Menu
iOS Policies
The password dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| allow_simple | Boolean | Optional | true |
| require_alphanumeric | Boolean | Optional | false |
| min_length | Integer | Optional. Values can be from 1 to 16 | |
| min_complex_char | Integer | Optional. Values can be from 1 to 4 | |
| max_pinage_in_days | Integer | Optional. Specifies the number of days for which the passcode can remain unchanged | |
| max_inactivity | Integer | Optional. This dictionary contains email configurations | |
| pin_history | Dictionary | Optional. When the user changes the passcode, it has to be unique within the last N entries in the history. Minimum value is 1, maximum value is 50 | |
| max_grace_period | Integer | Optional. The maximum grace period (in minutes) to unlock the phone without entering a passcode. Supported values are 1, 5, 15, 60 and 240 |
|
| max_failed_attempts | Integer | Optional. Specifies the number of allowed failed attempts to enter the passcode on the device’s lock screen. Supported values are 4, 5, 6, 7, 8, 9 and 10 |
The restrictions dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| allow_app_installation | Boolean | Optional | true |
| allow_airdrop_managemendapps | Boolean | Optional | false |
| allow_camera | Boolean | Optional | true |
| allow_video_conferencing | Boolean | Optional | true |
| allow_screen_shot | Boolean | Optional | false |
| allow_global_background_fetch_when_roaming | Boolean | Optional | true |
| allow_touchId | Boolean | Optional | true |
| allow_assistant | Boolean | Optional | true |
| allow_assistant_while_locked | Boolean | Optional | true |
| allow_voice_dialing | Boolean | Optional | true |
| allow_passbook_while_locked | Boolean | Optional | false |
| allow_inapp_purchases | Boolean | Optional | true |
| force_itunes_store_password_entry | Boolean | Optional | true |
| allow_multiplayer_gaming | Boolean | Optional | true |
| allow_adding_game_center_friends | Boolean | Optional | true |
| allow_enterprise_app_trust | Boolean | Optional | true |
| allow_enterprise_app_trust_modification | Boolean | Optional | true |
| allow_enterprise_book_backup | Boolean | Optional | true |
| allow_managed_app_sync | Boolean | Optional | true |
| allow_youtube | Boolean | Optional | true |
| allow_itunes | Boolean | Optional | true |
| allow_safari | Boolean | Optional | true |
| safari_allow_auto_fill | Boolean | Optional | true |
| safari_force_fraud_warning | Boolean | Optional | false |
| safari_allow_java_script | Boolean | Optional | true |
| safari_allow_popups | Boolean | Optional | true |
| safari_accept_cookies | String | Optional. Values can be always, visited or never | |
| allow_cloud_backup | Boolean | Optional | true |
| allow_cloud_document_sync | Boolean | Optional | true |
| allow_photo_stream | Boolean | Optional | true |
| allow_shared_stream | Boolean | Optional | true |
| allow_icloud_photo | Boolean | Optional | true |
| allow_lockscreen_notify | Boolean | Optional | true |
| allow_lockscreen_todayView | Boolean | Optional | true |
| allow_lockscreen_control | Boolean | Optional | true |
| allow_ota_pki_update | Boolean | Optional | true |
| limit_ad_tracking | Boolean | Optional | false |
| allow_diagnostic_submission | Boolean | Optional | true |
| allow_untrusted_tls_prompt | Boolean | Optional | true |
| force_encrypted_backup | Boolean | Optional | false |
| force_applewatch_Detection | Boolean | Optional | false |
| allow_explicit_content | Boolean | Optional | true |
| allow_bookstore_erotica | Boolean | Optional | false |
| rating_region | String | Optional. Values can be us, au, ca, de, fr, ie, jp, nz or gb | |
| rating_movies | String | Optional. Values can be allow, nc-17, r, pg-13, pg, g or never | |
| rating_tv_shows | String | Optional. Values can be allow, tv-ma, tv-14, tv-pg, tv-g, tv-y7, tv-y or never | |
| rating_apps | String | Values can be allow, 17+, 12+, 9+, 4+, never |
The advanced_restrictions dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| allow_airdrop | Boolean | Optional | true |
| allow_app_cellular_data_modification | Boolean | Optional | true |
| allow_app_removal | Boolean | Optional | true |
| allow_bookstore | Boolean | Optional | true |
| allow_touchId_modify | Boolean | Optional | false |
| allow_chat | Boolean | Optional | true |
| allow_game_center | Boolean | Optional | true |
| allow_host_pairing | Boolean | Optional | true |
| allow_ui_configuration_profile_installation | Boolean | Optional | true |
| allow_podcasts | Boolean | Optional | true |
| allow_definition_lookup | Boolean | Optional | true |
| allow_predictive_keyboard | Boolean | Optional | true |
| allow_auto_correction | Boolean | Optional | true |
| allow_spell_check | Boolean | Optional | true |
| allow_music_service | Boolean | Optional | true |
| allow_radio_service | Boolean | Optional | true |
| allow_news | Boolean | Optional | true |
| allow_ui_app_installation | Boolean | Optional | true |
| allow_keyboard_shortcuts | Boolean | Optional | true |
| allow_paired_watch | Boolean | Optional | true |
| allow_account_modification | Boolean | Optional | true |
| allow_erase_content_and_settings | Boolean | Optional | true |
| allow_assistant_user_generated_content | Boolean | Optional | true |
| allow_find_my_friends_modification | Boolean | Optional | true |
| force_assistant_profanity_filter | Boolean | Optional | false |
| allow_spotlight_internet_results | Boolean | Optional | true |
| allow_enabling_restrictions | Boolean | Optional | true |
| allow_passcode_modification | Boolean | Optional | true |
| allow_device_name_modification | Boolean | Optional | true |
| allow_wallpaper_modification | Boolean | Optional | true |
| allow_notifications_modification | Boolean | Optional | true |
| Allow_automatic_app_downloads | Boolean | Optional | true |
| autonomous_single_apps | Integer array | Optional. Can contain IDs of the iOS apps | An empty list |
The web_content_filter dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| filter_type | String | Required. Values can be white_list or black_list | |
| auto_filter_enabled | Boolean | Optional. Use only when filter_type is black_list | false |
| permitted_urls | String array | Optional. Used only when auto_filter_enabled is true. Otherwise, this field is ignored | |
| blacklisted_urls | String array | Optional. Array of URLs. Use only when filter_type is black_list. Otherwise, this field is ignored | |
| whitelist_urls | String array | Optional. Array of URLs. Use only when filter_type is white_list. Otherwise this field is ignored |
The wifi dictionary payload contain can contain the following keys:
| Argument | Type | Key |
|---|---|---|
| service_set_identifier | String | Required |
| autojoin | Boolean | Optional |
| hidden_network | Boolean | Optional |
| security_type | String | Required. The possible values are None, wep, wpa, any, WEP_Enterprise, WPA_Enterprise, Any_Enterprise, eap |
| proxy_type | String | Optional. Valid values are None, Manual and Auto |
If the security_type field is set to wep, wpa, or any, the following fields must also be provided:
| Argument | Type | Key |
|---|---|---|
| password | String | Required |
If the security_type field is set to WEP_Enterprise, WPA_Enterprise, Any_Enterprise or eap, the following fields may also be provided:
| Argument | Type | Description | Default value |
|---|---|---|---|
| user_name | String | Required | |
| user_password | String | Required if use_per_connection_pwd is set to false | |
| use_per_connection_pwd | Boolean | Optional | false |
| tls | Boolean | Optional | false |
| leap | Boolean | Optional | false |
| ttls | Boolean | Optional | true |
| peap | Boolean | Optional | true |
| eap_fast | Boolean | Optional | false |
| eap_sim | Boolean | Optional | false |
| provision_pac | Boolean | Optional | false |
| provision_pac_anonymously | Boolean | Optional | false |
| use_pac | Boolean | Optional | false |
| inner_authentication | String | Optional. The possible values are PAP, CHAP, MSCHAP, MSCHAPv2 | PAP |
| outer_identity | String | Optional. | None |
If the proxy_type field is set to Manual, the following fields must also be provided:
| Argument | Type | Description |
|---|---|---|
| proxyserver | String | Required. The proxy server’s network address |
| proxy_server_port | Integer | Required. The proxy server’s port |
| proxy_user_name | String | Required. Username used to authenticate the proxy server |
| proxy_password | String | Required. Password used to authenticate proxyserver |
If the proxy_type field is set to Auto, the following field must also be provided:
| Argument | Type | Description |
|---|---|---|
| proxy_pac_url | String | Required. The URL of the PAC file that defines the proxy configuration |
The email dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_description | String | Required. User visible description of the email account | |
| user_display_name | String | Required. Username of the account. Use %name% for user’s name | |
| account_type | String | Required. The possible values are POP and IMAP | |
| imap_path_prefix | String | Optional. Required if account_type is set to IMAP | |
| email_address | String | Required. The email address for the account. Use %email% for user’s email | |
| allow_move | Boolean | Required. The email address for the account. Use %email% for user’s email | false |
| incoming_server_host_name | String | Required. The email address for the account. Use %email% for user’s email | |
| incoming_server_port | Integer | Required. The email address for the account. Use %email% for user’s email | 143 |
| incoming_server_username | String | Required. Use %username% for username | |
| incoming_server_auth | String | Required. Possible values are None, Password, MD5, NTLM and HTTP | |
| incoming_password | String | Required if incoming_server_auth is not None | |
| incoming_server_use_ssl | Boolean | Optional | true |
| out_server_host_name | String | Required. Outgoing mail server host name | |
| out_server_port | Integer | Required | 587 |
| out_server_username | Integer | Required. Value can be null. Use %username% for username | |
| out_server_auth | String | Required. Possible values are None, Password, MD5, NTLM and HTTP | |
| out_pwd_as_incoming_pwd | Boolean | Required if out_server_auth is not None | |
| out_password | String | Required if out_pwd_as_incoming_pwd is set to false | |
| allow_recent_syncing | Boolean | Optional | false |
| mail_app_only | Boolean | Optional. Use only in mail | |
| out_server_use_ssl | Boolean | Optional | true |
| smime_enabled | Boolean | Optional | false |
The activesync dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required | |
| host_name | Boolean | Required | |
| allow_move | Boolean | Optional | false |
| recent_address_syncing | Boolean | Optional | false |
| mail_app_only | Boolean | Optional | false |
| use_ssl | Boolean | Optional | true |
| smime_enabled | Boolean | Optional | false |
| domain | String | Required. Value can be blank. Use %domain% for user’s domain | false |
| username | String | Required. Use %username% for username and %email% for user’s email address | false |
| email_address | String | Required. Use %email% for user’s email address | false |
| password | String | Optional. Value can be null | false |
| no_past_days_to_sync | Integer | Optional. Possible values are 0, 1, 3, 7, 14, 31 | 3 |
| cert_compatible_ios4 | Boolean | Optional | true |
The ldap dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible description of the ldap account. Value can be null | |
| host_name | String | Required | |
| username | String | Required. Value can be null | |
| password | String | Required. Value can be null | |
| use_ssl | Boolean | Optional | true |
The caldav dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible description of the ldap account. Value can be null | |
| host_name | String | Required. Host name of the account | |
| username | String | Required. Username of the account. Value can be null | |
| password | String | Required. Password of the account. Value can be null | |
| use_ssl | Boolean | Optional | true |
| port | Integer | Optional | 80 |
| principal_url | String | Required. Value can be null |
The subscribe_calendar dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible info about the account. Value can be null | |
| url | String | Required | |
| username | String | Required. Value can be null | |
| password | String | Required. Value can be null | |
| use_ssl | Boolean | Optional | true |
The carddav dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible description. Value can be null | |
| host_name | String | Required. | |
| username | String | Required. Username of the account. Value can be null | |
| password | String | Required. Value can be null | |
| use_ssl | Boolean | Optional | true |
| port | Integer | Optional | 8443 |
| principal_url | String | Required. Value can be null |
The webclip dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| label | String | Required. Name of the webclip | |
| is_removable | Boolean | Optional | true |
| url | Boolean | Optional | |
| precomposed_icon | Boolean | Required | false |
| fullscreen_icon | Boolean | Optional | false |
| icon | String | Required. Base64 encoded image |
The access_point dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| apn_name | String | Required | |
| apn_username | String | Required. Value can be null | |
| apn_password | String | Required. Value can be null | |
| proxy_server | String | Optional. Value can be null | |
| proxy_server_port | Integer | Optional | 0 |
The applock dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| app | Integer | Required. App ID | |
| disable_touch | Boolean | Optional | false |
| disable_device_rotation | Boolean | Optional | false |
| disable_volume_buttons | Boolean | Optional | false |
| disable_ringer_switch | Boolean | Optional | false |
| disable_sleep_wake_button | Boolean | Optional | false |
| disable_auto_lock | Boolean | Optional | false |
| enable_voice_over | Boolean | Optional | false |
| enable_zoom | Boolean | Optional | false |
| enable_invert_colors | Boolean | Optional | false |
| enable_assistive_touch | Boolean | Optional | false |
| enable_speak_selection | Boolean | Optional | false |
| voice_over | Boolean | Optional | false |
| zoom | Boolean | Optional | false |
| invert_colors | Boolean | Optional | false |
| assistive_touch | Boolean | Optional | false |
The wallpaper dictionary can contain the following keys:
| Argument | Type | Description |
|---|---|---|
| home_screen_wallpaper | Integer | Required. Base64 encoded image. |
| lock_screen_wallpaper | Boolean | Required. Base64 encoded image. Value can be null |
The globalproxy dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| proxy_type | String | Required. Values can be Manual, Auto | |
| proxyserver | String | Required when proxy_type is set to Manual | |
| proxy_server_port | String | Required when proxy_type is set to Manual | |
| proxy_user_name | String | Required when proxy_type is set to Manual. Value can be null | |
| proxy_password | String | Required when proxy_type is set to Manual. Value can be null | |
| proxy_pac_url | String | Required when proxy_type is set to Auto | |
| proxy_pac_fallback_allowed | Boolean | false | |
| proxy_captive_login_allowed | Boolean | false |
The lock_screen_msg dictionary can contain the following keys:
| Argument | Type | Description |
|---|---|---|
| lock_screen_footnote | String | Required. |
| asset_tag_information | String | Required. Value can be null |
