- The configuration AppLock does not work in iOS for Shared iPads and has been removed
- The AirPrint configuration does not work in iOS for Shared iPads and has been removed
Preamble
In a profile permissions, restrictions, password requirements, email settings and security settings are configured.
Several users or user groups (roles) can be assigned to a profile.
Several devices or device groups (devices designated by tags) can be assigned to a profile.
notempty
Overview of profile management
In the profile overview new profiles can be created, existing ones can be edited and deleted. The view of the profiles can be displayed in the list or tile view. You can also view details of existing profiles, update the list of profiles, and publish profiles.
General Options
Sorts the tiles by profile name | |
Sorts the tiles according to the priority of the profile | |
Sorts the tiles in ascending or descending order according to the selected criterion | |
Filters on profile tiles that contain the search text | |
Add profile | Creates a new profile. The settings in the profile vary depending on the operating system. |
Users | Existing profiles that were previously exported from the Secuerepoint Mobile Security Portal can be imported here |
Paste | Inserts a copy of a profile from the clipboard |
Show / hide details: For a large number of profiles, it can be useful to hide the most important details for clarity. | |
/ | Switch between lists and grid view |
Refreshes the display |
Profile tile
The button at the top right of each profile tile provides the following options: | ||
Edit | Editing the settings (see below) | |
Copy | Copying the profile to the clipboard | |
Export | Exporting the settings | |
Delete | The profile is deleted | |
Details displayed in the profile tile: | ||
Updated | Changes have been made to the profile that have not yet been published! | |
Partially installed | Not all subprofiles were able to be installed | |
iOS profile | ||
Type | Profile type (see below) | |
Roles | Roles | |
Users | User | |
Devices | Devices | |
tags | Tags | |
Parts | Listing of the sub-profiles that make up the complete Mobile Security Profile. |
Copy & paste of profiles
Click on the logo of the profile tile to mark one or more profiles In the general options, another field now appears under the filter mask:
Action for selected items | Execute the selected action with Ok | |||
Copies one or more selected profiles to the clipboard | ||||
Deletes one or more selected profiles | ||||
Paste | Inserts a copy of a profile from the clipboard
|
General iOS
General
Add profile
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Restrictions
Restrictions
Configuration by clicking on Activate restrictions
Numerous restrictions can be configured to control the behavior of a device.
List of possible restrictions with default values and explanations
General restrictions
General restrictions
Restriction | Default | Explanation |
---|---|---|
Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
Allow automatic unlocking | If set to false, the automatic unlocking is disabled | |
Allow cloud address book | If set to false, the cloud address book will be disabled | |
Allow cloud bookmarks | If set to false, cloud bookmarks will be disabled | |
Allow cloud calendar | If set to false, the cloud calendar will be disabled | |
Allow cloud desktop & documents | If set to false, cloud desktop and documents will be disabled | |
Allow cloud mail | If set to false, cloud mail will be disabled | |
Allow cloud notes | If set to false, cloud notes will be disabled | |
Allow cloud reminders | If set to false, cloud reminders will be disabled | |
Allow content caching | If set to false, content caching will be disabled | |
Allow iTunes file sharing | If set to false, iTunes file sharing will be disabled | |
Allow automatic screen saver | Allow automatic screen saver | |
Allow lock screen ControlCenter | If set to false, the ControlCenter is disabled for the lock screen | |
Allow lock screen notifications to display | If set to false, the notification preview of the lock screen will be disabled | |
Allow lock screen view today | If set to false, today's lock screen view will be disabled | |
Allow to write unmanaged contacts | If set to false, writing unmanaged contacts will be disabled | |
Allow unmanaged reading of managed contacts | These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app | |
Allow OTAPKI updates | If set to false, OTAPKI updates are disabled | |
Allow temporary session of the shared device | If set to false, the temporary session of the shared device is disabled | |
Force password for outgoing AirPlay requests | If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
Force encrypted backups | Force encrypted backups | |
Limit ad tracking | If set to true, ad tracking will be restricted | |
Dictation only | If set to true, connections to Siri servers for dictation are disabled | |
Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
Allow QuickPath keyboard | If set to inactive, the QuickPath keyboard is disabled | |
Allow network access for files | If inactive, the connection to network drives is prevented in the file app | |
Allow USB drive for files | When inactive, it prevents the File app from connecting to connected USB devices | |
Allow Find My Device | When inactive, Find My Device is disabled in the Find my App | |
Allow Find My Friends | When inactive, Find My Friends is disabled in the Find My app | |
Force WiFi activation | If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use. | |
Allow trusting enterprise apps | Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple) | |
Allow screenshots and screen recording | Allows the user to take screenshots or screen recordings | |
Allow Apple Music | If set to false, Apple Music will be disabled in the Music app | |
Allow iTunes Radio | If set to false, iTunes Radio will be disabled in the Music app | |
Allow shared stream | If set to false, the shared stream is disabled | |
Allow Wallet while locked | If set to false, wallet notifications will not be shown on the lock screen | |
Allow use of News | Allows the user to access and use News | |
Allow modifying bluetooth settings | Allow modifying bluetooth settings | |
Allow modifying cellular data usage for app settings | If set to false, the mobile data uses for app settings cannot be changed | |
Allow modifying device name | Allows the user to change device names | |
Allow automatic sync while roaming | Allows automatic synchronization during roaming | |
Allow iCloud sync for managed apps | Allows iCloud synchronization for managed apps | |
Allow enterprise books backup | Allows enterprise books to be backed up | |
Allow enterprise books and highlights to sync | Allows enterprise books to synchronize notes and highlights | |
Allow email privacy | If activated, Apple's Mail Privacy Protection (AMPP) is activated | |
Allow In App purchases | Allows the user to make purchases within applications | |
Allow multiplayer gaming | Allows multiplayer gaming | |
Allow voice dialing while device is locked | Allows voice dialing while device is locked | |
Force Apple Watch wrist detection | Forces Apple watch wrist detection | |
Allow pairing with Apple Watch | Allows pairing with Apple Watch | |
Allow Internet results in Spotlight | If set to false, search results from the web will not be shown in Spotlight | |
Allow user to accept untrusted TLS certificates | Allows user to accept untrusted TLS certificates | |
Allow Photo Stream | Allows Photo Stream to be used on the device | |
Allow iCloud Photo Library | Allows iCloud photo library to be used on the device | |
Allow iCloud backup | Allows backup using iCloud | |
Allow personalized advertising | When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later. | |
Requires iTunes password for all purchases | Requires the user's iTunes password to be entered for every purchase | |
Apps ranking number | 1000 | Ranking number for apps |
Movies ranking number | 1000 | Ranking number for movies |
TV Shows ranking number | 1000 | Ranking number for TV Shows |
Region code | Germany | Two-character code for the region used to specify ratings |
Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
From websites I visited | Accepts cookies from all visited websites | |
Always | Accepts all cookies | |
Allow JavaScript | AllowS JavaScript in Safari | |
Allow Pop-ups | AllowS Pop-ups in Safari | |
Enable fraud warning | Enables fraud warning in Safari | |
Force translation on the device only | When this option is enabled, the device does not connect to Siri servers for translation purposes | |
Allow unmanaged documents in managed apps | Allows managed apps to access unmanaged documents | |
Allow managed documents in unmanaged apps | Allows unmanaged apps to access managed documents | |
Managed clipboard required | When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
Treat AirDrop as unmanaged destination | ||
Allows Handoff | If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
Allow Touch ID/Face ID for unlocking | Allows touch ID/Face ID to unlock device | |
Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
Allow modifying notification settings | Allows modifying notification settings | |
Allow incoming AirPlay requests | Allows incoming AirPlay requests | |
Allow pairing with Remote app | Allows pairing with Remote app | |
Allow dictation | Allows dictation | |
Allow camera use | Allows the user to use the camera | |
Allow Siri | Allows Siri | |
Allow Siri while locked | Allows Siri while device is locked | |
Allow Siri user generated content | When inactive, it prevents Siri from querying requests with user-generated content | |
Allow modifying Touch ID/Face ID | The user is allowed to change the Touch ID/Face ID | |
Allow diagnostic submission | Send diagnostic and usage stats to Apple | |
Allow modifying diagnostics settings | The user is allowed to change the diagnostic settings |
Restriction | Default | Explanation |
---|---|---|
Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
Allow automatic unlocking | If set to false, the automatic unlocking is disabled | |
Allow cloud address book | If set to false, the cloud address book will be disabled | |
Allow cloud bookmarks | If set to false, cloud bookmarks will be disabled | |
Allow cloud calendar | If set to false, the cloud calendar will be disabled | |
Allow cloud desktop & documents | If set to false, cloud desktop and documents will be disabled | |
Allow cloud mail | If set to false, cloud mail will be disabled | |
Allow cloud notes | If set to false, cloud notes will be disabled | |
Allow cloud reminders | If set to false, cloud reminders will be disabled | |
Allow content caching | If set to false, content caching will be disabled | |
Allow iTunes file sharing | If set to false, iTunes file sharing will be disabled | |
Allow automatic screen saver | Allow automatic screen saver | |
Allow lock screen ControlCenter | If set to false, the ControlCenter is disabled for the lock screen | |
Allow lock screen notifications to display | If set to false, the notification preview of the lock screen will be disabled | |
Allow lock screen view today | If set to false, today's lock screen view will be disabled | |
Allow to write unmanaged contacts | If set to false, writing unmanaged contacts will be disabled | |
Allow unmanaged reading of managed contacts | These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app | |
Allow OTAPKI updates | If set to false, OTAPKI updates are disabled | |
Allow temporary session of the shared device | If set to false, the temporary session of the shared device is disabled | |
Force password for outgoing AirPlay requests | If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
Force encrypted backups | Force encrypted backups | |
Limit ad tracking | If set to true, ad tracking will be restricted | |
Dictation only | If set to true, connections to Siri servers for dictation are disabled | |
Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
Allow QuickPath keyboard | If set to inactive, the QuickPath keyboard is disabled | |
Allow network access for files | If inactive, the connection to network drives is prevented in the file app | |
Allow USB drive for files | When inactive, it prevents the File app from connecting to connected USB devices | |
Allow Find My Device | When inactive, Find My Device is disabled in the Find my App | |
Allow Find My Friends | When inactive, Find My Friends is disabled in the Find My app | |
Force WiFi activation | If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use. | |
Allow trusting enterprise apps | Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple) | |
Allow screenshots and screen recording | Allows the user to take screenshots or screen recordings | |
Allow Apple Music | If set to false, Apple Music will be disabled in the Music app | |
Allow iTunes Radio | If set to false, iTunes Radio will be disabled in the Music app | |
Allow shared stream | If set to false, the shared stream is disabled | |
Allow Wallet while locked | If set to false, wallet notifications will not be shown on the lock screen | |
Allow use of News | Allows the user to access and use News | |
Allow modifying bluetooth settings | Allow modifying bluetooth settings | |
Allow modifying cellular data usage for app settings | If set to false, the mobile data uses for app settings cannot be changed | |
Allow modifying device name | Allows the user to change device names | |
Allow automatic sync while roaming | Allows automatic synchronization during roaming | |
Allow iCloud sync for managed apps | Allows iCloud synchronization for managed apps | |
Allow enterprise books backup | Allows enterprise books to be backed up | |
Allow enterprise books and highlights to sync | Allows enterprise books to synchronize notes and highlights | |
Allow email privacy | If activated, Apple's Mail Privacy Protection (AMPP) is activated | |
Allow In App purchases | Allows the user to make purchases within applications | |
Allow multiplayer gaming | Allows multiplayer gaming | |
Allow voice dialing while device is locked | Allows voice dialing while device is locked | |
Force Apple Watch wrist detection | Forces Apple watch wrist detection | |
Allow pairing with Apple Watch | Allows pairing with Apple Watch | |
Allow Internet results in Spotlight | If set to false, search results from the web will not be shown in Spotlight | |
Allow user to accept untrusted TLS certificates | Allows user to accept untrusted TLS certificates | |
Allow Photo Stream | Allows Photo Stream to be used on the device | |
Allow iCloud Photo Library | Allows iCloud photo library to be used on the device | |
Allow iCloud backup | Allows backup using iCloud | |
Allow personalized advertising | When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later. | |
Requires iTunes password for all purchases | Requires the user's iTunes password to be entered for every purchase | |
Apps ranking number | 1000 | Ranking number for apps |
Movies ranking number | 1000 | Ranking number for movies |
TV Shows ranking number | 1000 | Ranking number for TV Shows |
Region code | Germany | Two-character code for the region used to specify ratings |
Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
From websites I visited | Accepts cookies from all visited websites | |
Always | Accepts all cookies | |
Allow JavaScript | AllowS JavaScript in Safari | |
Allow Pop-ups | AllowS Pop-ups in Safari | |
Enable fraud warning | Enables fraud warning in Safari | |
Force translation on the device only | When this option is enabled, the device does not connect to Siri servers for translation purposes | |
Allow unmanaged documents in managed apps | Allows managed apps to access unmanaged documents | |
Allow managed documents in unmanaged apps | Allows unmanaged apps to access managed documents | |
Managed clipboard required | When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
Treat AirDrop as unmanaged destination | ||
Allows Handoff | If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
Allow Touch ID/Face ID for unlocking | Allows touch ID/Face ID to unlock device | |
Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
Allow modifying notification settings | Allows modifying notification settings | |
Allow incoming AirPlay requests | Allows incoming AirPlay requests | |
Allow pairing with Remote app | Allows pairing with Remote app | |
Allow dictation | Allows dictation | |
Allow camera use | Allows the user to use the camera | |
Allow Siri | Allows Siri | |
Allow Siri while locked | Allows Siri while device is locked | |
Allow Siri user generated content | When inactive, it prevents Siri from querying requests with user-generated content | |
Allow modifying Touch ID/Face ID | The user is allowed to change the Touch ID/Face ID | |
Allow diagnostic submission | Send diagnostic and usage stats to Apple | |
Allow modifying diagnostics settings | The user is allowed to change the diagnostic settings |
Restriction | Default | Explanation |
---|---|---|
Demo-Dev-Einschränkung | Sollte nur im devWiki angezeigt werden | |
Allow automatic unlocking | If set to false, the automatic unlocking is disabled | |
Allow cloud address book | If set to false, the cloud address book will be disabled | |
Allow cloud bookmarks | If set to false, cloud bookmarks will be disabled | |
Allow cloud calendar | If set to false, the cloud calendar will be disabled | |
Allow cloud desktop & documents | If set to false, cloud desktop and documents will be disabled | |
Allow cloud mail | If set to false, cloud mail will be disabled | |
Allow cloud notes | If set to false, cloud notes will be disabled | |
Allow cloud reminders | If set to false, cloud reminders will be disabled | |
Allow content caching | If set to false, content caching will be disabled | |
Allow iTunes file sharing | If set to false, iTunes file sharing will be disabled | |
Allow automatic screen saver | Allow automatic screen saver | |
Allow lock screen ControlCenter | If set to false, the ControlCenter is disabled for the lock screen | |
Allow lock screen notifications to display | If set to false, the notification preview of the lock screen will be disabled | |
Allow lock screen view today | If set to false, today's lock screen view will be disabled | |
Allow to write unmanaged contacts | If set to false, writing unmanaged contacts will be disabled | |
Allow unmanaged reading of managed contacts | These restrictions prevent unmanaged apps from accessing contacts of managed accounts and prevent managed apps from saving contacts in the local Contacts app | |
Allow OTAPKI updates | If set to false, OTAPKI updates are disabled | |
Allow temporary session of the shared device | If set to false, the temporary session of the shared device is disabled | |
Force password for outgoing AirPlay requests | If set to true, all devices receiving AirPlay requests from this device will be forced to use a pairing password | |
Force encrypted backups | Force encrypted backups | |
Limit ad tracking | If set to true, ad tracking will be restricted | |
Dictation only | If set to true, connections to Siri servers for dictation are disabled | |
Force WLAN Allowlist | Join Wi-Fi networks installed by profiles only | |
Allow QuickPath keyboard | If set to inactive, the QuickPath keyboard is disabled | |
Allow network access for files | If inactive, the connection to network drives is prevented in the file app | |
Allow USB drive for files | When inactive, it prevents the File app from connecting to connected USB devices | |
Allow Find My Device | When inactive, Find My Device is disabled in the Find my App | |
Allow Find My Friends | When inactive, Find My Friends is disabled in the Find My app | |
Force WiFi activation | If set to true, prevents Wi-Fi from being turned off in settings or control center, even by entering or leaving airplane mode. It does not prevent selecting which Wi-Fi network to use. | |
Allow trusting enterprise apps | Required for future implementations Allows the user to trust enterprise apps. (Apps that can be deployed without the iTunes App Store and don't need to be authorized by Apple) | |
Allow screenshots and screen recording | Allows the user to take screenshots or screen recordings | |
Allow Apple Music | If set to false, Apple Music will be disabled in the Music app | |
Allow iTunes Radio | If set to false, iTunes Radio will be disabled in the Music app | |
Allow shared stream | If set to false, the shared stream is disabled | |
Allow Wallet while locked | If set to false, wallet notifications will not be shown on the lock screen | |
Allow use of News | Allows the user to access and use News | |
Allow modifying bluetooth settings | Allow modifying bluetooth settings | |
Allow modifying cellular data usage for app settings | If set to false, the mobile data uses for app settings cannot be changed | |
Allow modifying device name | Allows the user to change device names | |
Allow automatic sync while roaming | Allows automatic synchronization during roaming | |
Allow iCloud sync for managed apps | Allows iCloud synchronization for managed apps | |
Allow enterprise books backup | Allows enterprise books to be backed up | |
Allow enterprise books and highlights to sync | Allows enterprise books to synchronize notes and highlights | |
Allow email privacy | If activated, Apple's Mail Privacy Protection (AMPP) is activated | |
Allow In App purchases | Allows the user to make purchases within applications | |
Allow multiplayer gaming | Allows multiplayer gaming | |
Allow voice dialing while device is locked | Allows voice dialing while device is locked | |
Force Apple Watch wrist detection | Forces Apple watch wrist detection | |
Allow pairing with Apple Watch | Allows pairing with Apple Watch | |
Allow Internet results in Spotlight | If set to false, search results from the web will not be shown in Spotlight | |
Allow user to accept untrusted TLS certificates | Allows user to accept untrusted TLS certificates | |
Allow Photo Stream | Allows Photo Stream to be used on the device | |
Allow iCloud Photo Library | Allows iCloud photo library to be used on the device | |
Allow iCloud backup | Allows backup using iCloud | |
Allow personalized advertising | When disabled, restricts Apple's personalized advertising. Available in iOS 14 and later. | |
Requires iTunes password for all purchases | Requires the user's iTunes password to be entered for every purchase | |
Apps ranking number | 1000 | Ranking number for apps |
Movies ranking number | 1000 | Ranking number for movies |
TV Shows ranking number | 1000 | Ranking number for TV Shows |
Region code | Germany | Two-character code for the region used to specify ratings |
Accept cookies in Safari | Never | Accept cookies: Does not accept cookies |
From current website only (iOS 8) or visited sites (pre-iOS 8) | Depending on iOS version: from iOS 8: Only from current website from iOS 8: Only from visited pages | |
From websites I visited | Accepts cookies from all visited websites | |
Always | Accepts all cookies | |
Allow JavaScript | AllowS JavaScript in Safari | |
Allow Pop-ups | AllowS Pop-ups in Safari | |
Enable fraud warning | Enables fraud warning in Safari | |
Force translation on the device only | When this option is enabled, the device does not connect to Siri servers for translation purposes | |
Allow unmanaged documents in managed apps | Allows managed apps to access unmanaged documents | |
Allow managed documents in unmanaged apps | Allows unmanaged apps to access managed documents | |
Managed clipboard required | When enabled, the copy and paste feature follows the "Allow open from managed to unmanaged" and "Allow open from unmanaged to managed" constraints. | |
Treat AirDrop as unmanaged destination | ||
Allows Handoff | If this value is set to "false", handoff is deactivated. Handoff allows you to continue an activity started on an iOS-device on another device. | |
Allow Touch ID/Face ID for unlocking | Allows touch ID/Face ID to unlock device | |
Fingerprint timeout | The time after which unlocking the fingerprint requires a password for authentication. Possible values: 1, 6, 12 hours, 1, 2, 3 days or 1 week | |
Allow modifying notification settings | Allows modifying notification settings | |
Allow incoming AirPlay requests | Allows incoming AirPlay requests | |
Allow pairing with Remote app | Allows pairing with Remote app | |
Allow dictation | Allows dictation | |
Allow camera use | Allows the user to use the camera | |
Allow Siri | Allows Siri | |
Allow Siri while locked | Allows Siri while device is locked | |
Allow Siri user generated content | When inactive, it prevents Siri from querying requests with user-generated content | |
Allow modifying Touch ID/Face ID | The user is allowed to change the Touch ID/Face ID | |
Allow diagnostic submission | Send diagnostic and usage stats to Apple | |
Allow modifying diagnostics settings | The user is allowed to change the diagnostic settings |
Classroom-App
Classroom-AppThe Classroom App is available free of charge in the App-Store and offers possibilities for use in school classes.
Important restrictions can be configured here.
Restriction | Default | Explanation |
---|---|---|
Allow remote screen monitoring | If not allowed, remote screen monitoring is disabled by the Classroom app. When screenshots are disabled, the Classroom app does not observe remote screens. | |
Force courses to be joined automatically | If enforced, the instructor's requests are automatically accepted without prompting the student. | |
Force permission to leave classes | If enforced, a student enrolled in an unmanaged course through Classroom must ask the instructor for permission to leave the course. | |
Force app and device lock | If enforced, the teacher can lock apps or the device without prompting the student. | |
Force screen monitoring | When enforced and remote screen monitoring is allowed, a student enrolled in a managed course through the classroom app automatically grants permission to watch the screen without being prompted. |
Restrictions for supervised devices
Restrictions for supervised devicesA range of restrictions is only available for devices in the Supervised embedding mode.
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Notification settings
Notification settings
Add settings The settings are made separately for each app
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Apps
Apps
App-Lock (Kiosk mode)
App-Lock (Kiosk mode)The app lock activates the guided mode which limits the device to a single app. In this state - also called kiosk mode - you can control which app functions are available.
Activate configuration
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Email & Exchange Active Sync
Email & Exchange Active Sync
Several mail accounts can be set up in the email settings.
These settings affect IMAP or POP3 accounts.
Settings for Exchange ActiveSync must be made in the corresponding tab!
Exchange accounts
Exchange accounts Add accountConfiguration for Exchange mails retrieved via https connections
Configuration by clicking on Activate Exchange ActiveSync }}
Operation | Default | Description | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Account name | The display name of the user (e.g. "John Appleseed"). Different variables can be used. The values are taken from the user settings of the user to whom the respective device is assigned
| |||||||||||||||||||||||||||||||||||||
Exchange ActiveSync Host | Enter host | Host name or IP address of the Exchange server | ||||||||||||||||||||||||||||||||||||
Past days of mail to sync | Synchronization period | |||||||||||||||||||||||||||||||||||||
Use SSL | Encrypts all messages with SSL (Secure Socket layer) | |||||||||||||||||||||||||||||||||||||
Email address | Select email address | The address of the account to be synchronized (e.g. "john@company.com") Variables can be used as well. The entries $variable1$, $variable2$ and $variable3$ can be defined individually. The values are taken from the user settings of the user to whom the respective device is assigned
| ||||||||||||||||||||||||||||||||||||
Domain\User | Username | Mail domain and mail user
| ||||||||||||||||||||||||||||||||||||
Password | Password | The password for the account | ||||||||||||||||||||||||||||||||||||
Use OAuth | Specifies whether the connection should use OAuth for authentication. notempty If OAuth is specified, the password field should remain blank
| |||||||||||||||||||||||||||||||||||||
Payload certificate UUID | Select certificate | UUID of the certificate that is used for authentication | ||||||||||||||||||||||||||||||||||||
Prevent move | If set to true, messages may not be moved out of this email account into another account | |||||||||||||||||||||||||||||||||||||
Prevent App sheet | If set to true, this account will not be available for sending mail in third party applications | |||||||||||||||||||||||||||||||||||||
Allow Mail Drop | If set to true, this account is allowed to use Mail Drop | |||||||||||||||||||||||||||||||||||||
S/MIME enabled | If set to true, this account will support S/MIME | |||||||||||||||||||||||||||||||||||||
|
If set to true, this account will enable message signing | |||||||||||||||||||||||||||||||||||||
|
If set to true, this account will support message encryption | |||||||||||||||||||||||||||||||||||||
|
If set to true, enables the per-message encryption switch | |||||||||||||||||||||||||||||||||||||
Disable email recipient synchronization | If this value is set to true, this account will be excluded from the synchronization of the "Recent" addresses | |||||||||||||||||||||||||||||||||||||
Activate calendar | Activate calendar | |||||||||||||||||||||||||||||||||||||
Calendar overwritable | Allow account to enable/disable calendar | |||||||||||||||||||||||||||||||||||||
Enable/disable contacts | Enable contacts | |||||||||||||||||||||||||||||||||||||
Contacts overwritable | Allow account to enable/disable contacts | |||||||||||||||||||||||||||||||||||||
Enable email | Enable email | |||||||||||||||||||||||||||||||||||||
Mail overwritable | Allow account to enable/disable mail | |||||||||||||||||||||||||||||||||||||
Enable notes | Enable notes | |||||||||||||||||||||||||||||||||||||
Allow account to enable/disable notes | ||||||||||||||||||||||||||||||||||||||
Enable reminders | Enable reminders | |||||||||||||||||||||||||||||||||||||
Reminders overwritable | Allow the account to enable/disable reminders | |||||||||||||||||||||||||||||||||||||
Overwrite previous password | Overwrite previous password | |||||||||||||||||||||||||||||||||||||
Audio calls | Enter ID | The bundle ID of the application that processes audio calls made to contacts from this account |
Example: Office365 accountsExample: Office365 accounts
Example: Integration of an Office 365 account with OAuth
Configuration in the Email & Exchange Active Sync tab when adding an Exchange Account
Operation | Value | Description |
---|---|---|
Account name | Account name | Name of the user to be displayed |
Exchange ActiveSync Host | outlook.office365.com | Example for Office365 |
Number of days in which the emails from the past are synchronized | Forever | Possible values: 1 day, 3 days, 1 week, 2 weeks, 1 month, forever |
Use SSL | Sends all communications via Secure Socket Layer.
notempty Securepoint recommends to activate the option
| |
Email address | support.ttt-point.onmicrosoft.de | Possible addresses are selectable from the dropdown menu incl. variables that take the information from the user data |
Domain\User | Domain and user must remain empty if the device is expected to query | |
Password | The password for the email account on the mail server notempty If OAuth is specified, the password field should remain blank
| |
Use OAuth | Specifies whether the connection should use OAuth for authentication.
| |
OAuth login URL | https://login.microsoftonline.com/common/oauth2/v2.0/authorize | Login URL Here shown for Office365 accounts (example) |
OAuth token request URL | https://login.microsoftonline.com/common/oauth2/v2.0/token | OAuth token request URL Here shown for Office365 accounts (example) |
Payload certificate UUID: | None | If the authentication on the Exchange server is to be done with a certificate, this can be selected here. notempty Additionally, in the Certificates tab, the desired certificate must be added in the click box to be transferred to the device. |
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Calendar
Calendar
Calendar with user account
Calendar with user account Variables can be used as well.Variable name in profiles * | Description | Example |
---|---|---|
$username$ alternative names: %device_user% %device_user_username% |
Username | jdoe |
$emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de |
$firstname$ alternative name: %device_user_firstname% |
First name | John |
$lastname$ alternative name: %device_user_lastname% |
Last name | Doe |
$name$ alternative name: %device_user_name% |
First name and surname | John Doe |
$variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local |
$variable2$ alternative name: %variable2% |
custom value | |
$variable3$ alternative name: %variable3% |
custom value | |
$device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller |
$device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Lager1 |
Defining the values in the user administration in the portal under: A distinction between Android and iOS is no longer necessary. | or for the device alias in the device tile.
User | Add account | ||
Caption | Value | Description | |
---|---|---|---|
Hostname | Hostname | Server address of the calendar | |
Username | Username | The username for the login The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible. | |
Password | Password | Optional. The password of the user | |
Use SSL | Enable Secure Socket Layer communication with the CalDAV server | ||
Port | Port | Optional. The port of the server to which the connection is made. | |
Main URL | Main URL | The URL to the user's calendar. | |
Account description | Account description | Optional. The description of the account. |
Add subscription
Subscribed calendar Variables can be used as well.Variable name in profiles * | Description | Example |
---|---|---|
$username$ alternative names: %device_user% %device_user_username% |
Username | jdoe |
$emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de |
$firstname$ alternative name: %device_user_firstname% |
First name | John |
$lastname$ alternative name: %device_user_lastname% |
Last name | Doe |
$name$ alternative name: %device_user_name% |
First name and surname | John Doe |
$variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local |
$variable2$ alternative name: %variable2% |
custom value | |
$variable3$ alternative name: %variable3% |
custom value | |
$device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller |
$device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Lager1 |
Defining the values in the user administration in the portal under: A distinction between Android and iOS is no longer necessary. | or for the device alias in the device tile.
Subscriptions | Add subscription | ||
Caption | Value | Description | |
---|---|---|---|
Hostname | Hostname | Server address of the calendar | |
Username | Username | The username for the login The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible. | |
Password | Password | Optional. The password of the user | |
Use SSL | Enable Secure Socket Layer communication with the CalDAV server | ||
Port | Port | Optional. The port of the server to which the connection is made. | |
Account description | Account description | Optional. The description of the account. |
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
CardDav
CardDav
Variable name in profiles * | Description | Example |
---|---|---|
$username$ alternative names: %device_user% %device_user_username% |
Username | jdoe |
$emailaddress$ alternative name: %device_email% |
Email address | jdoe@ttt-point.de |
$firstname$ alternative name: %device_user_firstname% |
First name | John |
$lastname$ alternative name: %device_user_lastname% |
Last name | Doe |
$name$ alternative name: %device_user_name% |
First name and surname | John Doe |
$variable1$ alternative name: %variable1% |
custom value | jdoe/ttt-point.local |
$variable2$ alternative name: %variable2% |
custom value | |
$variable3$ alternative name: %variable3% |
custom value | |
$device_name$ alternative name: %device_name% |
Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) |
Cell phone from Markus Müller |
$device_alias$ alternative name: %device_alias% |
Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. |
Tablet Lager1 |
Defining the values in the user administration in the portal under: A distinction between Android and iOS is no longer necessary. | or for the device alias in the device tile.
User | Add account | ||
Caption | Value | Description | |
---|---|---|---|
Hostname | Hostname | The CardDAV server hostname or IP address | |
Username | Username | The CardDAV username The entries $emailaddress$, $username$, $variable1$, $variable2$ and $variable3$ are also possible. | |
Password | Password | The CardDAV password | |
Use SSL | When enabled , the Secure Socket Layer communicates with the CardDAV server. | ||
Port | Port | The port number to connect to the CardDAV server | |
Main URL | Main URL | The main URL for the CardDAV account | |
Account description | Account description | The display name of the account (e.g. "Company CardDAV Account"). | |
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Google account
Google account
Caption | Value | Description | |
---|---|---|---|
User | Add account | Adds a Google account. This also makes, for example, the history of Google searches or individual Google Maps configurations, such as special points, available on the device. | |
Account description | Account description | The displayed name of the account (e.g. "Company Server Account"). | |
Account name | Account name | Full user name of the Google account | |
Email address | m.mueller.ttt-point@gmailcom | The address of the account (e.g. "mdm.ttt-point@gmailcom") Addresses of created users (from ) can be selected or freely entered. | |
Audio calls | Enter ID | The bundle ID of the application that processes audio calls made to contacts from this account |
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Shared Device Configuration
notempty The profile used with these settings can only be installed on an iPad if no users have been previously registered on this iPad. The iPad must therefore be reset to the factory settings.
| |||
Caption | Value | Description | |
---|---|---|---|
Activate configuration | The shared device configuration can be set by activating . | ||
Managed Apple ID default domains | Enter domains | A list of domains displayed on the login screen of the Shared iPad. When logging into the device, the user can select a domain from the list to complete their Managed Apple ID. The corresponding domain is added to their login. | |
Online authentication grace period | 0 | ||
Quota size | 0 | The quota size (in megabytes MB) for each user on the shared device or, if the quota size is too small, the minimum quota size. | |
Resident users | 0 | The expected number of users. If this entered number is greater than the value for the maximum possible number of users that the device supports, the MDM server uses the maximum possible number instead. | |
Skip language setup | When is activated, the system automatically selects the system language and regional scheme for the new Shared iPad user. | ||
Temporary session only | If is activated, the user sees the welcome screen for guests and can only log in as a guest user. | ||
Time limit for temporary session | 30 | The temporary session is automatically logged off after the specified period (in seconds) of inactivity. | |
User session timeout | 30 | The user session is automatically logged off after the specified period (in seconds) of inactivity. | |
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |
Shared iPad User
Caption | Value | Description | |
---|---|---|---|
Apple IDs | admin@ttt-point.de | This profile will be available on all General selected Devices for these Apple IDs. | |
Schließen | Schließt den Reiter ohne Änderungen zu übernehmen |
Speichern | Übernimmt die Änderungen / Neuanlage, speichert und schließt den Reiter |