iOS Policies

The password dictionary can contain the following keys:

Argument Type Description Default value
allow_simple Boolean Optional true
require_alphanumeric Boolean Optional false
min_length Integer Optional. Values can be from 1 to 16
min_complex_char Integer Optional. Values can be from 1 to 4
max_pinage_in_days Integer Optional. Specifies the number of days for which the passcode can remain unchanged
max_inactivity Integer Optional. This dictionary contains email configurations
pin_history Dictionary Optional. When the user changes the passcode, it has to be unique within the last N entries in the history. Minimum value is 1, maximum value is 50
max_grace_period Integer Optional. The maximum grace period (in minutes) to unlock the phone without entering a passcode.
Supported values are 1, 5, 15, 60 and 240
max_failed_attempts Integer Optional. Specifies the number of allowed failed attempts to enter the passcode on the device’s lock screen.
Supported values are 4, 5, 6, 7, 8, 9 and 10

The restrictions dictionary can contain the following keys:

Argument Type Description Default value
allow_app_installation Boolean Optional true
allow_airdrop_managemendapps Boolean Optional false
allow_camera Boolean Optional true
allow_video_conferencing Boolean Optional true
allow_screen_shot Boolean Optional false
allow_global_background_fetch_when_roaming Boolean Optional true
allow_touchId Boolean Optional true
allow_assistant Boolean Optional true
allow_assistant_while_locked Boolean Optional true
allow_voice_dialing Boolean Optional true
allow_passbook_while_locked Boolean Optional false
allow_inapp_purchases Boolean Optional true
force_itunes_store_password_entry Boolean Optional true
allow_multiplayer_gaming Boolean Optional true
allow_adding_game_center_friends Boolean Optional true
allow_enterprise_app_trust Boolean Optional true
allow_enterprise_app_trust_modification Boolean Optional true
allow_enterprise_book_backup Boolean Optional true
allow_managed_app_sync Boolean Optional true
allow_youtube Boolean Optional true
allow_itunes Boolean Optional true
allow_safari Boolean Optional true
safari_allow_auto_fill Boolean Optional true
safari_force_fraud_warning Boolean Optional false
safari_allow_java_script Boolean Optional true
safari_allow_popups Boolean Optional true
safari_accept_cookies String Optional. Values can be always, visited or never
allow_cloud_backup Boolean Optional true
allow_cloud_document_sync Boolean Optional true
allow_photo_stream Boolean Optional true
allow_shared_stream Boolean Optional true
allow_icloud_photo Boolean Optional true
allow_lockscreen_notify Boolean Optional true
allow_lockscreen_todayView Boolean Optional true
allow_lockscreen_control Boolean Optional true
allow_ota_pki_update Boolean Optional true
limit_ad_tracking Boolean Optional false
allow_diagnostic_submission Boolean Optional true
allow_untrusted_tls_prompt Boolean Optional true
force_encrypted_backup Boolean Optional false
force_applewatch_Detection Boolean Optional false
allow_explicit_content Boolean Optional true
allow_bookstore_erotica Boolean Optional false
rating_region String Optional. Values can be us, au, ca, de, fr, ie, jp, nz or gb
rating_movies String Optional. Values can be allow, nc-17, r, pg-13, pg, g or never
rating_tv_shows String Optional. Values can be allow, tv-ma, tv-14, tv-pg, tv-g, tv-y7, tv-y or never
rating_apps String Values can be allow, 17+, 12+, 9+, 4+, never

The advanced_restrictions dictionary can contain the following keys:

Argument Type Description Default value
allow_airdrop Boolean Optional true
allow_app_cellular_data_modification Boolean Optional true
allow_app_removal Boolean Optional true
allow_bookstore Boolean Optional true
allow_touchId_modify Boolean Optional false
allow_chat Boolean Optional true
allow_game_center Boolean Optional true
allow_host_pairing Boolean Optional true
allow_ui_configuration_profile_installation Boolean Optional true
allow_podcasts Boolean Optional true
allow_definition_lookup Boolean Optional true
allow_predictive_keyboard Boolean Optional true
allow_auto_correction Boolean Optional true
allow_spell_check Boolean Optional true
allow_music_service Boolean Optional true
allow_radio_service Boolean Optional true
allow_news Boolean Optional true
allow_ui_app_installation Boolean Optional true
allow_keyboard_shortcuts Boolean Optional true
allow_paired_watch Boolean Optional true
allow_account_modification Boolean Optional true
allow_erase_content_and_settings Boolean Optional true
allow_assistant_user_generated_content Boolean Optional true
allow_find_my_friends_modification Boolean Optional true
force_assistant_profanity_filter Boolean Optional false
allow_spotlight_internet_results Boolean Optional true
allow_enabling_restrictions Boolean Optional true
allow_passcode_modification Boolean Optional true
allow_device_name_modification Boolean Optional true
allow_wallpaper_modification Boolean Optional true
allow_notifications_modification Boolean Optional true
Allow_automatic_app_downloads Boolean Optional true
autonomous_single_apps Integer array Optional. Can contain IDs of the iOS apps An empty list

The web_content_filter dictionary can contain the following keys:

Argument Type Description Default value
filter_type String Required. Values can be white_list or black_list
auto_filter_enabled Boolean Optional. Use only when filter_type is black_list false
permitted_urls String array Optional. Used only when auto_filter_enabled is true. Otherwise, this field is ignored
blacklisted_urls String array Optional. Array of URLs. Use only when filter_type is black_list. Otherwise, this field is ignored
whitelist_urls String array Optional. Array of URLs. Use only when filter_type is white_list. Otherwise this field is ignored

The wifi dictionary payload contain can contain the following keys:

Argument Type Key
service_set_identifier String Required
autojoin Boolean Optional
hidden_network Boolean Optional
security_type String Required. The possible values are None, wep, wpa, any, WEP_Enterprise, WPA_Enterprise, Any_Enterprise, eap
proxy_type String Optional. Valid values are None, Manual and Auto

If the security_type field is set to wep, wpa, or any, the following fields must also be provided:

Argument Type Key
password String Required

If the security_type field is set to WEP_Enterprise, WPA_Enterprise, Any_Enterprise or eap, the following fields may also be provided:

Argument Type Description Default value
user_name String Required
user_password String Required if use_per_connection_pwd is set to false
use_per_connection_pwd Boolean Optional false
tls Boolean Optional false
leap Boolean Optional false
ttls Boolean Optional true
peap Boolean Optional true
eap_fast Boolean Optional false
eap_sim Boolean Optional false
provision_pac Boolean Optional false
provision_pac_anonymously Boolean Optional false
use_pac Boolean Optional false
inner_authentication String Optional. The possible values are PAP, CHAP, MSCHAP, MSCHAPv2 PAP
outer_identity String Optional. None

If the proxy_type field is set to Manual, the following fields must also be provided:

Argument Type Description
proxyserver String Required. The proxy server’s network address
proxy_server_port Integer Required. The proxy server’s port
proxy_user_name String Required. Username used to authenticate the proxy server
proxy_password String Required. Password used to authenticate proxyserver

If the proxy_type field is set to Auto, the following field must also be provided:

Argument Type Description
proxy_pac_url String Required. The URL of the PAC file that defines the proxy configuration

The email dictionary can contain the following keys:

Argument Type Description Default value
account_description String Required. User visible description of the email account
user_display_name String Required. Username of the account. Use %name% for user’s name
account_type String Required. The possible values are POP and IMAP
imap_path_prefix String Optional. Required if account_type is set to IMAP
email_address String Required. The email address for the account. Use %email% for user’s email
allow_move Boolean Required. The email address for the account. Use %email% for user’s email false
incoming_server_host_name String Required. The email address for the account. Use %email% for user’s email
incoming_server_port Integer Required. The email address for the account. Use %email% for user’s email 143
incoming_server_username String Required. Use %username% for username
incoming_server_auth String Required. Possible values are None, Password, MD5, NTLM and HTTP
incoming_password String Required if incoming_server_auth is not None
incoming_server_use_ssl Boolean Optional true
out_server_host_name String Required. Outgoing mail server host name
out_server_port Integer Required 587
out_server_username Integer Required. Value can be null. Use %username% for username
out_server_auth String Required. Possible values are None, Password, MD5, NTLM and HTTP
out_pwd_as_incoming_pwd Boolean Required if out_server_auth is not None
out_password String Required if out_pwd_as_incoming_pwd is set to false
allow_recent_syncing Boolean Optional false
mail_app_only Boolean Optional. Use only in mail
out_server_use_ssl Boolean Optional true
smime_enabled Boolean Optional false

The activesync dictionary can contain the following keys:

Argument Type Description Default value
account_name String Required
host_name Boolean Required
allow_move Boolean Optional false
recent_address_syncing Boolean Optional false
mail_app_only Boolean Optional false
use_ssl Boolean Optional true
smime_enabled Boolean Optional false
domain String Required. Value can be blank. Use %domain% for user’s domain false
username String Required. Use %username% for username and %email% for user’s email address false
email_address String Required. Use %email% for user’s email address false
password String Optional. Value can be null false
no_past_days_to_sync Integer Optional. Possible values are 0, 1, 3, 7, 14, 31 3
cert_compatible_ios4 Boolean Optional true

The ldap dictionary can contain the following keys:

Argument Type Description Default value
account_name String Required. Visible description of the ldap account. Value can be null
host_name String Required
username String Required. Value can be null
password String Required. Value can be null
use_ssl Boolean Optional true

The caldav dictionary can contain the following keys:

Argument Type Description Default value
account_name String Required. Visible description of the ldap account. Value can be null
host_name String Required. Host name of the account
username String Required. Username of the account. Value can be null
password String Required. Password of the account. Value can be null
use_ssl Boolean Optional true
port Integer Optional 80
principal_url String Required. Value can be null

The subscribe_calendar dictionary can contain the following keys:

Argument Type Description Default value
account_name String Required. Visible info about the account. Value can be null
url String Required
username String Required. Value can be null
password String Required. Value can be null
use_ssl Boolean Optional true

The carddav dictionary can contain the following keys:

Argument Type Description Default value
account_name String Required. Visible description. Value can be null
host_name String Required.
username String Required. Username of the account. Value can be null
password String Required. Value can be null
use_ssl Boolean Optional true
port Integer Optional 8443
principal_url String Required. Value can be null

The webclip dictionary can contain the following keys:

Argument Type Description Default value
label String Required. Name of the webclip
is_removable Boolean Optional true
url Boolean Optional
precomposed_icon Boolean Required false
fullscreen_icon Boolean Optional false
icon String Required. Base64 encoded image

The access_point dictionary can contain the following keys:

Argument Type Description Default value
apn_name String Required
apn_username String Required. Value can be null
apn_password String Required. Value can be null
proxy_server String Optional. Value can be null
proxy_server_port Integer Optional 0

The applock dictionary can contain the following keys:

Argument Type Description Default value
app Integer Required. App ID
disable_touch Boolean Optional false
disable_device_rotation Boolean Optional false
disable_volume_buttons Boolean Optional false
disable_ringer_switch Boolean Optional false
disable_sleep_wake_button Boolean Optional false
disable_auto_lock Boolean Optional false
enable_voice_over Boolean Optional false
enable_zoom Boolean Optional false
enable_invert_colors Boolean Optional false
enable_assistive_touch Boolean Optional false
enable_speak_selection Boolean Optional false
voice_over Boolean Optional false
zoom Boolean Optional false
invert_colors Boolean Optional false
assistive_touch Boolean Optional false

The wallpaper dictionary can contain the following keys:

Argument Type Description
home_screen_wallpaper Integer Required. Base64 encoded image.
lock_screen_wallpaper Boolean Required. Base64 encoded image. Value can be null

The globalproxy dictionary can contain the following keys:

Argument Type Description Default value
proxy_type String Required. Values can be Manual, Auto
proxyserver String Required when proxy_type is set to Manual
proxy_server_port String Required when proxy_type is set to Manual
proxy_user_name String Required when proxy_type is set to Manual. Value can be null
proxy_password String Required when proxy_type is set to Manual. Value can be null
proxy_pac_url String Required when proxy_type is set to Auto
proxy_pac_fallback_allowed Boolean false
proxy_captive_login_allowed Boolean false

The lock_screen_msg dictionary can contain the following keys:

Argument Type Description
lock_screen_footnote String Required.
asset_tag_information String Required. Value can be null
Bitnami