MDM Configurations

Addigy MDM allows the installation of MDM Profiles or Payloads on macOS, iOS, and tvOS Devices. Addigy MDM supports all MDM Configuration types, allowing the ability to import ANY MDM configuration or using the User Interface to create pre-defined payloads.

  1. macOS MDM Configurations
  2. Custom Configuration
  3. Privacy Preferences Policy Control
  4. Kernel Extensions Policy
  5. System Extensions
  6. Software Update
  7. Associated Domains
  8. System Preferences
  9. Wi-Fi
  10. App Store
  11. Energy Savings
  12. Printing
  13. Security & Privacy
  14. Time Machine
  15. Login Window
  16. Login Items
  17. Finder
  18. Dock
  19. Restrictions
  20. Passcode
  21. VPN
  22. Lockscreen
  23. Single App Lock
  24. Networking Usage
  25. Notifications
  26. Web Clip
  27. Web Content Filter

macOS MDM Configurations

MDM Configurations (.mobileconfig file extensions) are supported within the Addigy Cloud. You can create or upload a unique MDM Configuration and deploy it to macOS, iOS, or tvOS devices.

Custom Configuration

Custom Configuration allows you to upload any MDM Configuration created in any tool, as long as its a properly formatted .mobileconfig file extension.

  • Custom Configurations will be signed by Addigy
  • Custom Configurations support device fact variables for dynamic information
  • Custom Configurations can be signed
  • Requires Addigy MDM

Privacy Preferences Policy Control

The Privacy Preferences payload is designated by specifying com.apple.TCC.configuration-profile-policy value as the PayloadType value. It controls the settings that are displayed in the ”Privacy” tab of the ”Security & Privacy” pane in System Preferences. This profile must be delivered via a user approved MDM server in a device profile.

  • Requires macOS 10.14 and later.
  • Requires User Approved MDM
  • This profile must be delivered via a user approved MDM server.
  • Requires Addigy MDM

Used to whitelist Privacy Prompts for users, this payload can whitelist everything except ScreenRecording, Microphone, and Camera.

Apple Developer Documentation

Kernel Extensions Policy

The Kernel Extension Policy payload is designated by specifying com.apple.syspolicy.kernel-extension-policy as the PayloadType value.

  • It is supported on macOS 10.13.2 and later.
  • This profile must be delivered via a user approved MDM server.
  • Requires Addigy MDM

Used to whitelist Kernel Extension Prompts in Gatekeeper. This payload must be installed prior to the execution of the software to avoid prompting the user.

Apple Developer Documentation

System Extensions

The payload for configuring system extensions. Specify com.apple.system-extension-policy as the payload type. When multiple profiles are installed, the keys are combined as follows: AllowUserOverrides is false if any profile sets it to false. All the other values are combined together.

  • Requires macOS 10.15+
  • Requires User Approved MDM
  • Requires Addigy MDM

Apple Developer Documentation

Software Update

The payload for configuring the software update policy.

  • Required macOS 10.7+
  • Requires Addigy MDM

Apple Developer Documentation

Associated Domains

The payload for configuring associated domains. Associated domains can be used with features such as Extensible AppSSO, universal links, and Password AutoFill.

  • Required macOS 10.15+
  • Requires Addigy MDM

Apple Developer Documentation

System Preferences

The payload for configuring the preference panes. Preference Settings can be enabled, disabled, or hidden.

Apple Developer Documentation

Wi-Fi

The payload for configuring Wi-Fi on the device.

  • Requires iOS 4.0+, 10.7+, tvOS 9.0+
  • User Channel: macOS
  • Device Channel: iOS, macOS, Shared iPad, tvOS
  • Allowed in User Enrollment: iOS, macOS
  • Requires Addigy MDM

Apple Developer Documentation

App Store

The payload for configuring macOS App Store restrictions.

  • Requires macOS 10.9+
  • Supports Device and User Channel
  • Manual Installation Supported
  • Requires Addigy MDM

Apple Developer Documentation

Energy Savings

The payload for configuring energy-saver settings.

  • Requires macOS 10.7+
  • Supports Device Channel
  • Manual Installation Supported
  • Requires Addigy MDM

Apple Developer Documentation

Printing

The payload for configuring printers.

  • Requires macOS 10.7+
  • Supports Device and User Channel
  • Manual Installation Supported
  • Requires Addigy MDM

Apple Developer Documentation

Security & Privacy

Manages Gatekeeper, FileVault, and other Security configurations on a device. FileVault 2 performs full XTS-AES 128 encryption on the contents of a volume. Removing the FileVault payload does not disable FileVault.

  • As of macOS 10.15 this payload requires User Approved MDM.
  • Requires Addigy MDM

Apple Developer Documentation

Apple Developer Documentation

Time Machine

The payload for configuring Time Machine.

  • Requires macOS 10.7+
  • Supports Device Channel
  • Manual Installation Supported
  • Requires Addigy MDM

Apple Developer Documentation

Login Window

The payload for configuring login window behavior.

  • Requires macOS 10.7+
  • Supports Device Channel
  • Manual Installation Supported
  • Allows Multiple Payloads
  • Requires Addigy MDM

Apple Developer Documentation

Login Items

The payload for configuring a device’s login items.

  • Requires macOS 10.13+
  • Supports Device and User Channel
  • Manual Installation Supported
  • Allows Multiple Payloads
  • Allowed in User Enrollment
  • Requires Addigy MDM

Apple Developer Documentation

Finder

The payload for configuring Finder settings.

  • Requires macOS 10.7+
  • Supports Device and User Channel
  • Manual Installation Supported
  • Requires Addigy MDM

Apple Developer Documentation

Dock

The payload for configuring the dock.

  • Requires macOS 10.7+
  • Supports Device and User Channel
  • Manual Installation Supported
  • Requires Addigy MDM

Apple Developer Documentation

Restrictions

The payload for configuring the restrictions.

  • Requires iOS 4.0+, macOS 10.7+, tvOS 9.0+
  • Supports Device for iOS, macOS, Shared iPad, tvOS
  • Support User Channel for macOS, Shared iPad
  • Manual Installation Supported for iOS, macOS, tvOS
  • Allowed in User Enrollment
  • Allows Multiple Payloads
  • Requires Addigy MDM

Apple Developer Documentation

Passcode

The payload for configuring the passcode policy.

  • Requires iOS 4.0+, macOS 10.7+
  • Supports Device for iOS, macOS
  • Manual Installation Supported for iOS, macOS
  • Allowed in User Enrollment for iOS
  • Requires Addigy MDM

Apple Developer Documentation

VPN

The payload for configuring a VPN.

  • Requires iOS 4.0+, macOS 10.7+
  • Supports Device Channel for iOS, macOS
  • Manual Installation Supported for iOS, macOS
  • Allows Multiple Payloads
  • Requires Addigy MDM

Apple Developer Documentation

Lockscreen

The payload for configuring a Lock screen message.

  • Requires iOS 9.3+
  • Supports Device Channel for iOS
  • Manual Installation Supported for iOS
  • Requires Addigy MDM

Apple Developer Documentation

Single App Lock

The payload for configuring a device to run a single app.

  • Requires iOS 6.0+, tvOS 10.2+
  • Supports Device Channel for iOS and tvOS
  • Requires Supervision
  • Requires Addigy MDM

Apple Developer Documentation

Networking Usage

The payload for configuring a device to run a single app.

  • Requires iOS 9.0+
  • Supports Device Channel for iOS
  • Requires Addigy MDM

Apple Developer Documentation

Notifications

The payload for configuring a device to run a single app.

  • Requires iOS 9.3+, macOS 10.15+
  • Supports Device Channel for iOS and macOS
  • Manual Installation Supported for iOS, macOS
  • Requires Supervision for iOS
  • Requires Addigy MDM

Apple Developer Documentation

Web Clip

The profile for configuring web clips on the device.

Use this payload to add web clips to the Home screen of the user’s iOS device or to the Dock on a Mac. Web clips provide fast access to favorite webpages.

For iOS devices, if you prevent the user from removing the web clip, the only way to remove it is to remove the configuration profile that installed it. Also, for iOS devices it must have a display name and an icon URL for the payload to be valid.

A full-screen web clip on iOS devices opens the URL as a web app without a browser (there’s no URL or search bar, and no bookmarks).

For Shared iPad devices, this payload is supported on the user channel only.

  • Requires iOS 4.0+, macOS 10.7+
  • Supports Device Channel for iOS
  • Supports User Channel for macOS and Shared iPad
  • Supports Manual Installation
  • Allows Multiple Payloads
  • Requires Addigy MDM

Apple Developer Documentation

Web Content Filter

The payload for configuring web content filters.

URLs are matched by using string-based root matching. A URL matches an allow list, deny list, or permitted list pattern if the exact characters of the pattern appear as the root of the URL. For example, if test.com/a isn’t allowed, then test.com, test.com/b, and test.com/c/d/e will all be blocked. Matching also discards subdomain prefixes, so if test.com/a isn’t allowed, m.test.com is also blocked.

  • Requires iOS 7.0+, macOS 10.15+
  • Supports Device Channel for iOS, Shared iPad, and macOS
  • Manual Installation Supported for iOS, macOS
  • Requires Supervision for iOS
  • Requires Addigy MDM

Apple Developer Documentation

Copyright © 2024 Addigy.