller %variable1% $variable1$ custom value %variable2% $variable2$ custom value %variable3% $variable3$ custom value %device_name% $device_name$ %device_alias% $device_alias$ →
Exchange ActiveSync Host	Enter host	Host name or IP address of the Exchange server.
Past Days of Mail to Sync	Forever	synchronization period
Use SSL		Send all communication through Secure Socket layer
Email Address	Select Email Address	The address of the account to be synchronized (e.g. "john@company.com"). Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. The values are taken from the user settings of the user to whom the respective device is assigned * Description: Example %device_user_username% %device_user% $username$ Username mmueller %device_email% $emailaddress$ Email address mmueller@ttt-point.de %device_user_firstname% $firstname$ First name Markus %device_user_lastname% $lastname$ Last name Mueller %device_user_name% $name$ First name and surname Markus Mueller %variable1% $variable1$ custom value %variable2% $variable2$ custom value %variable3% $variable3$ custom value %device_name% $device_name$ %device_alias% $device_alias$ →
Domain\User	Username	Mail domain and mail user The field must remain empty if the device should ask. If the domain should be entered automatically, this can be configured on the server. Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. The values are taken from the user settings of the user to whom the respective device is assigned * Description: Example %device_user_username% %device_user% $username$ Username mmueller %device_email% $emailaddress$ Email address mmueller@ttt-point.de %device_user_firstname% $firstname$ First name Markus %device_user_lastname% $lastname$ Last name Mueller %device_user_name% $name$ First name and surname Markus Mueller %variable1% $variable1$ custom value %variable2% $variable2$ custom value %variable3% $variable3$ custom value %device_name% $device_name$ %device_alias% $device_alias$ → Examples: The email user name is identical to the device user name: ttt-point.local\%device_user_username% The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%
Password	Password	The password for the account
Payload Certificate UUID	Select certificate	UUID of the certificate that is used for authentication.
Prevent Move		If set to true, messages may not be moved out of this email account into another account.
Prevent App Sheet		If set to true, this account will not be available for sending mail in third party applications
Allow Mail Drop		If set to true, this account is allowed to use Mail Drop.
S/MIME Enabled		If set to true, this account will support S/MIME
S/MIME Signing Enabled		If set to true, this account will enable message signing.
S/MIME Encryption Enabled		If set to true, this account will support message encryption.
S/MIME Enable Per-Message Switch		If set to true, enable the per-message encryption switch.
Disable Mail Recents Syncing		If set to true, this account is excluded from address Recents syncing.

  Save

Example: Integration of an Office 365 account

Operation	value:
Exchange ActiveSync Host	outlook.office.de
Use SSL
Email Address	support.ttt-point.onmicrosoft.de
Domain\User	support.ttt-point.onmicrosoft.de
Password	The password for the account

---

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.

---

The values are taken from the user settings of the user to whom the respective device is assigned

*	Description:	Example
%device_user_username% %device_user% $username$	Username	mmueller
%device_email% $emailaddress$	Email address	mmueller@ttt-point.de
%device_user_firstname% $firstname$	First name	Markus
%device_user_lastname% $lastname$	Last name	Mueller
%device_user_name% $name$	First name and surname	Markus Mueller
%variable1% $variable1$	custom value
%variable2% $variable2$	custom value
%variable3% $variable3$	custom value
%device_name% $device_name$
%device_alias% $device_alias$
→

	Add account
caption:	value:	Description:

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.

---

The values are taken from the user settings of the user to whom the respective device is assigned

*	Description:	Example
%device_user_username% %device_user% $username$	Username	mmueller
%device_email% $emailaddress$	Email address	mmueller@ttt-point.de
%device_user_firstname% $firstname$	First name	Markus
%device_user_lastname% $lastname$	Last name	Mueller
%device_user_name% $name$	First name and surname	Markus Mueller
%variable1% $variable1$	custom value
%variable2% $variable2$	custom value
%variable3% $variable3$	custom value
%device_name% $device_name$
%device_alias% $device_alias$
→

caption:	value:	Description:

---

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.

---

The values are taken from the user settings of the user to whom the respective device is assigned

*	Description:	Example
%device_user_username% %device_user% $username$	Username	mmueller
%device_email% $emailaddress$	Email address	mmueller@ttt-point.de
%device_user_firstname% $firstname$	First name	Markus
%device_user_lastname% $lastname$	Last name	Mueller
%device_user_name% $name$	First name and surname	Markus Mueller
%variable1% $variable1$	custom value
%variable2% $variable2$	custom value
%variable3% $variable3$	custom value
%device_name% $device_name$
%device_alias% $device_alias$
→

	Add account
caption:	value:	Description:

---

Certificates

Certificates

Certificates

Certificates are required, for example, to retrieve emails from an Exchange server with https or to confirm the authenticity of self-signed apps.

Caption	Values	Description
Certificates	Select certificates	Selection of Base-64-encoded X.509 certificates imported in the   Certificate menu.

---

Settings Security

Security iOS

Security

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.

Numerous settings are configured, that control the security of web applications.

Configuration by clicking on Activate security   

Aktion	Default	Beschreibung
Region	Germany / EU	Geographical assignment of the VPN endpoint
Protocol	TCP	Protocol used for VPN tunnel. TCP or UDP
Portfilter Type		Filter network traffic based on network ports.
	Open	all ports are open
	Closed	Only port 80 (http) and 443 (https) are enabled.
	Selection	Port filter rule selection: Specify which port collections are open for network traffic: Die Seite Vorlage:Ui-icon.css hat keinen Inhalt. Port-Collection Port Protocol Application ✕ Administrative Tools 21 TCP ftp 3389 TCP ms-rdp 23 TCP telnet 5900 TCP vnc 22 TCP ssh 5938 TCP/UDP teamviewer ✕ Communication 3478-3481 UDP Skype 49152-65535 UDP 49152-65535 TCP 5222 TCP Google Push-Notifications 5223 UDP 5228 TCP ✕ VOIP 5060 UDP SIP/RTP 7070-7089 UDP ✕ VPN 1194 TCP OpenVPN 1194 UDP 500 UDP IPSec 4500 UDP & ESP 1701 UDP L2TP ✕ Mail 25 TCP smtp 587 TCP 465 TCP smtps 110 TCP pop3 995 TCP 143 TCP imap 993 TCP
SSL interception	Default	Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
Content-Filter-Whitelist	Add entries	Click box: Web pages that are to be added to a whitelist. Possible entries: Contentfilter
Content-Filter-Blacklist	Add entries	Click box: Websites that are to be added to a blacklist.
Disable for SSIDs	Add SSIDs	Enter WLAN SSIDs for which the security features shall be disabled.
Disable for IP addresses	Add IPs	IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
Allow Suspend Always-On-VPN		Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user.
Appconfiguration
Allow other VPN profiles		Allows adding other VPN profiles in addition to the security profile

  Save

---

Shared devices

Shared devices

Shared devices

Information that can be displayed on the login screen and lock screen.
Devices used by different people Shared device in Apple terminology can thus display accessible information for everyone (e.g. an inventory number).

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.

---

The values are taken from the user settings of the user to whom the respective device is assigned

*	Description:	Example
%device_user_username% %device_user% $username$	Username	mmueller
%device_email% $emailaddress$	Email address	mmueller@ttt-point.de
%device_user_firstname% $firstname$	First name	Markus
%device_user_lastname% $lastname$	Last name	Mueller
%device_user_name% $name$	First name and surname	Markus Mueller
%variable1% $variable1$	custom value
%variable2% $variable2$	custom value
%variable3% $variable3$	custom value
%device_name% $device_name$
%device_alias% $device_alias$
→

caption:	Default	Description:
Activate configuration		After setting this, you can set the shared device configuration. The Shared Device Configuration Payload allows you to specify optional text displayed on the login window and lock screen (i.e. a ”If Lost, Return To” message and Asset Tag Information). It is supported on iOS 9.3 and later.
Lockscreen footnote		Optional. A footnote displayed on the login window and lock screen.
Asset Tag Information		Optional. Asset tag information for the device, displayed on the login window and lock screen.

  Save

---