Jump to:navigation, search
Wiki
































Userenrollment

De.png
En.png
Fr.png






Managing iOS profiles with the User Enrollment type in the Mobile Security Portal
Last adaption: 05.2023 (v1.15)
New:
notempty
This article refers to a Resellerpreview

Verwendung des Profiltyps Benutzerregistrierung

Dieser Profil-Typ dient dazu auf privaten iOS- bzw. iPadOS-Geräten kostenpflichtige Apps, die durch eine Organisation bereit gestellt werden, zu installieren.
Hierzu sind verwaltete Apple IDs erforderlich.
Eine Anleitung dazu befindet sich im Wiki-Artikel zum User-Enrollment



  • Android devices are administered with Android Enterprise Profiles.

  • Preamble

    In a profile permissions, restrictions, password requirements, email settings and security settings are configured.

    Several users or user groups (roles) can be assigned to a profile.
    Several devices or device groups (devices designated by tags) can be assigned to a profile.

    notempty

    For a large number of devices and users it is recommended to map the assignment via groups.



    Overview of profile management

    Overview of profile management

    In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.




    General Options

    Name Sorts the tiles by profile name
    Priority Sorts the tiles according to the priority of the profile
    Ascending Sorts the tiles in ascending or descending order according to the selected criterion
    Search Filters on profile tiles that contain the search text
     Add profile Creates a new profile. The settings in the profile vary depending on the operating system.
      Users Existing profiles that were previously exported from the Secuerepoint Mobile Security Portal can be imported here
      Paste Inserts a copy of a profile from the clipboard
    Show / hide details: For a large number of profiles, it can be useful to hide the most important details for clarity.
    / Switch between lists and grid view
    Refreshes the display



    Profile tile

    MSP v1.5.7 Profil Kachel-en.png
    Profile tile
    The button at the top right of each profile tile provides the following options:
     Edit Editing the settings (see below)
      Copy Copying the profile to the clipboard
      Export Exporting the settings
      Delete The profile is deleted
    Details displayed in the profile tile:
    Updated Changes have been made to the profile that have not yet been published!
    Partially installed Not all subprofiles were able to be installed

    iOS profile

      Type Profile type (see below)
      Roles Roles
      Users User
     Devices Devices
      tags Tags
      Parts Listing of the sub-profiles that make up the complete Mobile Security Profile.




    Copy & paste of profiles

    Click on the logo of the profile tile to mark one or more profiles In the general options, another field now appears under the filter mask:

    Action for selected items Please choose Execute the selected action with Ok
    Copy Copies one or more selected profiles to the clipboard
    Delete Deletes one or more selected profiles
      Paste Inserts a copy of a profile from the clipboard
    This also works from one tenant / customer to another as long as they are assigned to the same reseller account   AnyIdeas GmbH

    Configuration iOS profile User Enrollment




    General iOS

    General

     Add profile

    Caption Values Description MSP-iOS-Profile-Allgemein-en.png
    Tab General
    Type Device profile Standard device profile
    Shared iPad Profile that allows different users for one iPad
  • Only for devices with iPadOS
  • Apple TV profiles Profile with limited settings options. Additional settings for Apple TV
    User Enrollmant profile Profile owned by the user on which managed apps of the company can be installed
    Name Name Profile name
    Priority 5Link= The higher the number, the higher the priority. This is only used if a device is assigned to multiple profiles.
    Roles Add roles Click-Box: The profile will be assigned to all devices of all users with these roles
    Users Add users The profile will be assigned to all devices from these users
    Devices Add devices The profile will be assigned to these devices
    Tags Add tags The profile will be assigned to all devices with these tags
    Comment Comment Comment




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter





    Restrictions

    Restrictions

    Configuration by clicking on Activate restrictions

    Numerous restrictions can be configured to control the behavior of a device.

       List of possible restrictions with default values and explanations



    General restrictions
    General restrictions
    Table-check.png





    Restriction Default Explanation
    Demo-Dev-Einschränkung '    Sollte nur im devWiki angezeigt werden
    Allow automatic unlocking '    If set to false, the automatic unlocking is disabled
    Allow cloud address book '    If set to false, the cloud address book will be disabled
    Allow cloud bookmarks '    If set to false, cloud bookmarks will be disabled
    Allow cloud calendar '    If set to false, the cloud calendar will be disabled
    Allow cloud desktop & documents '    If set to false, cloud desktop and documents will be disabled
    Allow cloud mail '    If set to false, cloud mail will be disabled
    Allow cloud notes '    If set to false, cloud notes will be disabled
    Allow cloud reminders '    If set to false, cloud reminders will be disabled
    Allow content caching '    If set to false, content caching will be disabled
    Allow iTunes file sharing '    If set to false, iTunes file sharing will be disabled
    Allow automatic screen saver '    Allow automatic screen saver
    Allow lock screen ControlCenter '    If set to false, the ControlCenter is disabled for the lock screen
    Allow lock screen notifications to display '    If set to false, the notification preview of the lock screen will be disabled
    Allow lock screen view today '    If set to false, today's lock screen view will be disabled
    Allow to write unmanaged contacts '    If set to false, writing unmanaged contacts will be disabled
    Allow unmanaged reading of managed contacts '    These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app
    Allow OTAPKI updates '    If set to false, OTAPKI updates are disabled
    Allow temporary session of the shared device '    If set to false, the temporary session of the shared device is disabled
    Force password for outgoing AirPlay requests ' If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password
    Force encrypted backups ' Force encrypted backups
    Limit ad tracking ' If set to true, ad tracking will be restricted
    Dictation only ' If set to true, connections to Siri servers for dictation are disabled
    Force WLAN Allowlist ' Join Wi-Fi networks installed by profiles only
    Allow QuickPath keyboard Default:    If set to inactive, the QuickPath keyboard is disabled
    Allow network access for files Default:    If inactive, the connection to network drives is prevented in the file app
    Allow USB drive for files Default:    When inactive, it prevents the File app from connecting to connected USB devices
    Allow Find My Device Default:    When inactive, Find My Device is disabled in the Find my App
    Allow Find My Friends Default:    When inactive, Find My Friends is disabled in the Find My app
    Force WiFi activation Default: If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use.
    Allow trusting enterprise apps Default:    Required for future implementations
    Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
      
    Allow screenshots and screen recording Default:    Allows the user to take screenshots or screen recordings
    Allow Apple Music Default:    If set to false, Apple Music will be disabled in the Music app
    Allow iTunes Radio Default:    If set to false, iTunes Radio will be disabled in the Music app
    Allow shared stream Default:    If set to false, the shared stream is disabled
    Allow Wallet while locked Default:    If set to false, wallet notifications will not be shown on the lock screen
    Allow use of News Default:    Allows the user to access and use News
    Allow modifying bluetooth settings Default:    Allow modifying bluetooth settings
    Allow modifying cellular data usage for app settings Default:    If set to false, the mobile data uses for app settings cannot be changed
    Allow modifying device name Default:    Allows the user to change device names
    Allow automatic sync while roaming Default:    Allows automatic synchronization during roaming
    Allow iCloud sync for managed apps Default:    Allows iCloud synchronization for managed apps
    Allow enterprise books backup Default:    Allows enterprise books to be backed up
    Allow enterprise books and highlights to sync Default:    Allows enterprise books to synchronize notes and highlights
    Allow email privacy '   
    Allow In App purchases Default:    Allows the user to make purchases within applications
    Allow multiplayer gaming Default:    Allows multiplayer gaming
    Allow voice dialing while device is locked Default:    Allows voice dialing while device is locked
    Force Apple Watch wrist detection Default: Forces Apple watch wrist detection
    Allow pairing with Apple Watch Default:    Allows pairing with Apple Watch
    Allow Internet results in Spotlight Default:    If set to false, search results from the web will not be shown in Spotlight
    Allow user to accept untrusted TLS certificates Default:    Allows user to accept untrusted TLS certificates
    Allow Photo Stream Default:    Allows Photo Stream to be used on the device
    Allow iCloud Photo Library Default:    Allows iCloud photo library to be used on the device
    Allow iCloud backup Default:    Allows backup using iCloud
    Allow personalized advertising Default:    When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later.
    Requires iTunes password for all purchases Default: Requires the user's iTunes password to be entered for every purchase
    Apps ranking number 1000Link= Ranking number for apps
    Movies ranking number 1000Link= Ranking number for movies
    TV Shows ranking number 1000Link= Ranking number for TV Shows
    Region code Germany Two-character code for the region used to specify ratings
    Accept cookies in Safari Never Accept cookies:
    Does not accept cookies
    From current website only (iOS 8) or visited sites (pre-iOS 8) Depending on iOS version:
    from iOS 8: Only from current website
    from iOS 8: Only from visited pages
    From websites I visited Accepts cookies from all visited websites
    Always Accepts all cookies
    Allow JavaScript Default:    AllowS JavaScript in Safari
    Allow Pop-ups Default:    AllowS Pop-ups in Safari
    Enable fraud warning Default: Enables fraud warning in Safari
    Force translation on the device only ' When this option is enabled, the device does not connect to Siri servers for translation purposes
    Allow unmanaged documents in managed apps Default:    Allows managed apps to access unmanaged documents
    Allow managed documents in unmanaged apps Default:    Allows unmanaged apps to access managed documents
    Managed clipboard required ' When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints.
    Treat AirDrop as unmanaged destination Default:
  • When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
  • Allows Handoff Default:    If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
    Allow Touch ID/Face ID for unlocking Default:    Allows touch ID/Face ID to unlock device
    Fingerprint timeout '     The time after which unlocking the fingerprint requires a password for authentication.
    Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week
    Allow modifying notification settings Default:    Allows modifying notification settings
    Allow incoming AirPlay requests Default:    Allows incoming AirPlay requests
    Allow pairing with Remote app Default:    Allows pairing with Remote app
    Allow dictation Default:    Allows dictation
    Allow camera use Default:    Allows the user to use the camera
    Allow Siri Default:    Allows Siri
    Allow Siri while locked Default:    Allows Siri while device is locked
    Allow Siri user generated content Default:    When inactive, it prevents Siri from querying requests with user-generated content
    Allow modifying Touch ID/Face ID Default:    The user is allowed to change the Touch ID/Face ID
    Allow diagnostic submission Default:    Send diagnostic and usage stats to Apple
    Allow modifying diagnostics settings Default:    The user is allowed to change the diagnostic settings


    Table-check.png





    Restriction Default Explanation
    Demo-Dev-Einschränkung '    Sollte nur im devWiki angezeigt werden
    Allow automatic unlocking '    If set to false, the automatic unlocking is disabled
    Allow cloud address book '    If set to false, the cloud address book will be disabled
    Allow cloud bookmarks '    If set to false, cloud bookmarks will be disabled
    Allow cloud calendar '    If set to false, the cloud calendar will be disabled
    Allow cloud desktop & documents '    If set to false, cloud desktop and documents will be disabled
    Allow cloud mail '    If set to false, cloud mail will be disabled
    Allow cloud notes '    If set to false, cloud notes will be disabled
    Allow cloud reminders '    If set to false, cloud reminders will be disabled
    Allow content caching '    If set to false, content caching will be disabled
    Allow iTunes file sharing '    If set to false, iTunes file sharing will be disabled
    Allow automatic screen saver '    Allow automatic screen saver
    Allow lock screen ControlCenter '    If set to false, the ControlCenter is disabled for the lock screen
    Allow lock screen notifications to display '    If set to false, the notification preview of the lock screen will be disabled
    Allow lock screen view today '    If set to false, today's lock screen view will be disabled
    Allow to write unmanaged contacts '    If set to false, writing unmanaged contacts will be disabled
    Allow unmanaged reading of managed contacts '    These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app
    Allow OTAPKI updates '    If set to false, OTAPKI updates are disabled
    Allow temporary session of the shared device '    If set to false, the temporary session of the shared device is disabled
    Force password for outgoing AirPlay requests ' If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password
    Force encrypted backups ' Force encrypted backups
    Limit ad tracking ' If set to true, ad tracking will be restricted
    Dictation only ' If set to true, connections to Siri servers for dictation are disabled
    Force WLAN Allowlist ' Join Wi-Fi networks installed by profiles only
    Allow QuickPath keyboard Default:    If set to inactive, the QuickPath keyboard is disabled
    Allow network access for files Default:    If inactive, the connection to network drives is prevented in the file app
    Allow USB drive for files Default:    When inactive, it prevents the File app from connecting to connected USB devices
    Allow Find My Device Default:    When inactive, Find My Device is disabled in the Find my App
    Allow Find My Friends Default:    When inactive, Find My Friends is disabled in the Find My app
    Force WiFi activation Default: If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use.
    Allow trusting enterprise apps Default:    Required for future implementations
    Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
      
    Allow screenshots and screen recording Default:    Allows the user to take screenshots or screen recordings
    Allow Apple Music Default:    If set to false, Apple Music will be disabled in the Music app
    Allow iTunes Radio Default:    If set to false, iTunes Radio will be disabled in the Music app
    Allow shared stream Default:    If set to false, the shared stream is disabled
    Allow Wallet while locked Default:    If set to false, wallet notifications will not be shown on the lock screen
    Allow use of News Default:    Allows the user to access and use News
    Allow modifying bluetooth settings Default:    Allow modifying bluetooth settings
    Allow modifying cellular data usage for app settings Default:    If set to false, the mobile data uses for app settings cannot be changed
    Allow modifying device name Default:    Allows the user to change device names
    Allow automatic sync while roaming Default:    Allows automatic synchronization during roaming
    Allow iCloud sync for managed apps Default:    Allows iCloud synchronization for managed apps
    Allow enterprise books backup Default:    Allows enterprise books to be backed up
    Allow enterprise books and highlights to sync Default:    Allows enterprise books to synchronize notes and highlights
    Allow email privacy '   
    Allow In App purchases Default:    Allows the user to make purchases within applications
    Allow multiplayer gaming Default:    Allows multiplayer gaming
    Allow voice dialing while device is locked Default:    Allows voice dialing while device is locked
    Force Apple Watch wrist detection Default: Forces Apple watch wrist detection
    Allow pairing with Apple Watch Default:    Allows pairing with Apple Watch
    Allow Internet results in Spotlight Default:    If set to false, search results from the web will not be shown in Spotlight
    Allow user to accept untrusted TLS certificates Default:    Allows user to accept untrusted TLS certificates
    Allow Photo Stream Default:    Allows Photo Stream to be used on the device
    Allow iCloud Photo Library Default:    Allows iCloud photo library to be used on the device
    Allow iCloud backup Default:    Allows backup using iCloud
    Allow personalized advertising Default:    When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later.
    Requires iTunes password for all purchases Default: Requires the user's iTunes password to be entered for every purchase
    Apps ranking number 1000Link= Ranking number for apps
    Movies ranking number 1000Link= Ranking number for movies
    TV Shows ranking number 1000Link= Ranking number for TV Shows
    Region code Germany Two-character code for the region used to specify ratings
    Accept cookies in Safari Never Accept cookies:
    Does not accept cookies
    From current website only (iOS 8) or visited sites (pre-iOS 8) Depending on iOS version:
    from iOS 8: Only from current website
    from iOS 8: Only from visited pages
    From websites I visited Accepts cookies from all visited websites
    Always Accepts all cookies
    Allow JavaScript Default:    AllowS JavaScript in Safari
    Allow Pop-ups Default:    AllowS Pop-ups in Safari
    Enable fraud warning Default: Enables fraud warning in Safari
    Force translation on the device only ' When this option is enabled, the device does not connect to Siri servers for translation purposes
    Allow unmanaged documents in managed apps Default:    Allows managed apps to access unmanaged documents
    Allow managed documents in unmanaged apps Default:    Allows unmanaged apps to access managed documents
    Managed clipboard required ' When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints.
    Treat AirDrop as unmanaged destination Default:
  • When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
  • Allows Handoff Default:    If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
    Allow Touch ID/Face ID for unlocking Default:    Allows touch ID/Face ID to unlock device
    Fingerprint timeout '     The time after which unlocking the fingerprint requires a password for authentication.
    Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week
    Allow modifying notification settings Default:    Allows modifying notification settings
    Allow incoming AirPlay requests Default:    Allows incoming AirPlay requests
    Allow pairing with Remote app Default:    Allows pairing with Remote app
    Allow dictation Default:    Allows dictation
    Allow camera use Default:    Allows the user to use the camera
    Allow Siri Default:    Allows Siri
    Allow Siri while locked Default:    Allows Siri while device is locked
    Allow Siri user generated content Default:    When inactive, it prevents Siri from querying requests with user-generated content
    Allow modifying Touch ID/Face ID Default:    The user is allowed to change the Touch ID/Face ID
    Allow diagnostic submission Default:    Send diagnostic and usage stats to Apple
    Allow modifying diagnostics settings Default:    The user is allowed to change the diagnostic settings


    Table-check.png





    Restriction Default Explanation
    Demo-Dev-Einschränkung '    Sollte nur im devWiki angezeigt werden
    Allow automatic unlocking '    If set to false, the automatic unlocking is disabled
    Allow cloud address book '    If set to false, the cloud address book will be disabled
    Allow cloud bookmarks '    If set to false, cloud bookmarks will be disabled
    Allow cloud calendar '    If set to false, the cloud calendar will be disabled
    Allow cloud desktop & documents '    If set to false, cloud desktop and documents will be disabled
    Allow cloud mail '    If set to false, cloud mail will be disabled
    Allow cloud notes '    If set to false, cloud notes will be disabled
    Allow cloud reminders '    If set to false, cloud reminders will be disabled
    Allow content caching '    If set to false, content caching will be disabled
    Allow iTunes file sharing '    If set to false, iTunes file sharing will be disabled
    Allow automatic screen saver '    Allow automatic screen saver
    Allow lock screen ControlCenter '    If set to false, the ControlCenter is disabled for the lock screen
    Allow lock screen notifications to display '    If set to false, the notification preview of the lock screen will be disabled
    Allow lock screen view today '    If set to false, today's lock screen view will be disabled
    Allow to write unmanaged contacts '    If set to false, writing unmanaged contacts will be disabled
    Allow unmanaged reading of managed contacts '    These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app
    Allow OTAPKI updates '    If set to false, OTAPKI updates are disabled
    Allow temporary session of the shared device '    If set to false, the temporary session of the shared device is disabled
    Force password for outgoing AirPlay requests ' If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password
    Force encrypted backups ' Force encrypted backups
    Limit ad tracking ' If set to true, ad tracking will be restricted
    Dictation only ' If set to true, connections to Siri servers for dictation are disabled
    Force WLAN Allowlist ' Join Wi-Fi networks installed by profiles only
    Allow QuickPath keyboard Default:    If set to inactive, the QuickPath keyboard is disabled
    Allow network access for files Default:    If inactive, the connection to network drives is prevented in the file app
    Allow USB drive for files Default:    When inactive, it prevents the File app from connecting to connected USB devices
    Allow Find My Device Default:    When inactive, Find My Device is disabled in the Find my App
    Allow Find My Friends Default:    When inactive, Find My Friends is disabled in the Find My app
    Force WiFi activation Default: If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use.
    Allow trusting enterprise apps Default:    Required for future implementations
    Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple)
      
    Allow screenshots and screen recording Default:    Allows the user to take screenshots or screen recordings
    Allow Apple Music Default:    If set to false, Apple Music will be disabled in the Music app
    Allow iTunes Radio Default:    If set to false, iTunes Radio will be disabled in the Music app
    Allow shared stream Default:    If set to false, the shared stream is disabled
    Allow Wallet while locked Default:    If set to false, wallet notifications will not be shown on the lock screen
    Allow use of News Default:    Allows the user to access and use News
    Allow modifying bluetooth settings Default:    Allow modifying bluetooth settings
    Allow modifying cellular data usage for app settings Default:    If set to false, the mobile data uses for app settings cannot be changed
    Allow modifying device name Default:    Allows the user to change device names
    Allow automatic sync while roaming Default:    Allows automatic synchronization during roaming
    Allow iCloud sync for managed apps Default:    Allows iCloud synchronization for managed apps
    Allow enterprise books backup Default:    Allows enterprise books to be backed up
    Allow enterprise books and highlights to sync Default:    Allows enterprise books to synchronize notes and highlights
    Allow email privacy '   
    Allow In App purchases Default:    Allows the user to make purchases within applications
    Allow multiplayer gaming Default:    Allows multiplayer gaming
    Allow voice dialing while device is locked Default:    Allows voice dialing while device is locked
    Force Apple Watch wrist detection Default: Forces Apple watch wrist detection
    Allow pairing with Apple Watch Default:    Allows pairing with Apple Watch
    Allow Internet results in Spotlight Default:    If set to false, search results from the web will not be shown in Spotlight
    Allow user to accept untrusted TLS certificates Default:    Allows user to accept untrusted TLS certificates
    Allow Photo Stream Default:    Allows Photo Stream to be used on the device
    Allow iCloud Photo Library Default:    Allows iCloud photo library to be used on the device
    Allow iCloud backup Default:    Allows backup using iCloud
    Allow personalized advertising Default:    When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later.
    Requires iTunes password for all purchases Default: Requires the user's iTunes password to be entered for every purchase
    Apps ranking number 1000Link= Ranking number for apps
    Movies ranking number 1000Link= Ranking number for movies
    TV Shows ranking number 1000Link= Ranking number for TV Shows
    Region code Germany Two-character code for the region used to specify ratings
    Accept cookies in Safari Never Accept cookies:
    Does not accept cookies
    From current website only (iOS 8) or visited sites (pre-iOS 8) Depending on iOS version:
    from iOS 8: Only from current website
    from iOS 8: Only from visited pages
    From websites I visited Accepts cookies from all visited websites
    Always Accepts all cookies
    Allow JavaScript Default:    AllowS JavaScript in Safari
    Allow Pop-ups Default:    AllowS Pop-ups in Safari
    Enable fraud warning Default: Enables fraud warning in Safari
    Force translation on the device only ' When this option is enabled, the device does not connect to Siri servers for translation purposes
    Allow unmanaged documents in managed apps Default:    Allows managed apps to access unmanaged documents
    Allow managed documents in unmanaged apps Default:    Allows unmanaged apps to access managed documents
    Managed clipboard required ' When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints.
    Treat AirDrop as unmanaged destination Default:
  • When activated, protected (managed) data is prevented from leaving the device unauthorized by Airdrop.
  • Allows Handoff Default:    If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device.
    Allow Touch ID/Face ID for unlocking Default:    Allows touch ID/Face ID to unlock device
    Fingerprint timeout '     The time after which unlocking the fingerprint requires a password for authentication.
    Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week
    Allow modifying notification settings Default:    Allows modifying notification settings
    Allow incoming AirPlay requests Default:    Allows incoming AirPlay requests
    Allow pairing with Remote app Default:    Allows pairing with Remote app
    Allow dictation Default:    Allows dictation
    Allow camera use Default:    Allows the user to use the camera
    Allow Siri Default:    Allows Siri
    Allow Siri while locked Default:    Allows Siri while device is locked
    Allow Siri user generated content Default:    When inactive, it prevents Siri from querying requests with user-generated content
    Allow modifying Touch ID/Face ID Default:    The user is allowed to change the Touch ID/Face ID
    Allow diagnostic submission Default:    Send diagnostic and usage stats to Apple
    Allow modifying diagnostics settings Default:    The user is allowed to change the diagnostic settings


    Classroom-App
    Classroom-App

    The Classroom App is available free of charge in the App-Store and offers possibilities for use in school classes.
    Important restrictions can be configured here.

    Table-check.png


    Restriction Default Explanation
    Allow remote screen monitoring Default: If not allowed, remote screen monitoring is disabled by the Classroom app. When screenshots are disabled, the Classroom app does not observe remote screens.
    Force courses to be joined automatically Default: If enforced, the instructor's requests are automatically accepted without prompting the student.
    Force permission to leave classes Default: If enforced, a student enrolled in an unmanaged course through Classroom must ask the instructor for permission to leave the course.
    Force app and device lock Default: If enforced, the teacher can lock apps or the device without prompting the student.
    Force screen monitoring Default: When enforced and remote screen monitoring is allowed, a student enrolled in a managed course through the classroom app automatically grants permission to watch the screen without being prompted.


    Restrictions for supervised devices
    Restrictions for supervised devices

    A range of restrictions is only available for devices in the Supervised embedding mode.


    Table-check.png







    Restrictions Default Explanation
    Restrict app use Default: Allow all apps
    Do not allow certain apps
    Allow only certain apps
    Configures whether no restriction,
    a blacklist or
    a whitelist is used for apps. supervised devices only
    Blocked apps
    Allowlisted Apps
    ×Click box for app selection Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps
    Searches the entire App Store for possible apps. supervised devices only
     Add system apps If the selection is limited to Allowed apps, all system apps can be added to the click box.
    The system apps can then be removed individually. supervised devices only
    Allow AirDrop '    If set to false, AirDrop will be disabled supervised devices only
    Allow AirPrint '    If set to false, AirPrint will be disabled supervised devices only
    Allow saving AirPrint credentials '    If set to false, the storage of AirPrint credentials is disabled supervised devices only
    Allow AirPrint iBeacon detection '    If set to false, AirPrint iBeacon detection will be disabled supervised devices only
    Allow change of mobile tariff '    If set to false, the change of the mobile tariff will be disabled supervised devices only

    non

    Allow cloud keychain synchronization '    If set to false, cloud keychain synchronization is disabled supervised devices only
    Allow private cloud relay '    If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only
    Allow eSIM changes '    If set to false, the eSIM change will be disabled
    Allow access to files on USB drive '    If set to false, access to the files USB drive is disabled supervised devices only
    Allow change to find my friends '    If set to false, the modification will be disabled for find my friends supervised devices only
    Allow host pairing '    If set to false, host pairing is disabled supervised devices only
    Allow NFC '    If set to false, NFC will be disabled supervised devices only
    Allow auto-complete password '    If set to false, the auto-completion of the password will be disabled supervised devices only
    Allow device to enter sleep mode Default:    If set to false, the hibernation of the device is disabled supervised devices only
    Allow requests for password proximity '    If set to false, password proximity requests are disabled supervised devices only
    Allow password sharing '    If set to false, password sharing will be disabled supervised devices only
    Allow change of personal hotspot '    If set to false, the change of the personal hotspot will be disabled supervised devices only
    Allow Podcasts '    If set to false, podcasts will be disabled supervised devices only
    Allow proximity settings for new device '    If set to false, the proximity set-up for the new device will be disabled supervised devices only
    Allow removal of system apps '    If set to false, the removal of system apps is disabled supervised devices only
    Allow non-paired external boot for recovery '    If set to false, unpaired external booting for recovery is disabled supervised devices only
    Allow restricted USB mode '    If set to false, the restricted USB mode will be disabled supervised devices only
    Allow VPN creation '    If set to false, VPN creation will be disabled supervised devices only
    Allowed apps in single app mode Choose application Allowed apps in single app mode supervised devices only
    Force AirPrint Trusted TLS Requirement ' If set to true, AirPrint enforces the trusted TLS request supervised devices only
    Enforce authentication before autofill ' If set to true, authentication is enforced before autofilling supervised devices only
    Force automatic date and time ' If set to true, the date and time are automatically enforced supervised devices only
    Force WLAN to approved networks only ' If set to true, WLAN is forced only on allowed networks supervised devices only
    Allow account modification Default:    If inactive, account modification will be disabled.
    This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps.


    iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. supervised devices only

    Allow app removal Default:    Allows the user to remove apps supervised devices only
    Allow explicit content Default:    Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only
    Allow use of iMessage Default:    Allow use of iMessage supervised devices only
    Allow iBookstore Default:    Supervised only. If disabled, iBookstore will be disabled supervised devices only
    Allow erotica in the iBookstore Default:    Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only
    Allow use of iTunes Default:    Allow the user to access and use iTunes supervised devices only
    Allow use of Safari Default:    Allows the user to use Safari supervised devices only
    Allow Game Center Default:    Allow Game Center
    Allow adding Game Center friends Default:    Allow the user to add friends to the Game Center supervised devices only
    Allow modifying wallpaper Default:    Allow changing the background image supervised devices only</smMS/deployment/profile.langall>
    Permit configuration of the screen time Default:    Allow configuration restrictions supervised devices only
    Allow iCloud document sync Default:    Allow document synchronization with iCloud supervised devices only
    Allow auto-fill in Safari Default:    Allows autocomplete in Safari browser supervised devices only
    Allow predictive keyboard. Default:    Allow predictive keyboard. supervised devices only
    Allow keyboard shortcuts. Default:    Allow keyboard shortcuts. supervised devices only
    Allow autocorrect. Default:    Allow autocorrect. supervised devices only
    Allow correction help. Default:    Allow correction help. supervised devices only
    Allow definition. Default:    Allow definition. supervised devices only
    Allow video conferencing Default:    Allow video conferencing supervised devices only
    Enable Siri profanity filter Default: Enables Siri profanity filter. supervised devices only
    Allow app installation from Apple Configurator and iTunes Default:    Allow only a connected Mac host to install applications supervised devices only
    Allow automatic app downloads Default:    Allows automatic app downloads supervised devices only
    Allow app installation from the app store Default:    Allow the user to install applications supervised devices only
    Allow modifying passcode Default:    Allow changing the passcode supervised devices only
    Allow UI configuration profile installation Default:    If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only
    Allow erase all content and settings Default:    If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only
    Allow app clips Default:    When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only
    Force delayed app updates Default: If set to true, delayed app updates are forced supervised devices only
    Force delayed software updates Default: When active, user visibility of software updates is delayed. supervised devices only
    Software Update Delay in days Default: 30Link= With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only





    Table-check.png







    Restrictions Default Explanation
    Restrict app use Default: Allow all apps
    Do not allow certain apps
    Allow only certain apps
    Configures whether no restriction,
    a blacklist or
    a whitelist is used for apps. supervised devices only
    Blocked apps
    Allowlisted Apps
    ×Click box for app selection Depending on the selection in the line above: Blacklisted Apps / Whitelisted Apps
    Searches the entire App Store for possible apps. supervised devices only
     Add system apps If the selection is limited to Allowed apps, all system apps can be added to the click box.
    The system apps can then be removed individually. supervised devices only
    Allow AirDrop '    If set to false, AirDrop will be disabled supervised devices only
    Allow AirPrint '    If set to false, AirPrint will be disabled supervised devices only
    Allow saving AirPrint credentials '    If set to false, the storage of AirPrint credentials is disabled supervised devices only
    Allow AirPrint iBeacon detection '    If set to false, AirPrint iBeacon detection will be disabled supervised devices only
    Allow change of mobile tariff '    If set to false, the change of the mobile tariff will be disabled supervised devices only

    non

    Allow cloud keychain synchronization '    If set to false, cloud keychain synchronization is disabled supervised devices only
    Allow private cloud relay '    If set to disabled, iCloud Private Relay will be disabled Devicesupervised devices only
    Allow eSIM changes '    If set to false, the eSIM change will be disabled
    Allow access to files on USB drive '    If set to false, access to the files USB drive is disabled supervised devices only
    Allow change to find my friends '    If set to false, the modification will be disabled for find my friends supervised devices only
    Allow host pairing '    If set to false, host pairing is disabled supervised devices only
    Allow NFC '    If set to false, NFC will be disabled supervised devices only
    Allow auto-complete password '    If set to false, the auto-completion of the password will be disabled supervised devices only
    Allow device to enter sleep mode Default:    If set to false, the hibernation of the device is disabled supervised devices only
    Allow requests for password proximity '    If set to false, password proximity requests are disabled supervised devices only
    Allow password sharing '    If set to false, password sharing will be disabled supervised devices only
    Allow change of personal hotspot '    If set to false, the change of the personal hotspot will be disabled supervised devices only
    Allow Podcasts '    If set to false, podcasts will be disabled supervised devices only
    Allow proximity settings for new device '    If set to false, the proximity set-up for the new device will be disabled supervised devices only
    Allow removal of system apps '    If set to false, the removal of system apps is disabled supervised devices only
    Allow non-paired external boot for recovery '    If set to false, unpaired external booting for recovery is disabled supervised devices only
    Allow restricted USB mode '    If set to false, the restricted USB mode will be disabled supervised devices only
    Allow VPN creation '    If set to false, VPN creation will be disabled supervised devices only
    Allowed apps in single app mode Choose application Allowed apps in single app mode supervised devices only
    Force AirPrint Trusted TLS Requirement ' If set to true, AirPrint enforces the trusted TLS request supervised devices only
    Enforce authentication before autofill ' If set to true, authentication is enforced before autofilling supervised devices only
    Force automatic date and time ' If set to true, the date and time are automatically enforced supervised devices only
    Force WLAN to approved networks only ' If set to true, WLAN is forced only on allowed networks supervised devices only
    Allow account modification Default:    If inactive, account modification will be disabled.
    This option prevents, for example, the creation of another Apple account, which could then be used to install additional apps.


    iOS can only activate this restriction for all accounts. This also means that changing a password for an Exchange account is no longer possible. supervised devices only

    Allow app removal Default:    Allows the user to remove apps supervised devices only
    Allow explicit content Default:    Allows the user to access explicit content. When activated, the SafeSearch function is switched off by Safari. supervised devices only
    Allow use of iMessage Default:    Allow use of iMessage supervised devices only
    Allow iBookstore Default:    Supervised only. If disabled, iBookstore will be disabled supervised devices only
    Allow erotica in the iBookstore Default:    Supervised only. If disabled, the user will not be able to download media from the iBookstore marked as erotica supervised devices only
    Allow use of iTunes Default:    Allow the user to access and use iTunes supervised devices only
    Allow use of Safari Default:    Allows the user to use Safari supervised devices only
    Allow Game Center Default:    Allow Game Center
    Allow adding Game Center friends Default:    Allow the user to add friends to the Game Center supervised devices only
    Allow modifying wallpaper Default:    Allow changing the background image supervised devices only</smMS/deployment/profile.langall>
    Permit configuration of the screen time Default:    Allow configuration restrictions supervised devices only
    Allow iCloud document sync Default:    Allow document synchronization with iCloud supervised devices only
    Allow auto-fill in Safari Default:    Allows autocomplete in Safari browser supervised devices only
    Allow predictive keyboard. Default:    Allow predictive keyboard. supervised devices only
    Allow keyboard shortcuts. Default:    Allow keyboard shortcuts. supervised devices only
    Allow autocorrect. Default:    Allow autocorrect. supervised devices only
    Allow correction help. Default:    Allow correction help. supervised devices only
    Allow definition. Default:    Allow definition. supervised devices only
    Allow video conferencing Default:    Allow video conferencing supervised devices only
    Enable Siri profanity filter Default: Enables Siri profanity filter. supervised devices only
    Allow app installation from Apple Configurator and iTunes Default:    Allow only a connected Mac host to install applications supervised devices only
    Allow automatic app downloads Default:    Allows automatic app downloads supervised devices only
    Allow app installation from the app store Default:    Allow the user to install applications supervised devices only
    Allow modifying passcode Default:    Allow changing the passcode supervised devices only
    Allow UI configuration profile installation Default:    If set to false, the user is prohibited from installing configuration profiles and certificates interactively supervised devices only
    Allow erase all content and settings Default:    If disabled, the user cannot select the "Clear all content and settings" option in Settings > General > Reset supervised devices only
    Allow app clips Default:    When this option is disabled, a user cannot add app clips and remove existing app clips on the device. Available in iOS 14.0 and later. supervised devices only
    Force delayed app updates Default: If set to true, delayed app updates are forced supervised devices only
    Force delayed software updates Default: When active, user visibility of software updates is delayed. supervised devices only
    Software Update Delay in days Default: 30Link= With this restriction, the administrator can specify by how many days a software or app update is delayed on the device. With this restriction, the user will not see a software update until the specified number of days after the software update release date. supervised devices only







    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter




    Passcode

    Passcode

    Configuration by clicking on Activate Passcode


    Operation Default Description MSP-iOS-Profile-Passwort-en.png
    Settings passcode
    Request passcode on the device Enforces the use of a passcode before using the device
    Set maximum number of failed attempts

    Number of passcode entry attempts allowed before all data on device will be erased

      
    Maximum number of failed attempts 11Link=

    Set auto-lock

      

    The number of minutes for which the device can be idle (without being unlocked by the user) before it gets locked by the system

    Automatic lock after 15Link= minutes

    Set maximum passcode age

      

    The number of days for which the passcode can remain unchanged 730Link=
    Restrict password complexity Allows restricting password complexity
      
    Allow simple value    Permits the use of repeating, ascending, and descending character sequences
    Require alphabetic value Passcodes must contain at least one letter
    Minimum number of complex characters 0Link= Smallest number of non-alphanumeric characters allowed
    Minimum passcode length 0Link= Smallest allowed number of characters in passcode
    Use passcode history Allows defining the number of different passcodes required between the reuse of passcodes
      
    Passcode history 1Link= Number of unique passcodes required between passcode reuse
    Use grace period for device lock Allows defining the maximum time in minutes to unlock the phone
      
    Grace period for device lock -1Link= The maximum grace period, in minutes, to unlock the phone without entering a passcode.
    The default value -1Link= predetermines iOS to not apply a time limit




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter




    Apps

    Apps

    Caption Value Description MSP-iOS-Profile-Apps-en.png
    Apps & Web clips
    Apps DieMaus Selected apps previously created in the   Apps menu will be installed on the assigned devices
    Web clips Securepoint Wiki (https://wiki.securepoint.de) The Web Clips are web sites that can be viewed and accessed like a standalone application.

    Selected web clips are installed on the assigned devices.
    No licenses are required for Web clips.

    App-Lock (Kiosk mode)
    App-Lock (Kiosk mode)

    The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.

    Activate configuration   

    Table-check.png
    Caption Default Description MSP-iOS-Profile-Apps-App-Lock-en.png
    App-Lock (Kiosk mode)
    Bundle ID Default: Enter ID The bundle ID of the application. WARNING: Entering an unknown bundle ID can cause problems

    Options
    Disable touch Default: If true, the touch screen is disabled
    Disable device rotation Default: If active, device rotation detection is disabled
    Disabling the volume keys Default: When active, the volume keys are disabled
    Deactivating bell switch Default: When active, the ringtone switch is disabled
    Disable sleep wake button Default: When active, the sleep / wake button is disabled
    Disable auto lock Default:
    Activate Voice-Over Default: If active, voice over is enabled
    Activate zoom Default: When active, zoom is enabled
    Enable inverting colors Default: If active, invert colors is enabled
    Enable AssistiveTouch Default: When active, AssistiveTouch is enabled
    Enable language selection Default: If active, the language selection is enabled.
    Enable mono audio Default: When active, mono audio is enabled

    User Enabled Options
    Voice-Over Default: If active, VoiceOver customization is allowed
    Zoom Default: If active, the zoom setting is allowed
    Invert colors Default: If active, the colors invert setting is allowed
    AssistiveTouch Default: If active, AssistiveTouch customization is allowed




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter



    Networks

    Networks

    In this section, access profiles for WiFi networks can be configured and pushed to the device.

    Add a network configuration with


    Network configurations
    Caption Values Description MSP v1.5.7 Profile Netzweke-en.png
    Network configurations
    Name Name Name of the configuration
    Type WiFi Configuration type (WiFi predefined)
    SSID SSID The SSID of the network
    Security Security level of the network key
    None No security
    WEP-PSK Insecure
    WPA-PSK Secure
    Password Password The networks passphrases. Hidden with placeholders.
    shows the password in plain text.
    Hidden SSID Specifies whether the SSID of the network is visible or hidden   .
    Autoconnect Enable for the device to automatically connect to the network.
    Deaktiviere MAC Randomisierung Bei Aktivierung identifizieren sich die Geräte stets mit der gleichen MAC-Adresse in einem Netzerk. Kann vom Benutzer nicht geändert werden.
    Diese Funktion zeigt auch eine Datenschutzwarnung in den Einstellungen an, dass das Netzwerk einen eingeschränkten Datenschutz hat.
    Dieser Wert wird nur gesperrt, wenn das Profil über ein MDM installiert wird.
    Wird der Wert z.B. mit dem Apple Configurator 2 festgelegt, kann er vom Benutzer geändert werden.
      
    EAP-Client / WPA2 Enterprise
    Use EAP Client When activated, the EAP client, the WPA2 Enterprise can be used MS 1.12 iOS Profile Netzwerke EAP-Client-en.png
    EAp Types Select EAP Types The EAP type is selected. Several types can be selected.
    The choices are:
    Payload Certificate Anchor UUID     The certificate that is handed to the server by the client as authentication when logging on to the WLAN.
    Apple: An array of the UUID of a certificate payload to trust for authentication
      
    MS 1.12 iOS Profile Netzwerke EAP-Client-TLS-en.png
    System Mode Credentials Source     The server for the system mode credentials
    Use Open Directory credentials When activated, logging in through Open Directory is possible
    Allow two-factor authentication Two-factor authentication is possible when activated
    Max. TLS Version 1.2
    default
    The maximum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Min. TLS Version 1.0
    default
    The minimum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Trusted certificates     The certificates that are to be trusted are entered
    Trusted server names     The names of the servers that are to be trusted are entered
    One time user password If activated, the user will be prompted to enter the password each time they connect MS 1.12 iOS Profile Netzwerke EAP-Client-LEAP-en.png
    Payload Certificate Anchor UUID     The certificate that is handed to the server by the client as authentication when logging on to the WLAN.
    Apple: An array of the UUID of a certificate payload to trust for authentication
      
    System Mode Credentials Source     The server for the system mode credentials
    Use Open Directory credentials When activated, logging in through Open Directory is possible
    Allow two-factor authentication Two-factor authentication is possible when activated
    Trusted certificates     The certificates that are to be trusted are entered
    Trusted server names     The names of the servers that are to be trusted are entered
    Username     Username of the account for the server
    Password     Password of the account for the server
    EAP SIM Number Of RANDs 3
    default
    The number of EAP SIMs of the RANDs is selected MS 1.12 iOS Profile Netzwerke EAP-Client-EAP-SIM-en.png
    Payload Certificate Anchor UUID     The certificate that is handed to the server by the client as authentication when logging on to the WLAN.
    Apple: An array of the UUID of a certificate payload to trust for authentication
      
    System Mode Credentials Source     The server for the system mode credentials
    Use Open Directory credentials When activated, logging in through Open Directory is possible
    Allow two-factor authentication Two-factor authentication is possible when activated
    Trusted certificates     The certificates that are to be trusted are entered
    Trusted server names     The names of the servers that are to be trusted are entered
    One time user password If activated, the user will be prompted to enter the password each time they connect MS 1.12 iOS Profile Netzwerke EAP-Client-TTLS-en.png
    Outer Identity     A name that hides the user's true name
    Payload Certificate Anchor UUID     The certificate that is handed to the server by the client as authentication when logging on to the WLAN.
    Apple: An array of the UUID of a certificate payload to trust for authentication
      
    System Mode Credentials Source     The server for the system mode credentials
    Use Open Directory credentials When activated, logging in through Open Directory is possible
    Allow two-factor authentication Two-factor authentication is possible when activated
    Max. TLS Version 1.2
    default
    The maximum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Min. TLS Version 1.0
    default
    The minimum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Trusted certificates     The certificates that are to be trusted are entered
    Trusted server names     The names of the servers that are to be trusted are entered
    TTLS Inner Authentication MSCHAPv2 The inner authentication of TTLS is selected.
    The choices are:
    • PAP
    • EAP
    • CHAP
    • MSCHAP
    • MSCHAPv2
    Username     Username of the account for the server
    Password     Password of the account for the server

    Payload Certificate Anchor UUID     The certificate that is handed to the server by the client as authentication when logging on to the WLAN.
    Apple: An array of the UUID of a certificate payload to trust for authentication
      
    MS 1.12 iOS Profile Netzwerke EAP-Client-EAP-AKA-en.png
    System Mode Credentials Source     The server for the system mode credentials
    Use Open Directory credentials When activated, logging in through Open Directory is possible
    Allow two-factor authentication Two-factor authentication is possible when activated
    Trusted certificates     The certificates that are to be trusted are entered
    Trusted server names     The names of the servers that are to be trusted are entered
    One time user password If activated, the user will be prompted to enter the password each time they connect MS 1.12 iOS Profile Netzwerke EAP-Client-PEAP-en.png
    Outer Identity     A name that hides the user's true name
    Payload Certificate Anchor UUID     The certificate that is handed to the server by the client as authentication when logging on to the WLAN.
    Apple: An array of the UUID of a certificate payload to trust for authentication
      
    System Mode Credentials Source     The server for the system mode credentials
    Use Open Directory credentials When activated, logging in through Open Directory is possible
    Allow two-factor authentication Two-factor authentication is possible when activated
    Max. TLS Version 1.2
    default
    The maximum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Min. TLS Version 1.0
    default
    The minimum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Trusted certificates     The certificates that are to be trusted are entered
    Trusted server names     The names of the servers that are to be trusted are entered
    Username     Username of the account for the server
    Password     Password of the account for the server
    Provision PAC PAC bereitstellen MS 1.12 iOS Profile Netzwerke EAP-Client-EAP-FAST-en.png
    Provision anonymously
    Displayed when Provision PAC is activated.
    Anonym bereitstellen
    Use existing PAC Vorhandene PAC verwenden
    One time user password If activated, the user will be prompted to enter the password each time they connect
    Outer Identity     A name that hides the user's true name
    Payload Certificate Anchor UUID     The certificate that is handed to the server by the client as authentication when logging on to the WLAN.
    Apple: An array of the UUID of a certificate payload to trust for authentication
      
    System Mode Credentials Source     The server for the system mode credentials
    Use Open Directory credentials When activated, logging in through Open Directory is possible
    Allow two-factor authentication Two-factor authentication is possible when activated
    Max. TLS Version 1.2
    default
    The maximum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Min. TLS Version 1.0
    default
    The minimum TLS version is selected.
    The choice is:
    • 1.0
    • 1.1
    • 1.2
    Trusted certificates     The certificates that are to be trusted are entered
    Trusted server names     The names of the servers that are to be trusted are entered
    Username     Username of the account for the server
    Password     Password of the account for the server

    Global HTTP proxy

    A Global HTTP proxy can be configured, for example, if devices are permanently on the same network and a local proxy is to be used on the device.
    Especially recommended for devices that only have an MDM license. These can then use, for example, the protection functions of a Securepoint UTM with web filter, etc.

    Use global HTTP proxy    Activates the global HTTP proxy
    Type Manual
    Automatic
    For a manual proxy type, the profile contains the proxy server address, including the port, and optionally a user name and password. For an auto proxy type, you can enter a PAC URL.
    Allow captive login When active, the device can bypass the proxy server to display the login page for networks with a captive portal
    Username Username The username used to authenticate to the proxy server
    Password Password The password used for authentication to the proxy server
    Server Server The network address of the proxy server
    Server port 8080Link= The port used to connect to the proxy server




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter




    Email & Exchange Active Sync

    Email & Exchange Active Sync

    Several mail accounts can be set up in the email settings.
    These settings affect IMAP or POP3 accounts.
    Settings for Exchange ActiveSync must be made in the corresponding tab!


    Email accounts  Add account
    Operation Default Description MSP v1.11 Profile iOS E-Mail-en.png
    Email settings
    Account description Account description The display name of the account (e.g. "Company Mail Account")
    Account name Account name The display name of the user (e.g. "John Appleseed")
    Variables can be used as well.



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.

  • The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AGMartin Müller | ttt-Point AG
    Email address Email address The address of the account (e.g. "john@company.com")
    The entry $emailaddress$ reads the email address from the user settings of the user to whom the device is assigned.
    Variables can be used as well.

    The entries $variable1$, $variable2$ and $variable3$ can be defined individually.



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.
  • Prevent move If set to true, messages may not be moved out of this email account into another account
    Disable email recipient synchronization If set to true, this account is excluded from address "recent" syncing
    Allow Mail drop If set to true, this account is allowed to use Mail drop
    Prevent App Sheet If set to true, this account will not be available for sending mail in third party applications
    S/MIME Enabled If set to true, this account will support S/MIME
    S/MIME signing enabled If set to true, this account will enable message signing
    S/MIME encryption enabled If set to true, this account will support message encryption
    S/MIME enable Per-Message Switch If set to true, enables the per-message encryption switch
    Incoming mails
    Operation Default Description
    Mail server Mail server Hostname or IP address
    Port 993Link= Port number for incoming mail
    Account type IMAP

    POP
    The protocol for accessing the email account
    Username Select user The username used to connect to the server for incoming emails
    Variables can be used as well.
    $emailaddress$, $username$, $variable1$, $variable2$, $variable3$



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.

  • Examples:
    • The email user name is identical to the device user name: ttt-point.local\%device_user_username%
    • The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%
    Path prefix Path prefix Path prefix for IMAP mail server
    Incoming Mail Server authentication authentication method The authentication method for the incoming mail server
    None
    Password
    CrammD5
    NTLM
    HTTPMD5
    Password Password The password for the incoming mail server
    Use SSL    Incoming email retrieval via Secure Socket Layer
    Outgoing mails
    Operation Default Description
    Mail server Mail server Hostname or IP address for outgoing email
    Port 587Link= The port number for outgoing email
    Username Select user The username used to connect to the server for outgoing mail
    Variables can be used as well. $emailaddress$, $username$, $variable1$, $variable2$, $variable3$



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.

  • Examples:
    • The email user name is identical to the device user name: ttt-point.local\%device_user_username%
    • The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%
    authentication type authentication method The authentication method for the outgoing mail server
    Password
    CrammD5
    NTLM
    HTTPMD5
    Outgoing Password: Same as incoming    SMTP authentication uses the same password as POP/IMAP server for incoming emails

    Password Password The password for the outgoing mail server
    Use SSL    Send outgoing email through Secure Socket Layer

    Exchange accounts
    Exchange accounts  Add account

    Configuration for Exchange mails retrieved via https connections

    Configuration by clicking on Activate Exchange ActiveSync }}

    Operation Default Description MSP v1.5.7 Profile iOS Exchange-en.png
    Settings Exchange ActiveSync
    Account name     The display name of the user (e.g. "John Appleseed"). Different variables can be used.



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.
  • Exchange ActiveSync Host Enter host Host name or IP address of the Exchange server
    Past days of mail to sync Synchronization period
    Use SSL    Encrypts all messages with SSL (Secure Socket layer)
    Email address Select email address The address of the account to be synchronized (e.g. "john@company.com") Variables can be used as well.

    The entries $variable1$, $variable2$ and $variable3$ can be defined individually.



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.
  • Domain\User Username Mail domain and mail user
    • The field must remain empty if the device should ask.
    • If the domain should be entered automatically, this can be configured on the server.
    • Variables can be used as well.
      $emailaddress$, $username$, $variable1$, $variable2$, $variable3$



      The values are taken from the user settings of the user to whom the respective device is assigned
      Variable name in profiles * Description Example
      $username$
      alternative names:
      %device_user%
      %device_user_username%
        
      Username jdoe
      $emailaddress$
      alternative name:
      %device_email%
        
      Email address jdoe@ttt-point.de
      $firstname$
      alternative name:
      %device_user_firstname%
        
      First name John
      $lastname$
      alternative name:
      %device_user_lastname%
        
      Last name Doe
      $name$
      alternative name:
      %device_user_name%
        
      First name and surname John Doe
      $variable1$
      alternative name:
      %variable1%
        
      custom value jdoe/ttt-point.local
      $variable2$
      alternative name:
      %variable2%
        
      custom value
      $variable3$
      alternative name:
      %variable3%
        
      custom value
      $device_name$
      alternative name:
      %device_name%
        
      Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
    • This variable can also be used in iOS profiles in the Shared device section
    • Cell phone from Markus Müller
      $device_alias$
      alternative name:
      %device_alias%
        
      Only for iOS: The alias assigned in the portal.
      If the alias is not assigned, the device_name is displayed.
    • This variable can also be used in iOS profiles in the Shared device section
    • Tablet Lager1
      Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
    • To avoid input errors, different variable names are possible for compatibility reasons. →
        
      A distinction between Android and iOS is no longer necessary.
    • Examples:
      • The email user name is identical to the device user name: ttt-point.local\%device_user_username%
      • The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%
    Password Password The password for the account
    Use OAuth Specifies whether the connection should use OAuth for authentication. notempty
    If OAuth is specified, the password field should remain blank
    Payload certificate UUID Select certificate UUID of the certificate that is used for authentication
    Prevent move If set to true, messages may not be moved out of this email account into another account
    Prevent App sheet If set to true, this account will not be available for sending mail in third party applications
    Allow Mail Drop If set to true, this account is allowed to use Mail Drop
    S/MIME enabled If set to true, this account will support S/MIME
    S/MIME signing enabled
    If set to true, this account will enable message signing
    S/MIME encryption enabled
    If set to true, this account will support message encryption
    S/MIME enable Per-Message Switch
    If set to true, enables the per-message encryption switch
    Disable email recipient synchronization If this value is set to true, this account will be excluded from the synchronization of the "Recent" addresses
    Activate calendar    Activate calendar
    Calendar overwritable    Allow account to enable/disable calendar
    Enable/disable contacts    Enable contacts
    Contacts overwritable    Allow account to enable/disable contacts
    Enable email    Enable email
    Mail overwritable    Allow account to enable/disable mail
    Enable notes    Enable notes
       Allow account to enable/disable notes
    Enable reminders    Enable reminders
    Reminders overwritable    Allow the account to enable/disable reminders
    Overwrite previous password Overwrite previous password
    Audio calls Enter ID The bundle ID of the application that processes audio calls made to contacts from this account

    Example: Office365 accountsExample: Office365 accounts

    Example: Integration of an Office 365 account with OAuth

  • OAuth only works with ActiveSync
    Configuration in the Email & Exchange Active Sync tab when adding an Exchange Account
  • The OAuth data of other providers can be obtained exclusively and directly from these providers
  • Operation Value Description
    Account name Account name Name of the user to be displayed
    Exchange ActiveSync Host outlook.office365.com Example for Office365
    Number of days in which the emails from the past are synchronized Forever Possible values: 1 day, 3 days, 1 week, 2 weeks, 1 month, forever
    Use SSL    Sends all communications via Secure Socket Layer. notempty
    Securepoint recommends to activate the option
    Email address support.ttt-point.onmicrosoft.de Possible addresses are selectable from the dropdown menu incl. variables that take the information from the user data
    Domain\User     Domain and user must remain empty if the device is expected to query
    Password     The password for the email account on the mail server notempty
    If OAuth is specified, the password field should remain blank
    Use OAuth    Specifies whether the connection should use OAuth for authentication.
  • Must be activated on the mail server!
  • If OAuth is specified, the password field should remain blank
  • OAuth login URL https://login.microsoftonline.com/common/oauth2/v2.0/authorize Login URL
    Here shown for Office365 accounts (example)
    OAuth token request URL https://login.microsoftonline.com/common/oauth2/v2.0/token OAuth token request URL
    Here shown for Office365 accounts (example)
    Payload certificate UUID: None If the authentication on the Exchange server is to be done with a certificate, this can be selected here.

    notempty

    Additionally, in the Certificates tab, the desired certificate must be added in the click box to be transferred to the device.




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter




    Calendar

    Calendar

    Calendar with user account
    Calendar with user account Variables can be used as well.



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.

  • User  Add account
    Caption Value Description MSP v1.5.7 Profile iOS Kalender Benutzer-en.png
    Calendar with user account
    Hostname Hostname Server address of the calendar
    Username Username The username for the login
    The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible.
    Password Password Optional. The password of the user
    Use SSL    Enable Secure Socket Layer communication with the CalDAV server
    Port PortLink= Optional. The port of the server to which the connection is made.
    Main URL Main URL The URL to the user's calendar.
  • In iOS/iPadOS, this URL is required when the user does not provide a password, because the service auto-detection fails and the account is not created. Optional.
  • Account description Account description Optional. The description of the account.


    Add subscription
    Subscribed calendar Variables can be used as well.



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.

  • Subscriptions  Add subscription
    Caption Value Description MSP v1.5.7 Profile iOS Kalender Abos-en.png
    Subscribed calendar
    Hostname Hostname Server address of the calendar
    Username Username The username for the login
    The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible.
    Password Password Optional. The password of the user
    Use SSL    Enable Secure Socket Layer communication with the CalDAV server
    Port PortLink= Optional. The port of the server to which the connection is made.
    Account description Account description Optional. The description of the account.




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter




    CardDav

    CardDav

    Variables can be used as well.



    The values are taken from the user settings of the user to whom the respective device is assigned
    Variable name in profiles * Description Example
    $username$
    alternative names:
    %device_user%
    %device_user_username%
      
    Username jdoe
    $emailaddress$
    alternative name:
    %device_email%
      
    Email address jdoe@ttt-point.de
    $firstname$
    alternative name:
    %device_user_firstname%
      
    First name John
    $lastname$
    alternative name:
    %device_user_lastname%
      
    Last name Doe
    $name$
    alternative name:
    %device_user_name%
      
    First name and surname John Doe
    $variable1$
    alternative name:
    %variable1%
      
    custom value jdoe/ttt-point.local
    $variable2$
    alternative name:
    %variable2%
      
    custom value
    $variable3$
    alternative name:
    %variable3%
      
    custom value
    $device_name$
    alternative name:
    %device_name%
      
    Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name)
  • This variable can also be used in iOS profiles in the Shared device section
  • Cell phone from Markus Müller
    $device_alias$
    alternative name:
    %device_alias%
      
    Only for iOS: The alias assigned in the portal.
    If the alias is not assigned, the device_name is displayed.
  • This variable can also be used in iOS profiles in the Shared device section
  • Tablet Lager1
    Defining the values in the user administration in the portal under:  General  Users or for the device alias in the device tile.
  • To avoid input errors, different variable names are possible for compatibility reasons. →
      
    A distinction between Android and iOS is no longer necessary.

  • User  Add account
    Caption Value Description MSP-iOS-Profile-CardDAV-en.png
    Include address books
    Hostname Hostname The CardDAV server hostname or IP address
    Username Username The CardDAV username
    The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible.
    Password Password The CardDAV password
    Use SSL When enabled   , the Secure Socket Layer communicates with the CardDAV server.
    Port PortLink= The port number to connect to the CardDAV server
    Main URL Main URL The main URL for the CardDAV account
    Account description Account description The display name of the account (e.g. "Company CardDAV Account").




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter



    Google account

    Google account

    Caption Value Description USP v1.9 iOS Profile Googlekonto-en.png
    Tab Google account
    User  Add account Adds a Google account.
    This also makes, for example, the history of Google searches or individual Google Maps configurations, such as special points, available on the device.
    Account description Account description The displayed name of the account (e.g. "Company Server Account").
    Account name Account name Full user name of the Google account
    Email address m.mueller.ttt-point@gmailcom The address of the account (e.g. "mdm.ttt-point@gmailcom")
    Addresses of created users (from  General  Users ) can be selected or freely entered.
    Audio calls Enter ID The bundle ID of the application that processes audio calls made to contacts from this account




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter



    AirPrint

    AirPrint

    Caption Value Description USP v1.9 iOS Profile AirPrint-en.png
    Tab AirPrint
    Printer   Add printer Adds a printer configuration that should always be displayed
    IP address IP address The IP address of the AirPrint destination
    Resource path ipp/print The resource path associated with the printer. This corresponds to the rp parameter of the _ipps.tcp Bonjour record.
    For example: printers/Canon_MG5300_series, printers/Xerox_Phaser_7600 or ipp/print
      
    Port PortLink= The port through which to connect to the printer
    Force TLS Secures active AirPrint connections through Transport Layer Security (TLS) when it is    enabled.




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter



    Certificates

    Certificates

    Certificates are required, for example, to retrieve emails from an Exchange server with https or to confirm the authenticity of self-signed apps.

    Caption Values Description MSP-iOS-Profile-Zertifkate-en.png
    Certificates
    Activate certificates    Once set, you can add certificates
    Certificates Select certificates Selection of Base-64-encoded X.509 certificates imported in the   Certificate menu.


    Status report

    Status report
    New as of 05.2023 (v1.15)

    Apple devices have various system information that can theoretically change (according to Apple's idea, at least).
    Apple's declarative management can be used to keep device information in the portal up-to-date via status reports.

    Here you can configure which of these values are automatically transmitted to the MDM portal when tey are changed.
    The display in the device dashboard then does not have to be updated manually.

    The changes are logged in the Operations Log tab in the device details.

    notempty

    For privacy reasons, the options can be enabled or disabled individually.

  • For full functionality the iOS iPadOS tvOS version 16.1 is required
  • Certificate Status report Mobileconfig
    Caption Default Description Available as of version MSP 1.15 iOS Profile Status-en.png
    Status report tab
    Activate configuration When activated   , the details of the status information can be specified.
    Model family A string that describes the hardware family of the device, such as Mac, iPhone, or iPad. iOS 15.0 iPadOS 15.0
    Model identifier A status report of the device’s hardware identifier. iOS 15.0 iPadOS 15.0
    Model name A string that identifies the device’s marketing name, such as iPhone 12. iOS 15.0 iPadOS 15.0
    OS build version A string that identifies the operating system’s build version on the device, such as 18F132. iOS 15.0 iPadOS 15.0
    OS family A string that identifies the operating system family in use on the device, such as macOS or iOS. iOS 15.0 iPadOS 15.0
    OS version A string that identifies the operating system’s version in use on the device, such as 15.0. iOS 15.0 iPadOS 15.0
    OS name A string that identifies the operating system’s marketing name in use on the device, such as Catalina. iOS 15.0 iPadOS 15.0
    OS supplemental build version Identifies the operating system’s build and rapid security response versions in use on the device (for example, 20A123a, or 20B27c). iOS 16.1 iPadOS 16.1
    OS supplemental extra version Identifies the operating system’s rapid security response version in use on the device (for example, a). iOS 16.1 iPadOS 16.1
    Passcode compliance If true, the passcode is in compliance with all passcode policies set on the device.
    If false, the passcode isn’t in compliance with one or more passcode policies set on the device.
    When there are no passcode policies on the device, this value true.
    iOS 16.0 iPadOS 16.0
    Passcode presence If true, a passcode is present on the device. If false, a passcode isn’t present on the device.
    When a passcode is present, the specific attributes of the passcode (length, number of complex characters, etc), isn’t reported.
    iOS 16.0 iPadOS 16.0
    MDM app The Securepoint MDM installed apps. iOS 16.0 iPadOS 16.0




    Schließen Schließt den Reiter ohne Änderungen zu übernehmen
     Speichern Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter


        • Screenshot noch auf deutsch. Anpassen, sobald vollständige Doku erfolgt ***


    Mobileconfig

    Mobileconfig

    Caption Value Description USP v1.13 iOS Profile mobileconfig-en.png
    Tab Mobileconfig
    Mobileconfig  Upload Opens a system dialog for uploading a mobile configuration from the Apple Configurator II
  • All values are purely for information. They are defined by the .mobileconfig and cannot be changed
  • Name Untitled Name of the configuration
    Type Configuration File type
    Version 1 Version of the file
    Identifier MacBook-Pro.12ab.34… Can be set manually in the Apple Configurator (composed of the device name and a string)
    UUID ab12cd34ef… Clear identification
     Replace Opens the dialog for importing a configuration that replaces an existing configuration
      Delete Deletes configuration from the devices