{"id":4791,"date":"2023-11-16T07:45:46","date_gmt":"2023-11-16T07:45:46","guid":{"rendered":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/?page_id=4791"},"modified":"2026-03-18T11:53:29","modified_gmt":"2026-03-18T11:53:29","slug":"macos-policies","status":"publish","type":"page","link":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/policies\/macos-policies\/","title":{"rendered":"macOS Policies"},"content":{"rendered":"
\n
\n

macOS Policies<\/h2>\n

The password<\/strong> dictionary can contain the following keys:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
allow_simple<\/td>\nBoolean<\/td>\nOptional.<\/td>\ntrue<\/td>\n<\/tr>\n
require_alphanumeric<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
change_at_next_auth<\/td>\nBoolean<\/td>\nOptional. The option to enforce password change in the next login.<\/td>\nfalse<\/td>\n<\/tr>\n
min_length<\/td>\nInteger<\/td>\nOptional. Values can be from 1 to 16.<\/td>\n<\/td>\n<\/tr>\n
min_complex_chars<\/td>\nInteger<\/td>\nOptional. Values can be from 1 to 4.<\/td>\n<\/td>\n<\/tr>\n
max_pinage_in_days<\/td>\nInteger<\/td>\nOptional. Values can be from 0 to 730. Specifies the maximum number of days the passcode can be used before expiration<\/td>\n<\/td>\n<\/tr>\n
max_inactivity<\/td>\nString<\/td>\nOptional.Specifies the maximum period of inactivity before the device locks. Values can be never, 1_mintue, 2_minutes, 3_minutes, 4_minutes, 5_minutes, 10_minutes, or 15_minutes.<\/td>\nnever<\/td>\n<\/tr>\n
pin_history<\/td>\nInteger<\/td>\nOptional. Values can be from 0 to 50.<\/td>\n0<\/td>\n<\/tr>\n
max_grace_period<\/td>\nString<\/td>\nOptional. Values can be none, immediately,1_minute, 5_minutes, 15_minutes, 1_hour, or 4_hours.<\/td>\nnone<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The wifi<\/strong> dictionary contains the following keys:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
service_set_identifier<\/td>\nString<\/td>\nRequired.<\/td>\n<\/td>\n<\/tr>\n
autojoin<\/td>\nBoolean<\/td>\nOptional.<\/td>\ntrue<\/td>\n<\/tr>\n
hidden_network<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
security_type<\/td>\nString<\/td>\nOptional. The possible values are none<\/strong>, WEP<\/strong>, WPA\/WPA2<\/strong>, Any*(Personal)<\/strong>, WEP_Enterprise<\/strong>, WPA\/WPA2_Enterprise<\/strong>, or Any*(Enterprise)<\/strong>.<\/td>\nAny*(Personal)<\/td>\n<\/tr>\n
password<\/td>\nString<\/td>\nRequired if WEP, WPA\/WPA2 or Any*(Personal) is set.<\/td>\n<\/td>\n<\/tr>\n
proxy_type<\/td>\nString<\/td>\nOptional. The possible values are None<\/strong>, Manual<\/strong> or Automatic<\/strong>.<\/td>\nNone<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

If the proxy_type<\/strong> field is set to Manual or Automatic, the following fields must also be provided:<\/p>\n

\n\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n<\/tr>\n<\/thead>\n
proxyserver<\/td>\nString<\/td>\nRequired when proxy_type is Manual. The proxy server\u2019s network address.<\/td>\n<\/tr>\n
proxy_server_port<\/td>\nInteger<\/td>\nRequired when proxy_type is Manual. The proxy server\u2019s port number.<\/td>\n<\/tr>\n
proxy_user_name<\/td>\nString<\/td>\nRequired when proxy_type is Manual. Username for proxy authentication.<\/td>\n<\/tr>\n
proxy_password<\/td>\nString<\/td>\nRequired when proxy_type is Manual. Password for proxy authentication.<\/td>\n<\/tr>\n
proxy_pac_url<\/td>\nString<\/td>\nRequired when proxy_type is Automatic. The URL of the Proxy Auto Configuration (PAC) file.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

If the security_type<\/strong> field is set to Enterprise network options namely WEP_Enterprise, WPA\/WPA2_Enterprise, or Any*(Enterprise), the following fields must also be provided:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
tls<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
leap<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
eap_fast<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
user_password<\/td>\nString<\/td>\nThe user password for authentication.<\/td>\n<\/td>\n<\/tr>\n
outer_identity<\/td>\nString<\/td>\nThe outer identity for authentication.<\/td>\n<\/td>\n<\/tr>\n
inner_authentication<\/td>\nString<\/td>\nAvailable if eap_fast is enabled. The inner authentication method for EAP. Values can be PAP, CHAP, MSCHAP, or MSCHAPv2<\/td>\nPAP<\/td>\n<\/tr>\n
identity_cert_id<\/td>\nString<\/td>\nThe ID of the identity certificate for authentication.<\/td>\n<\/td>\n<\/tr>\n
provision_pac<\/td>\nBoolean<\/td>\nAvailable if eap_fast is enabled.<\/td>\ntrue<\/td>\n<\/tr>\n
provision_pac_anonymously<\/td>\nBoolean<\/td>\nAvailable if eap_fast is enabled.<\/td>\nfalse<\/td>\n<\/tr>\n
user_name<\/td>\nString<\/td>\nThe username for authentication.<\/td>\n<\/td>\n<\/tr>\n
ttls<\/td>\nBoolean<\/td>\nOptional.<\/td>\ntrue<\/td>\n<\/tr>\n
peap<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
eap_sim<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
use_per_connection_pwd<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
use_pac<\/td>\nBoolean<\/td>\nOptional.<\/td>\ntrue<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The vpn<\/strong> dictionary payload can contain the following keys<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
certificate_id<\/td>\nString<\/td>\nRequired when machine_authentication is a certificate.<\/td>\n<\/td>\n<\/tr>\n
account<\/td>\nString<\/td>\nOptional. The username for the connection.<\/td>\n<\/td>\n<\/tr>\n
connection_name<\/td>\nString<\/td>\nOptional.<\/td>\n<\/td>\n<\/tr>\n
connection_type<\/td>\nString<\/td>\nOptional. Values can be L2TP, PPTP, IPSec(Cisco), Cisco_AnyConnect, Juniper_SSL, F5_SSL, SonicWALL_Mobile_Connect, Aruba_VIA, Check_Point_Mobile_VPN and Open_VPN.<\/td>\nL2TP<\/td>\n<\/tr>\n
encryption_level<\/td>\nString<\/td>\nAvailable when the connection type is PPTP. Values can be None, Automatic, or Maximum(128_bit).<\/td>\nNone<\/td>\n<\/tr>\n
group<\/td>\nString<\/td>\nSpecifies group information. Available when the connection type is Cisco_AnyConnect.<\/td>\n<\/tr>\n
identifier<\/td>\nString<\/td>\nOptional. Specifies the identifier for the connection.<\/td>\n<\/td>\n<\/tr>\n
include_user_pin<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
ipsec_account<\/td>\nString<\/td>\nOptional. The IPSec account information.<\/td>\n<\/td>\n<\/tr>\n
ipsec_auth_password<\/td>\nString<\/td>\nOptional. The password for IPSec authentication.<\/td>\n<\/td>\n<\/tr>\n
ipsec_certificate_id<\/td>\nString<\/td>\nOptional. The ID of the IPSec certificate.<\/td>\n<\/td>\n<\/tr>\n
ipsec_group_name<\/td>\nString<\/td>\nOptional.<\/td>\n<\/td>\n<\/tr>\n
ipsec_shared_secret<\/td>\nString<\/td>\nOptional.<\/td>\n<\/td>\n<\/tr>\n
l2tp_account<\/td>\nString<\/td>\nOptional. The L2TP account information.<\/td>\n<\/td>\n<\/tr>\n
l2tp_password<\/td>\nString<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
l2tp_server<\/td>\nString<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
l2tp_shared_secret<\/td>\nString<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
l2tp_user_authentication<\/td>\nString<\/td>\nThe authentication method for an L2TP user. Values can be\u2018RSA_SecureID\u2019, or \u2018Password\u2019.<\/td>\n\u2018RSA_SecureID\u2019<\/td>\n<\/tr>\n
l2tp_user_authentication_method<\/td>\nInteger<\/td>\nOptional.<\/td>\n1<\/td>\n<\/tr>\n
login_group <\/td>\nString<\/td>\nRequired when the connection type is SONIC_WALL_Mobile_Connect. Specifies the login group information.<\/td>\n<\/td>\n<\/tr>\n
machine_authentication<\/td>\nString<\/td>\nRequired when the connection type is IPSec(Cisco). The type of machine authentication. Values can be certificate, or shared_secret\/group_name<\/td>\nshared_secret\/group_name.<\/td>\n<\/tr>\n
password<\/td>\nString<\/td>\nOptional. The password for authentication.<\/td>\n<\/td>\n<\/tr>\n
prompt_for_password<\/td>\nString<\/td>\nOptional.<\/td>\n<\/td>\n<\/tr>\n
proxy_pac_url<\/td>\nString<\/td>\nRequired when proxy_type is Automatic<\/td>\n<\/td>\n<\/tr>\n
proxy_password<\/td>\nString<\/td>\nAvailable when proxy_type is Manual<\/td>\n<\/td>\n<\/tr>\n
proxy_server_port<\/td>\nInteger<\/td>\nRequired when proxy_type is Manual<\/td>\n<\/td>\n<\/tr>\n
proxy_type<\/td>\nString<\/td>\nValues can be \u2018None\u2019, \u2018Manual\u2019 or \u2018Automatic\u2019.<\/td>\n‘None’<\/td>\n<\/tr>\n
proxy_user_name<\/td>\nString<\/td>\nAvailable when proxy_type is Manual. Specifies the username for proxy authentication<\/td>\n<\/td>\n<\/tr>\n
proxyserver<\/td>\nString<\/td>\nRequired when proxy_type is Manual. The server address of proxy.<\/td>\n<\/td>\n<\/tr>\n
realm<\/td>\nString<\/td>\nOptional. Specifies the realm information.<\/td>\n<\/td>\n<\/tr>\n
remote_address<\/td>\nString<\/td>\nOptional. Specifies the remote address for the connection.<\/td>\n<\/td>\n<\/tr>\n
role<\/td>\nString<\/td>\nOptional.Specifies the role information<\/td>\n<\/td>\n<\/tr>\n
send_all_traffic<\/td>\nBoolean<\/td>\nOptional. The option to enable sending of all traffic through the connection.<\/td>\nfalse<\/td>\n<\/tr>\n
server<\/td>\nString<\/td>\nOptional. Specifies the server information.<\/td>\n<\/td>\n<\/tr>\n
use_hybrid_authentication<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
user_authentication_type<\/td>\nString<\/td>\nOptional. Values can be \u2018password\u2019 or \u2018certificate\u2019.<\/td>\n<\/td>\n<\/tr>\n
enable_vpn_ondemand<\/td>\nInteger<\/td>\nOptional.<\/td>\n0<\/td>\n<\/tr>\n
http_enable<\/td>\nInteger<\/td>\nOptional.<\/td>\n0<\/td>\n<\/tr>\n
https_enable<\/td>\nInteger<\/td>\nOptional.<\/td>\n0<\/td>\n<\/tr>\n
proxy_autoconfig<\/td>\nString<\/td>\nOptional.<\/td>\n<\/td>\n<\/tr>\n
https_proxyserver<\/td>\nString<\/td>\nOptional. Specifies the server address of the HTTPS proxy server.<\/td>\n<\/td>\n<\/tr>\n
https_proxy_server_port<\/td>\nInteger<\/td>\nOptional. Specifies the port number of the HTTPS proxy server.<\/td>\n<\/td>\n<\/tr>\n
connection_sub_type<\/td>\nString<\/td>\nOptional.<\/td>\n<\/td>\n<\/tr>\n
auth_protocol<\/td>\nBoolean<\/td>\nOptional. The option to enable authentication protocol.<\/td>\nfalse<\/td>\n<\/tr>\n
auth_plugins<\/td>\nBoolean<\/td>\nOptional. The option to enable authentication plugins.<\/td>\nfalse<\/td>\n<\/tr>\n
token_key<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
ipsec_auth_enabled<\/td>\nInteger<\/td>\nOptional.<\/td>\n1<\/td>\n<\/tr>\n
local_identifier_type<\/td>\nString<\/td>\nOptional.<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The firewall<\/strong> dictionary payload can contain the following keys<\/p>\n

\n\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
firewall_enabled<\/td>\nString<\/td>\nOptional. Values can be allow_incoming_connections or block_incoming_connections<\/td>\nallow_incoming_connections<\/td>\n<\/tr>\n
Enable_Firewall<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
Block_AllIncoming<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
Enable_StealthMode<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
application<\/td>\nArray<\/td>\nOptional. The application details to be included in Firewall. The details should be in the following format [{app_name:\u201d, app_id:\u201d, identifier:\u201d}].<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The filevault<\/strong> dictionary payload can contain the following keys<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
preventfromdisabled<\/td>\nBoolean<\/td>\nOptional. The option to prevent users from turning off FileVault encryption on the device.<\/td>\nfalse<\/td>\n<\/tr>\n
escrow_recovery_key<\/td>\nBoolean<\/td>\nOptional. The option to encrypt the key with a certificate and escrow it to Hexnode for safekeeping.<\/td>\nfalse<\/td>\n<\/tr>\n
preventfromenabled<\/td>\nBoolean<\/td>\nOptional. The option to prevent users from turning on FileVault encryption on the device.<\/td>\nfalse<\/td>\n<\/tr>\n
escrow_encryption-key_manual<\/td>\nBoolean<\/td>\nOptional. The possible value is allow_hexnode_to_automatically_to_encrypt_and_decrypt_the_recovery_key.<\/td>\nallow_hexnode_to_automatically_to_encrypt_and_decrypt_the_recovery_key<\/td>\n<\/tr>\n
unlock_hibernation<\/td>\nBoolean<\/td>\nOptional.The option to enforce the use of the device password for unlocking FileVault after hibernation and for restoring the disk to its most recent saved state.<\/td>\nfalse<\/td>\n<\/tr>\n
max_bypass_attempt<\/td>\nInteger<\/td>\nOptional.<\/td>\n0<\/td>\n<\/tr>\n
enable_bypassing<\/td>\nBoolean<\/td>\nOptional.<\/td>\nfalse<\/td>\n<\/tr>\n
encryption_type<\/td>\nString<\/td>\nOptional. The possible values are institutional_recovery_key, personal_recovery_key, or institutional_and_personal_recovery_key.<\/td>\ninstitutional_and_personal_recovery_key<\/td>\n<\/tr>\n
escrow_local_desc<\/td>\nString<\/td>\nOptional.The description for escrow local.<\/td>\n<\/td>\n<\/tr>\n
show_recovery_key<\/td>\nBoolean<\/td>\nOptional.<\/td>\ntrue<\/td>\n<\/tr>\n
selected_cert_id<\/td>\nInteger<\/td>\nOptional.<\/td>\n2<\/td>\n<\/tr>\n
escrow_message<\/td>\nString<\/td>\nOptional.<\/td>\n<\/tr>\n
enable_filevault<\/td>\nBoolean<\/td>\nOptional.<\/td>\ntrue<\/td>\n<\/tr>\n
escrow_encrypt_key_cert<\/td>\nString<\/td>\nOptional.<\/td>\nNone<\/td>\n<\/tr>\n
enter_missing_info<\/td>\nBoolean<\/td>\nOptional.<\/td>\ntrue<\/td>\n<\/tr>\n
ask_at_logout<\/td>\nBoolean<\/td>\nOptional. The option to define the maximum number of times a user can bypass the prompt to enable FileVault when logging into the device.<\/td>\ntrue<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The systemextension<\/strong> dictionary payload can contain the following keys<\/p>\n

\n\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
allow_system_user_overrides<\/td>\nBoolean<\/td>\nOptional<\/td>\nfalse<\/td>\n<\/tr>\n
allowed_system_teamids<\/td>\nArray<\/td>\nOptional. The team identifiers should be specified within []<\/td>\n<\/td>\n<\/tr>\n
allowed_system_extensions<\/td>\nObject<\/td>\nOptional. The system extensions should be specified within {}.<\/td>\n<\/td>\n<\/tr>\n
allowed_system_extension_type<\/td>\nObject<\/td>\nOptional. The system extension types should be specified within {}.<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The kernelextension<\/strong> dictionary payload can contain the following keys<\/p>\n

\n\n\n\n\n\n\n\n
Argument<\/strong><\/th>\nType<\/strong><\/th>\n Description <\/strong><\/th>\n Default value <\/strong><\/th>\n<\/tr>\n<\/thead>\n
allow_user_overrides<\/td>\nBoolean<\/td>\nOptional<\/td>\nfalse<\/td>\n<\/tr>\n
allowed_kernel_extensions<\/td>\nObject<\/td>\nOptional. The kernel extensions should be specified within {}.<\/td>\n<\/tr>\n
allowed_teamids<\/td>\nString<\/td>\nOptional. The team identifiers should be specified within [].<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

The app_management<\/strong> dictionary can contain the following keys:<\/p>\n

\n\n\n\n\n\n\n\n\n
Argument <\/strong> <\/th>\n Type <\/strong> <\/th>\n Description <\/strong> <\/th>\n<\/tr>\n<\/thead>\n
whitelist_apps<\/td>\nDictionary<\/td>\nOptional. A dictionary containing the explicit keys app<\/strong> (whose value is a list of app IDs) and group<\/strong> (whose value is a list of app group IDs). <\/td>\n<\/tr>\n
blacklist_apps<\/td>\nDictionary<\/td>\nOptional. A dictionary containing the explicit keys app<\/strong> (whose value is a list of app IDs) and group<\/strong> (whose value is a list of app group IDs). <\/td>\n<\/tr>\n
mandatory_apps<\/td>\nDictionary<\/td>\nOptional. A dictionary containing the explicit keys app<\/strong> (whose value is a list of app IDs) and group<\/strong> (whose value is a list of app group IDs). <\/td>\n<\/tr>\n
catalogues<\/td>\nList \/ Array<\/td>\nOptional. List of integers representing the corresponding catalogue IDs.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n
\n
curl<\/div>\n
\n
\n
POST https:\/\/.hexnodemdm.com\/api\/v1\/policy\/ \r\nheaders:- \r\nAuthorization:  \r\nContent-Type: application\/json \r\nSample Post Data:- \r\n[{ \r\n\"name\": \"Sales Team Policy\", \r\n\"description\": \"\", \r\n\"macos\": { \r\n\"passwordcode\": { \r\n\"allow_simple\": true, \r\n\"require_alphanumeric\": false, \r\n\"change_at_next_auth\": false, \r\n\"min_length\": 1, \r\n\"min_complex_chars\": 2, \r\n\"max_pinage_in_days\": 30, \r\n\"max_inactivity\": never, \r\n\"pin_history\": 4, \r\n\u201cmax_grace_period\u201d : none, \r\n\u201cforce_pin\u201d: true \r\n}, \r\n\r\n\"wifi\": null, \r\n\"vpn\": null, \r\n\"schedule_os_updates\": null, \r\n\"firewall\": null, \r\n\"filevault\": null, \r\n\"Systemextension\": null, \r\n\"Kernelextension\": null, \r\n\"app_management\": {} \r\n} \r\n\r\n\"policy_targets\": { \r\n\"devices\": [2,4], \r\n\"devicegroups\": [], \r\n\"users\": [], \r\n\"usergroups\": [] \r\n} \r\n}] \r\n<\/pre>\n
Shell Command<\/p>\n
curl -H \"Authorization:  \" -H \"Content-Type: application\/json\" -d '{\"name\": \"Sales Team Policy\", \"description\": \"\", \"macos\": {\"password\": {\"allow_simple\": true, \"require_alphanumeric\": false, \"change_at_next_auth\": false, \"min_length\": 1, \"min_complex_chars\": 2, \"max_pinage_in_days\": 30, \"max_inactivity\": \"never\", \"pin_history\": 4, \"force_pin\": true}}, \"policy_targets\": {\"devices\": [4002], \"devicegroups\": [], \"users\": [], \"usergroups\": []}}' https:\/\/.hexnodemdm.com\/api\/v1\/policy\/ -X POST \r\n<\/pre>\n<\/div>\n<\/div>\n
\n
\n
HTTP Response:<\/p>\n
HTTP\/1.1 201 Created \r\n{ \r\n\"id\": 5, \r\n\"name\": \"Sales Team Policy\", \r\n\"description\": \"\", \r\n\"version\": 1, \r\n\"ios_configured\": false, \r\n\"android_configured\": false, \r\n\"windows_configured\": false, \r\n\"macos_configured\": true, \r\n\"created_time\": \"2023-11-08T05:06:53.782500Z\", \r\n\"modified_time\": \"2023-11-08T05:06:53.782312Z\", \r\n\"ios\": { \r\n\"password\": null, \r\n\"restrictions\": null, \r\n\"advanced_restrictions\": null, \r\n\"web_content_filter\": null, \r\n\"wifi\": null, \r\n\"vpn\": null, \r\n\"email\": null, \r\n\"activesync\": null, \r\n\"ldap\": null, \r\n\"caldav\": null, \r\n\"subscribe_calendar\": null, \r\n\"carddav\": null, \r\n\"webclip\": null, \r\n\"access_point\": null, \r\n\"applock\": null, \r\n\"wallpaper\": null, \r\n\"globalproxy\": null, \r\n\"lock_screen_msg\": null \r\n}, \r\n\r\n\"android\": { \r\n\"password\": null, \r\n\"restrictions\": null, \r\n\"wifi\": [], \r\n\"email\": null, \r\n\"activesync\": null, \r\n\"applock\": null, \r\n\"wallpaper\": null, \r\n\"android_web_content_filter\": null \r\n}, \r\n\r\n\"windows\": null, \r\n\"macos\": { \r\n\"password\": { \r\n\"allow_simple\": true, \r\n\"require_alphanumeric\": true, \r\n\"change_at_next_auth\": true, \r\n\"min_length\": 6, \r\n\"min_complex_chars\": 3, \r\n\"max_pinage_in_days\": 4, \r\n\"max_inactivity\": \"5_minutes\", \r\n\"pin_history\": null, \r\n\"max_grace_period\": \"15_minutes\" \r\n}, \r\n\r\n\"wifi\": null, \r\n\"vpn\": null, \r\n\"firewall\": null, \r\n\"filevault\": null, \r\n\"systemextension\": null, \r\n\"kernelextension\": null,\r\n\"app_management\": { \r\n\"whitelist_apps\": { \r\n\"app\": [], \r\n\"group\": [] \r\n}, \r\n\"blacklist_apps\": { \r\n\"app\": [], \r\n\"group\": [] \r\n}, \r\n\"mandatory_apps\": { \r\n\"app\": [], \r\n\"group\": [] \r\n}, \r\n\"catalogues\": [] \r\n} \r\n}, \r\n\"general_settings\": { \r\n\"location_settings\": { \r\n\"tracking_disabled\": true, \r\n\"interval_minutes\": 60, \r\n\"location_configured\": false \r\n} \r\n}, \r\n\r\n\"policy_targets\": { \r\n\"devices\": [2,4] \r\n\"devicegroups\": [], \r\n\"users\": [], \r\n\"usergroups\": [] \r\n} \r\n} \r\n<\/pre>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
macOS Policies The password dictionary can contain the following keys: Argument Type Description Default value allow_simple Boolean Optional. true require_alphanumeric Boolean Optional. false change_at_next_auth Boolean Optional. The option to enforce password change in the next login. false min_length Integer Optional. Values can be from 1 to 16. min_complex_chars Integer Optional. Values can be from 1 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":3672,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-4791","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/pages\/4791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/comments?post=4791"}],"version-history":[{"count":17,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/pages\/4791\/revisions"}],"predecessor-version":[{"id":5023,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/pages\/4791\/revisions\/5023"}],"up":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/pages\/3672"}],"wp:attachment":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/developers\/wp-json\/wp\/v2\/media?parent=4791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}