Custom Profiles for iOS 11.3, macOS 10.13.4, and tvOS 11.3

Apple’s iOS 11.3, macOS 10.13.4, and tvOS 11.3 offer a variety of advanced MDM functionality that can be configured through Profiles in the AirWatch Admin Console.

In order to test the functionality of the following features, admins can use the sample custom profiles to deploy these features to devices running iOS 11.3, macOS 10.13.4, and tvOS 11.3.

The XML code for these custom profiles is listed below and can be implemented using the following procedure.

Using Custom Profiles 

The Custom Settings payload allows admins to enter their own XML into a profile and apply the profile to devices. Follow the steps below using the iOS 11.3, macOS 10.13.4, and tvOS 11.3 code found at the end of this document.

  1. Configure the General payload and deployment options as desired.
  2. If you would like to include any iOS 11 features that are not available in the UI for your version, you can add the associated XML below to the Custom Settings payload for your profile. 
  • This XML should contain the complete block of code as listed below, from <dict> to </dict>. 
  • Administrators should configure each setting from <true /> to <false /> as desired. 
  • If certificates are required, then configure a Certificate payload within the profile and reference the Payload UUID in the Custom Settings payload. See further information within the examples below.

Alternatively, if the provided XML below is part of an existing UI payload (Restrictions, VPN, etc.), admins can follow the steps below to create the custom profiles.

  1. Create a new profile with the respective payload in addition to the General payload.
  2. From your profile list view, select the newly created profile and choose to view XML.
  3. Export or copy the XML of the profile.
  4. Repeat steps #1 and #2 of the Using Custom Profiles except use the XML code that was just exported or copied and add only the bolded text of the XML listed below.

 

iOS 11.3 Custom XML

Restrictions 

<dict>
        <key>allowUSBRestrictedMode</key>
        <true/>
        <key>forceClassroomRequestPermissionToLeaveClasses</key>
        <true/>
        <key>forceDelayedSoftwareUpdates</key>
        <true/>
        <key>enforcedSoftwareUpdateDelay</key>
        <integer>30</integer>
        <key>PayloadDisplayName</key>
        <string>Restrictions</string>
        <key>PayloadDescription</key>
        <string>RestrictionSettings</string>
        <key>PayloadIdentifier</key>
        <string>7480b205-2e1c-40fe-bd59-b53db434652d.Restrictions</string>
        <key>PayloadOrganization</key>
        <string></string>
        <key>PayloadType</key>
        <string>com.apple.applicationaccess</string>
        <key>PayloadUUID</key>
        <string>99b5b40b-5683-4315-9ec2-f9e014a6XXXX</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
</dict>

 

TV Remote 

<dict>

  <key>AllowedTVs</key>

    <array>

      <dict>

        <key>TVDeviceID</key>

        <string>A1:B2:C3:D4:E5:F6</string>

      </dict>

      <dict>

        <key>TVDeviceID</key>

        <string>A2:B3:C4:D5:E6:F7</string>

      </dict>

    </array>

  <key>PayloadDisplayName</key>

  <string>TV Remote</string>

  <key>PayloadDescription</key>

  <string>TVRemoteSettings</string>

  <key>PayloadIdentifier</key>

  <string>7480b205-2e1c-40fe-bd59-b53db434652d.TVRemote</string>

  <key>PayloadOrganization</key>

  <string></string>

  <key>PayloadType</key>

  <string>com.apple.tvremote</string>

  <key>PayloadUUID</key>

  <string>99b5b40b-5683-4315-9ec2-f9e014a6XXXX</string>

  <key>PayloadVersion</key>

  <integer>1</integer>

</dict>

 

Home Screen Layout

NOTE: Web clips should be configured and deployed using the current web clip payload UI

<dict>

    <key>Dock</key>

    <array>

        <dict>

            <key>Type</key>

            <string>WebClip</string>

            <key>URL</key>

            <string>https://google.com</string>

        </dict>

    </array>

    <key>Pages</key>

    <array>

        <array>

            <dict>

                <key>Type</key>

                <string>WebClip</string>

                <key>URL</key>

                <string>https://yahoo.com</string>

            </dict>

            <dict>

                <key>Type</key>

                <string>Folder</string>

                <key>DisplayName</key>

                <string>My Web Clip</string>

                <key>Pages</key>

                <array>

                    <array>

                        <dict>

                            <key>Type</key>

                            <string>WebClip</string>

                            <key>URL</key>

                            <string>https://www.vmware.com</string>

                        </dict>

                    </array>

                </array>

            </dict>

        </array>

    </array>

    <key>PayloadDisplayName</key>

    <string>Home Screen Layout</string>

    <key>PayloadDescription</key>

    <string>HomeScreenLayout</string>

    <key>PayloadIdentifier</key>

    <string>97213d06-b750-466b-8a89-782d8a406f86.Home Screen Layout</string>

    <key>PayloadOrganization</key>

    <string></string>

    <key>PayloadType</key>

    <string>com.apple.homescreenlayout</string>

    <key>PayloadUUID</key>

    <string>2fa8fe03-30fa-4189-aa00-ba752eabXXXX</string>

    <key>PayloadVersion</key>

    <integer>1</integer>

</dict>

 

Enable Bluetooth Command

For instructions on custom commands, please refer to the page here. Unlike custom profiles, the payload content and UUID are not required for these commands. This command will not take place if the Allow Bluetooth Settings Modification restriction is enforced. 

<dict>

  <key>RequestType</key>

  <string>Settings</string>

  <key>Settings</key>

  <array>

    <dict>

      <key>Item</key>

      <string>Bluetooth</string>

      <key>Enabled</key>

      <true/>

    </dict>

  </array>

</dict>

 

Disable Bluetooth Command

<dict>

  <key>RequestType</key>

  <string>Settings</string>

  <key>Settings</key>

  <array>

    <dict>

      <key>Item</key>

      <string>Bluetooth</string>

      <key>Enabled</key>

      <false/>

    </dict>

  </array>

</dict>

 

macOS 10.13.4 Custom XML

Restrictions 

<dict>
        <key>forceDelayedSoftwareUpdates</key>
        <true/>
        <key>enforcedSoftwareUpdateDelay</key>
        <integer>30</integer>
        <key>PayloadDisplayName</key>
        <string>Restrictions</string>
        <key>PayloadDescription</key>
        <string>RestrictionSettings</string>
        <key>PayloadIdentifier</key>
        <string>7480b205-2e1c-40fe-bd59-b53db434652d.Restrictions</string>
        <key>PayloadOrganization</key>
        <string></string>
        <key>PayloadType</key>
        <string>com.apple.applicationaccess</string>
        <key>PayloadUUID</key>
        <string>99b5b40b-5683-4315-9ec2-f9e014a6XXXX</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
</dict>

 

Autonomous Single App (ASA) Mode

<dict>

    <key>AllowedApplications</key>

    <array>

      <dict>

        <key>BundleIdentifier</key>

        <string>com.sample.app1</string>

        <key>TeamIdentifier</key>

        <string>ABCDEFG1HI</string>

      </dict>

      <dict>

        <key>BundleIdentifier</key>

        <string>com.sample.app2</string>

        <key>TeamIdentifier</key>

        <string>ABCDEFG1HI</string>

      </dict>

    </array>

    <key>PayloadDisplayName</key>

    <string>Autonomous Single App Mode</string>

    <key>PayloadDescription</key>

    <string>AutonomousSingleAppMode</string>

    <key>PayloadIdentifier</key>

    <string>7480b205-2e1c-40fe-bd59-b53db434652d.AutonomousSingleAppMode</string>

    <key>PayloadOrganization</key>

    <string></string>

    <key>PayloadType</key>

    <string>com.apple.asam</string>

    <key>PayloadUUID</key>

    <string>91b5e40b-5683-4376-9ec2-f9e214a6XXXX</string>

    <key>PayloadVersion</key>

    <integer>1</integer>

</dict>

 

Important Notes on Autonomous Single App Mode profile:

  • Can only be installed on User Approved MDM Enrolled devices. Must be installed as Device profile. Only one payload allowed per machine.
  • To be granted access, applications must be signed with the specified Bundle Identifier and Team Identifier using an Apple-issued production developer certificate. Applications must specify the com.apple.developer.assessment entitlement with a value of true.
  • The application’s bundle identifier. BundleIdentifier must be unique. If two dictionaries contain the same BundleIdentifier but different TeamIdentifiers, this will be considered a hard error and the payload will not be installed.

 

To check if the .app has the correct entitlement noted above:

codesign –d --entitlements - /Applications/Example.app

This will print out XML with the entitlements. It needs to have the com.apple.developer.assessment entitlement with a value of true.

 

To get the Bundle & Team Identifier for an .app:

codesign –dvvvv /Applications/Example.app

The Bundle Identifier will be in the ‘Identifier’ field. The Team Identifier will be a 10 character string in the ‘TeamIdentifier’ field. 

 

Content Caching

<dict>

    <key>AllowPersonalCaching</key>

    <true/>

    <key>AllowSharedCaching</key>

    <true/>

    <key>AutoActivation</key>

    <true/>

    <key>CacheLimit</key>

    <integer>100000000</integer> <!--100 MB example-->

    <key>DataPath</key>

    <string>/Library/Application Support/Apple/AssetCache/Data</string>

    <key>DenyTetheredCaching</key>

    <false/>

    <key>ListenRanges</key>

    <array>

      <dict>

        <key>type</key>

        <string>IPV4</string>

        <key>first</key>

        <string>0.0.0.0</string>

        <key>last</key>

        <string>255.255.255.255</string>

      </dict>

    </array>

    <key>ListenRangesOnly</key>

    <false/>

    <key>ListenWithPeersAndParents</key>

    <true/>

    <key>LocalSubnetsOnly</key>

    <true/>

    <key>LogClientIdentity</key>

    <false/>

    <key>Parents</key>

    <array>

      <string>1.1.1.1</string>

      <string>2.2.2.2</string>

    </array>

    <key>ParentSelectionPolicy</key>

    <string>round-robin</string> <!-- Possible values are round-robin, first-available, url-path-hash, random, and sticky-available-->

    <key>PeerFilterRanges</key>

    <array>

      <dict>

        <key>type</key>

        <string>IPV4</string>

        <key>first</key>

        <string>0.0.0.0</string>

        <key>last</key>

        <string>255.255.255.255</string>

      </dict>

    </array>

    <key>PeerListenRanges</key>

    <array>

      <dict>

        <key>type</key>

        <string>IPV4</string>

        <key>first</key>

        <string>0.0.0.0</string>

        <key>last</key>

        <string>255.255.255.255</string>

      </dict>

    </array>

    <key>PeerLocalSubnetsOnly</key>

    <true/>

    <key>Port</key>

    <integer>0</integer>

    <key>PublicRanges</key>

    <array>

      <dict>

        <key>type</key>

        <string>IPV4</string>

        <key>first</key>

        <string>0.0.0.0</string>

        <key>last</key>

        <string>255.255.255.255</string>

      </dict>

    </array>

    <key>PayloadDisplayName</key>

    <string>Content Caching</string>

    <key>PayloadDescription</key>

    <string>ContentCaching</string>

    <key>PayloadIdentifier</key>

    <string>7480b205-2e1c-40fe-bd59-b53db434652d.ContentCaching</string>

    <key>PayloadOrganization</key>

    <string></string>

    <key>PayloadType</key>

    <string>com.apple.AssetCache.managed</string>

    <key>PayloadUUID</key>

    <string>98f5b40b-5683-2415-9ec2-f9e014a6XXXX</string>

    <key>PayloadVersion</key>

    <integer>1</integer>

</dict>

 

tvOS 11.3 Custom XML

Restrictions 

<dict>

    <key>allowExplicitContent</key>

    <false />

    <key>ratingApps</key>

    <integer>300</integer>

    <key>ratingMovies</key>

    <integer>300</integer>

    <key>ratingRegion</key>

    <string>us</string>

    <key>ratingTVShows</key>

    <integer>400</integer>

    <key>allowBookstoreErotica</key>

    <false />

    <key>PayloadDisplayName</key>

    <string>Restrictions</string>

    <key>PayloadDescription</key>

    <string>RestrictionSettings</string>

    <key>PayloadIdentifier</key>

    <string>6e466d35-6efa-4af9-9a7e-eb7abe4c8fa1.Restrictions</string>

    <key>PayloadOrganization</key>

    <string></string>

    <key>PayloadType</key>

    <string>com.apple.applicationaccess</string>

    <key>PayloadUUID</key>

    <string>4e1419ff-3e4b-4e93-84f8-4b640581398c</string>

    <key>PayloadVersion</key>

    <integer>1</integer>

</dict>

 

TV Remote 

<dict>

    <key>AllowedRemotes</key>

    <array>

        <dict>

            <key>RemoteDeviceID</key>

            <string>A1:B2:C3:D4:E5:F6</string>

        </dict>

        <dict>

            <key>RemoteDeviceID</key>

            <string>A2:B3:C4:D5:E6:F7</string>

        </dict>

    </array>

    <key>PayloadDisplayName</key>

    <string>TV Remote</string>

    <key>PayloadDescription</key>

    <string>TVRemoteSettings</string>

    <key>PayloadIdentifier</key>

    <string>7480b205-2e1c-40fe-bd59-b53db434652d.TVRemote</string>

    <key>PayloadOrganization</key>

    <string></string>

    <key>PayloadType</key>

    <string>com.apple.tvremote</string>

    <key>PayloadUUID</key>

    <string>99b5b40b-5683-4315-9ec2-f9e014a6XXXX</string>

    <key>PayloadVersion</key>

    <integer>1</integer>

</dict>

Other Languages: 日本語

Have more questions? Submit a request

0 Comments

Article is closed for comments.