Jump to:navigation, search
Wiki

Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.



























De.png
Fr.png


Managing profiles for iOS devices in the Mobile Security Portal

Last adaptation to the version: 1.5.6 (03.2021)



New:


  • Android devices are administered with Android Enterprise Profiles.

  • Preamble

    In a profile, permissions, restrictions, password requirements, e-mail settings and security settings are configured.

    Several users or user groups (roles) can be assigned to a profile.
    Many devices or device groups (devices designated by tags) can be assigned to a profile.
    For a large number of devices and users it is recommended to map the assignment via groups.


    Overview of profile management

    Overview of profile management

    In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.


    General Options

    Filter displayed profiles
     Filter  Search
    The search criteria can be filtered to specific areas:
    all
    Devices
    Platform
    tags
    roles
    used
    User
    Add profile
     Add profile
    Creates a new profile. The settings in the profile vary depending on the operating system. See Edit iOS / Edit Android
    Import profile
     Import profile
    Show details
    Show details
    List view / Grid view
    List view / Grid view
    /
    Switch between lists and grid view.
    Refresh
    Refresh the display



    Profile tile

    Profile Options
    edit
    Export
    Copy
    Revoke
    delete
    MSP v1.5.7 Profil Kachel-en.png
    Profile tile
    The button at the top right of each profile tile provides the following options:
      Edit Editing the settings (see below)
     Kopieren Copying the profile to the clipboard
      Export Exporting the settings
      Revoke The profile is withdrawn, i.e. it is no longer available on the devices, but can be configured.
      Delete The profile is deleted.

    Details displayed in the profile tile:
    Updated Changes have been made to the profile that have not yet been published!
    PARTIALLY INSTALLED Die Übertragung des Profils konnte nicht vollständig abgeschlossen werden.
      Type
      Roles Roles
      Users User
      Devices Devices
      Tags Tags
      Parts



    Copy & paste of profiles

    Click on the logo of the profile tile to mark on or more profiles. In the general options, another field now appears under the filter mask:

    Action for selected items  Please choose Execute the selected action with Ok
     Copy Copies one or more selected profiles to the clipboard.
     Delete Deletes one or more selected profiles
    New button   Paste Inserts a copy of a profile from the clipboard.
    This also works from one tenant / customer to another as long as they are assigned to the same reseller account.   AnyIdeas GmbH

    iOS profile

    General iOS

    General
    Caption Values Description MSP v1.5.7 Profile Allgemein-en.png
    Tab General
    Type Typ--Device-Profile
  •    
       
    Name Name Profilname
    Priority 5Link= The higher the number, the higher the priority. Is only used if a device is affected by multiple profiles.
    Roles Add roles Klick-Box: The profile will be assigned to all devices of all users with these roles
    Users Add users The profile will be assigned to all devices from these users
    Devices Add devices The profile will be assigned to these devices
    Tags Add tags The profile will be assigned to all devices with these Tags
    Comment Comment Kommentar

      Save






    Restrictions

    Restrictions
    Restrictions


    Configuration by clicking on Activate restrictions

    Numerous restrictions can be configured to control the behavior of a device.


       List of possible restrictions with default values and explanations

    General restrictions
    Table-check.png


    Restriction Default Explication
    Allow QuickPath Keyboard Default:    If set to false, disables QuickPath keyboard.
    Allow Network access for Files Default:    If set to false, prevents connecting to network drives in the Files app.
    Allow USB drive for Files Default:    If set to false, prevents connecting to any connected USB devices in the Files app.
    Allow Find My Device Default:    If set to false, disables Find My Device in the Find My app.
    Allow Find My Friends Default:    If set to false, disables Find My Friends in the Find My app.
    Force WiFi on Default:    If set to true, prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use.
    Allow Trusting Enterprise Apps Default:    Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
    Allow Screenshots and Screen Recording Default:    Allows the user to take screenshots or screen recordings
    Allow Apple Music Default:    If set to false, Apple Music will be disabled in the Music app.
    Allow iTunes Radio Default:    If set to false, iTunes Radio will be disabled in the Music app.
    Allow Shared Stream Default:    If set to false, the shared stream is disabled.
    Allow Wallet While Locked Default:    If set to false, Wallet notifications will not be shown on the lock screen.
    Allow use of News Default:    Allows the user to access and use News
    Allow modifying Bluetooth settings Default:    Allow modifying Bluetooth settings
    Allow Modifying Cellular Data Usage for Apps Settings Default:    Allows modifying cellular data usage for apps settings
    Allow Modifying Device Name Default:    Allows the user to change device names.
    Allow Automatic Sync While Roaming Default:    Allows automatic synchronization during roaming.
    Allow iCloud Sync for Managed Apps Default:    Allows iCloud synchronization for managed apps.
    Allow Enterprise Books Backup Default:    Allows Enterprise books to be backed up.
    Allow Enterprise Books Notes and Highlights Sync Default:    Allows Enterprise Books to synchronize notes and highlights.
    Allow In App Purchases Default:    Allows the user to make purchases within applications
    Allow Multiplayer Gaming Default:    Allows Multiplayer Gaming
    Allow voice dialing while device is locked Default:    Allows voice dialing while device is locked
    Force Apple Watch Wrist Detection Default:    Forces Apple Watch Wrist Detection
    Allow Pairing With Apple Watch Default:    Allows Pairing With Apple Watch
    Allow Internet results in Spotlight Default:    If set to false, search results from the web will not be shown in Spotlight.
    Allow user to accept untrusted TLS certificates Default:    Allows user to accept untrusted TLS certificates
    Allow Photo Stream Default:    Allows Photo Stream to be used on the device
    Allow iCloud Photo Library Default:    Allows iCloud Photo Library to be used on the device
    Allow iCloud Backup Default:    Allows backup using iCloud
    Default:   
    Require iTunes password for all purchases Default:    Require the user's iTunes password to be entered for every purchase
    Apps Ranking Number 1000Link= Ranking number for apps
    Movies Ranking Number 1000Link= Ranking number for movies
    TV Shows Ranking Number 1000Link= Ranking number for TV Shows
    Region Code Germany Two-character code for the region used to specify ratings
    Accept Cookies in Safari Never Accepting cookies
    Does not accept cookies
    From current website only (iOS 8) or visited sites (pre-iOS 8) Depending on iOS version:
    from iOS 8: Only from current website
    from iOS 8: Only from visited pages
    From websites I visit Accepts cookies from all visited websites
    Alwys Accepts all cookies
    Allow JavaScript Default:    AllowS JavaScript in Safari
    Allow Pop-ups Default:    AllowS Pop-ups in Safari
    Enable Fraud Warning Default:    Enables fraud warning in Safari
    Enable allow open from unmanaged to managed Default:    Allows managed apps to access unmanaged documents.
    Enable allow open from managed to unmanaged Default:    Allows unmanaged apps to access managed documents.
    Treat AirDrop as Unmanaged Destination Default:    When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
    Allow Handoff Default:    If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
    Touch ID/Face ID zum Entsperren erlauben Default:    Allow Touch ID/Face ID to Unlock Device
    Allow Modifying Notifications Settings Default:    Allows Modifying Notifications Settings
    Allow incoming AirPlay requests Default:    Allows incoming AirPlay requests
    Allow pairing with Remote app Default:    Allows pairing with Remote app
    Allow dictation Default:    Allows dictation
    Allow Camera Use Default:    Allows the user to use the camera
    Allow Siri Default:    Allows Siri
    Allow Siri While Locked Default:    Allows Siri while device is locked
    Allow Siri User Generated Content Default:    When false, prevents Siri from querying user-generated content from the web.
    Allow Modifying Touch ID/Face ID Default:    The user is allowed to change the Touch ID/Face ID.
    Allow diagnostic submission Default:    Send diagnostic and usage stats to Apple
    Allow modifying diagnostics settings Default:    The user is allowed to change the diagnostic settings.



    Classroom-App

    The Classrom App is available free of charge in the App-Store and offers possibilities for use in school classes.
    Important restrictions can be configured here.

    Table-check.png
    Restriction Default Explication (Supervised mode only) SOSO 
    Remote-Bildschirmbeobachtung zulassen Default:   Wenn nicht erlaubt, wird die Remote-Bildschirmbeobachtung durch die Classroom-App deaktiviert. Wenn Screenshots deaktiviert sind, beobachtet die Classroom-App keine Remote-Bildschirme.
    Erzwingen, dass Kursen automatisch beigetreten werden Default:   Wenn erzwungen, werden die Anfragen des Lehrers automatisch akzeptiert, ohne dass der Schüler dazu aufgefordert wird.
    Erzwinge die Erlaubnis, Klassen zu verlassen Default:   Wenn erzwungen, muss ein Schüler, der über das Classroom in einen nicht verwalteten Kurs eingeschrieben ist, den Lehrer um Erlaubnis bitten, um den Kurs zu verlassen.
    Erzwingen der App- und Gerätesperre Default:   Wenn erzwungen, kann der Lehrer Apps oder das Gerät sperren, ohne den Schüler dazu aufzufordern.
    Bildschirmbeobachtung erzwingen Default:   Wenn erzwungen wird und eine Fernüberwachung des Bildschirms erlaubt ist, erteilt ein Schüler, der über die Classroom-App in einem verwalteten Kurs eingeschrieben ist, automatisch die Erlaubnis, den Bildschirm zu beobachten, ohne aufgefordert zu werden.


    Supervised only

    A range of restrictions is only available for devices in the Supervised embedding mode.

    Table-check.png
    Restriction Default Explication
    Restrict App Usage (supervised only). Default: Allow all apps
    Do not allow specific apps
    Do allow only specific apps
    Konfiguriert, ob für Apps keine Einschränkung,
    eine Blacklist oder
    eine Whitelist verwendet wird. (supervised only)
    Blacklisted Apps
    Whitelisted Apps
    Clickbox for selecting apps Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps
    'Searches the entire app store for possible apps.(supervised only)
    Allow Account Modification Default:    If set to false, account modification is disabled. (Supervised only)(supervised only)
    Allow App Removal Default:    Allows the user to remove apps (supervised only)
    Allow Explicit Content Default:    Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. (supervised only)
    Allow use of iMessage Default:    Allow use of iMessage (supervised only)
    Allow Bookstore Default:    If this value is set to false, the iBookstore will be disabled. . (supervised only)
    Allow Bookstore Erotica Default:    If set to false, the user will not be able to download media from the iBookstore that is tagged as erotica. . (supervised only)
    Allow use of iTunes Default:    Allows the user to use iTunes (supervised only)
    Allow use of Safari Default:    Allows the user to use Safari (supervised only)
    Allow Game Center Default:    Allows the Game Center . (supervised only)
    Allow Adding Game Center Friends Default:    Allows the user to add Friends on Game Center (supervised only)
    Allow Modifying Wallpaper Default:    Allows you to change the background image. (supervised only)
    Default:    (supervised only)
    Allow iCloud Document Sync Default:    Allows document syncing with iCloud (supervised only)
    Allow AutoFill in Safari Default:    Allows autocomplete in Safari browser. (supervised only)
    Allow Predictive Keyboard Default:    Allows Predictive Keyboard (supervised only)
    Allow Keyboard Shortcuts Default:    Allows Keyboard Shortcuts(supervised only)
    Allow Auto Correction Default:    Allows Auto Correction (supervised only)
    Allow Spell Check Default:    Allows Spell Check (supervised only)
    Allow Define Default:    Allows Define Was ist das?(supervised only)
    Video-Konferenz erlauben Default:    Allow Video Conferencing (supervised only)
    Enable Siri Profanity Filter Default:    Enables Siri Profanity Filter (supervised only)
    Allow App Installation from Apple Configurator and iTunes Default:    Allow only a connected Mac host to install applications (supervised only)
    Allow Automatic App Downloads Default:    Allows Automatic App Downloads(supervised only)
    Force Delayed Software Updates Default:    If set to true, delays user visibility of Software Updates. (Supervised only)(supervised only)
    Software Update Delay in days Default: 30Link= This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. (Supervised only)(supervised only)
    Default:    (supervised only)
    Allow Modifying Passcode Default:    The user is allowed to change the pass code. (supervised only)
    Allow UI Configuration Profile Installation Default:    If set to false, the user is prohibited from installing configuration profiles and certificates interactively. . (supervised only)
    Allow Erase All Content and Settings Default:    If set to false, the user cannot choose the option "Erase All Content and Settings" in Settings → General → Reset (supervised only)
    Default:    (supervised only)

      Save





    Passcode

    Passcode
    Settings Passcode


    Configuration by clicking on Activate Passcode   


    Operation Default Description
    Require Passcode on Device    Enforces the use of a passcode before using the device
    Set maximum number of failed attempts    Anzahl der zulässigen Eingabeversuche, bevor alle Daten auf dem Gerät gelöscht werden

      
    Maximum Number of Failed Attempts 11Link=

    Set auto-lock   

      

    The number of minutes for which the device can be idle (without being unlocked by the user) before it gets locked by the system

    Automatic lock after 15Link= minutes

    Set maximum passcode age   

      

    The number of days for which the passcode can remain unchanged 730Link=
    Restrict password complexity    Allows restricting password complexity
      
    Allow Simple Value    Permits the use of repeating, ascending, and descending character sequences
    Require Alphabetic Value    Require passcodes to contain at least one letter
    Minimum Number of Complex Characters 0Link= Smallest number of non-alphanumeric characters allowed
    Minimum Passcode Length 0Link= Smallest allowable number of characters in passcode
    Use Passcode History    Allows defining the number of different passcodes required between the reuse of passcodes
      
    Passcode History 1Link= Number of unique passcodes required between passcode reuse
    Use grace period for device lock    Allows defining the maximum time in minutes to unlock the phone
      
    Grace period for device lock -1Link= The maximum grace period, in minutes, to unlock the phone without entering a passcode.
    The default value -1Link= pretends iOS does not apply a time limit.

      Save




    Apps & Web clips

    Apps & Web clips
    caption: value: Description: MSP v1.5.7 Profile Apps-en.png
    Apps & Web clips
    Apps
    Apps
    DieMaus

    App-Lock
    App-Lock

    The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.

    Activate configuration  

    Table-check.png

    In der letzten Spalte (SO) ist vermerkt, wenn diese Funktion ausschließlich im betreuten Modus (supervised only) verfügbar ist.

    caption: Default Description:
    Bundle ID Default: Bundle ID The bundle identifier of the application.

    Options
    Disable touch Default:    If true, the touch screen is disabled.
    Gerätedrehung deaktivieren Default:   
    Deaktivieren Sie die Lautstärketasten Default:   
    Klingelschalter deaktivieren Default:   
    Deaktivieren Sie de Sleep-Wake-Button Default:   
    Deaktivieren Sie die automatische Sperre Default:   
    Voice-Over aktivieren Default:   
    Zoom aktivieren Default:   
    Invertieren von Farben aktivieren Default:   
    Assistive touch aktivieren Default:   
    Sprachauswahl aktivieren Default:   
    Mono-Audio aktivieren Default:   

    User Enabled Options
    Voice-Over Default:   
    Zoom Default:   
    Farben invertieren Default:   
    Assistive touch Default:   


    Finish the configuration with   Save





    Homescreen Layout

    Homescreen Layout





    Network

    Network

    In this section, access profiles for WiFi networks can be configured and pushed to the device.

    Add a network configuration with   Konfiguration hinzufügen


    Caption Values Description MSP v1.5.7 Profile Netzweke-en.png
    Network configurations
    Network configurations
    Name Name Name of the configuration
    Type WiFi Configuration type (WiFi predefined)
    SSID SSID The SSID of the network
    Security Security Level
    None no security
    WEP-PSK insecure
    WPA-PSK secure
    Password Password The networks passphrases. Hidden with placeholders<.br> shows the password in plain text.
    Hidden SSID    Specifies whether the SSID of the network is visible (button off) or hidden (button on).
    Autoconnect    Enable to automatically connect the device to the network.

      
    Type    
       
      
       
       
       
       Link=


    Finish the configuration with   Save




    Email & Exchange Active Sync

    Email & Exchange Active Sync

    Several mail accounts can be set up in the email settings.
    These settings affect IMAP or POP3 accounts.
    Settings for Exchange ActiveSync must be made in the corresponding tab!



    Email accounts
    Email accounts

     Add account
    Operation Default Description MSP v1.5.7 Profile iOS E-Mail-en.png
    Settings Email
    Account Description Account Description The display name of the account (e.g. "Company Mail Account")
    Account Name Account Name The display name of the user (e.g. "John Appleseed")

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$



  • The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AGMartin Müller | ttt-Point AG
    Email Address Email Address The address of the account (e.g. "john@company.com")

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$



  • The entry %device_email% reads the email address from the user settings of the user to whom the device is assigned.
    Prevent Move    If set to true, messages may not be moved out of this email account into another account.
    Disable Mail Recents Syncing    If set to true, this account is excluded from address Recents syncing.
    Allow Mail Drop    If set to true, this account is allowed to use Mail Drop.
    Prevent App Sheet    If set to true, this account will not be available for sending mail in third party applications
    S/MIME Enabled    If set to true, this account will support S/MIME
    S/MIME Signing Enabled    If set to true, this account will enable message signing.
    S/MIME Encryption Enabled    If set to true, this account will support message encryption.
    S/MIME Enable Per-Message Switch    If set to true, enable the per-message encryption switch.

    Incoming mails
    Operation Default Description
    Mailserver Mailserver Hostname or IP Address
    Port 993Link= Port number for incoming mail
    Account Type IMAP

    POP
    The protocol for accessing the email account
    Username Select user The username used to connect to the server for incoming mail

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$


  • Examples:
    • The email user name is identical to the device user name: ttt-point.local\%device_user_username%
    • The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%
    Path Prefix Path Prefix Path prefix for IMAP mail server
    Incoming Mail Server Authentification authentication method The authentication method for the incoming mail server
    None
    Password
    CrammD5
    NTLM
    HTTPMD5
    Password Password The password for the incoming mail server
    Use SSL    Send outgoing mail through Secure Socket Layer

    Outgoing mails
    Operation Default Description
    Mail Server Mail Server Hostname or IP address for outgoing mail
    Port 587Link= The port number for outgoing mail
    Username Select user The username used to connect to the server for outgoing mail. Examples:
    • The email user name is identical to the device user name: ttt-point.local\%device_user_username%
    • The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$


  • authentication type authentication method The authentication method for the outgoing mail server
    Password
    CrammD5
    NTLM
    HTTPMD5
    Outgoing Password Same As Incoming    SMTP authentication uses the same password as POP/IMAP
      
    Password Password The password for the outgoing mail server
    Use SSL    end outgoing mail through Secure Socket Layer


    Exchange accounts
    Exchange accounts  Add account

    Configuration for Exchange mails retrieved via https connections.

    Configuration by clicking on Activate exchange   

    Operation Default Description MSP v1.5.7 Profile iOS Exchange-en.png
    Settings Exchange ActiveSync
    Account Name     The display name of the user (e.g. "John Appleseed"). Different variables can be used.

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$


  • Exchange ActiveSync Host Enter host Host name or IP address of the Exchange server.
    Past Days of Mail to Sync Forever synchronization period
    Use SSL    Send all communication through Secure Socket layer
    Email Address Select Email Address The address of the account to be synchronized (e.g. "john@company.com").

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$


  • Domain\User Username Mail domain and mail user
    • The field must remain empty if the device should ask.
    • If the domain should be entered automatically, this can be configured on the server.
    • Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























      The values are taken from the user settings of the user to whom the respective device is assigned
      * Description: Example
      %device_user_username%
      %device_user%
      $username$
      Username mmueller
      %device_email%
      $emailaddress$
      Email address mmueller@ttt-point.de
      %device_user_firstname%
      $firstname$
      First name Markus
      %device_user_lastname%
      $lastname$
      Last name Mueller
      %device_user_name%
      $name$
      First name and surname Markus Mueller
      %variable1%
      $variable1$
      custom value
      %variable2%
      $variable2$
      custom value
      %variable3%
      $variable3$
      custom value
      %device_name%
      $device_name$

    • %device_alias%
      $device_alias$


    • Examples:
      • The email user name is identical to the device user name: ttt-point.local\%device_user_username%
      • The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%
    Password Password The password for the account
    Payload Certificate UUID Select certificate UUID of the certificate that is used for authentication.
    Prevent Move    If set to true, messages may not be moved out of this email account into another account.
    Prevent App Sheet    If set to true, this account will not be available for sending mail in third party applications
    Allow Mail Drop    If set to true, this account is allowed to use Mail Drop.
    S/MIME Enabled    If set to true, this account will support S/MIME
    S/MIME Signing Enabled
       If set to true, this account will enable message signing.
    S/MIME Encryption Enabled
       If set to true, this account will support message encryption.
    S/MIME Enable Per-Message Switch
       If set to true, enable the per-message encryption switch.
    Disable Mail Recents Syncing    If set to true, this account is excluded from address Recents syncing.

      Save

    Example: Integration of an Office 365 account

    Operation value:
    Exchange ActiveSync Host outlook.office.de
    Use SSL   
    Email Address support.ttt-point.onmicrosoft.de
    Domain\User support.ttt-point.onmicrosoft.de
    Password The password for the account




    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$



  •  Add account
    caption: value: Description: MSP v1.5.7 Profile iOS Kalender Benutzer-en.png
       
       
       
      
       Link=
       
       


    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$



  •  
    caption: value: Description: MSP v1.5.7 Profile iOS Kalender Abos-en.png
       
       
       
      
       Link=
       

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$




  •  Add account
    caption: value: Description: MSP v1.5.7 Profile iOS CardDav.png
       
       
       
      
       Link=
       
       




    Certificates

    Certificates

    Certificates

    Certificates are required, for example, to retrieve emails from an Exchange server with https or to confirm the authenticity of self-signed apps.

    Caption Values Description
      
    Certificates Select certificates Selection of Base-64-encoded X.509 certificates imported in the   Certificate menu.



    Settings Security

    Security iOS

    Security

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.


























    Numerous settings are configured, that control the security of web applications.

    Configuration by clicking on Activate security   


    Aktion Default Beschreibung
    Region Germany / EU Geographical assignment of the VPN endpoint
    Protocol TCP Protocol used for VPN tunnel. TCP or UDP
    Portfilter Type Filter network traffic based on network ports.
    Open all ports are open
    Closed Only port 80 (http) and 443 (https) are enabled.
    Selection Port filter rule selection: Specify which port collections are open for network traffic:

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.





























    Port-Collection Port Protocol Application
    Administrative Tools 21 TCP ftp
    3389 TCP ms-rdp
    23 TCP telnet
    5900 TCP vnc
    22 TCP ssh
    5938 TCP/UDP teamviewer
    Communication 3478-3481 UDP Skype
    49152-65535 UDP
    49152-65535 TCP
    5222 TCP Google Push-Notifications
    5223 UDP
    5228 TCP
    VOIP 5060 UDP SIP/RTP
    7070-7089 UDP
    VPN 1194 TCP OpenVPN
    1194 UDP
    500 UDP IPSec
    4500 UDP & ESP
    1701 UDP L2TP
    Mail 25 TCP smtp
    587 TCP
    465 TCP smtps
    110 TCP pop3
    995 TCP
    143 TCP imap
    993 TCP
    SSL interception Default Defines whether or not to intercept SSL traffic. The default value is to intercept traffic based on content filter response.
    Content-Filter-Whitelist Add entries Click box: Web pages that are to be added to a whitelist. Possible entries: Contentfilter
    Content-Filter-Blacklist Add entries Click box: Websites that are to be added to a blacklist.
    Disable for SSIDs Add SSIDs Enter WLAN SSIDs for which the security features shall be disabled.
    Disable for IP addresses Add IPs IP addresses or networks can be entered for which the security functions are to be deactivated, i.e. the individual host 192.0.2.192/32 or the entire subnet 192.0.2.0/24. For address blocks with less than three digits, a dot must be entered or navigated within the mask using the cursor keys.
    Allow Suspend Always-On-VPN    Allows the user to temporary disable the VPN-Connection. If not activated manually, the VPN will resume at a time chosen by the user.

    Appconfiguration
    Allow other VPN profiles    Allows adding other VPN profiles in addition to the security profile


      Save





    Shared devices

    Shared devices

    Shared devices

    Information that can be displayed on the login screen and lock screen.
    Devices used by different people Shared device in Apple terminology can thus display accessible information for everyone (e.g. an inventory number).

    Die Seite Vorlage:Ui-icon.css hat keinen Inhalt.




























    The values are taken from the user settings of the user to whom the respective device is assigned
    * Description: Example
    %device_user_username%
    %device_user%
    $username$
    Username mmueller
    %device_email%
    $emailaddress$
    Email address mmueller@ttt-point.de
    %device_user_firstname%
    $firstname$
    First name Markus
    %device_user_lastname%
    $lastname$
    Last name Mueller
    %device_user_name%
    $name$
    First name and surname Markus Mueller
    %variable1%
    $variable1$
    custom value
    %variable2%
    $variable2$
    custom value
    %variable3%
    $variable3$
    custom value
    %device_name%
    $device_name$

  • %device_alias%
    $device_alias$




  • caption: Default Description:
    Activate configuration    After setting this, you can set the shared device configuration. The Shared Device Configuration Payload allows you to specify optional text displayed on the login window and lock screen (i.e. a ”If Lost, Return To” message and Asset Tag Information). It is supported on iOS 9.3 and later.
    Lockscreen footnote     Optional. A footnote displayed on the login window and lock screen.
    Asset Tag Information     Optional. Asset tag information for the device, displayed on the login window and lock screen.

      Save