Complete MDM payload list for Apple devices
Payloads can be used on various operating systems, and with users and devices (in some cases, they work only on devices that are supervised). Payload settings for Apple devices are detailed in the table below, which contains the following columns. Before you review the table below, understand what each column contains.
Payload name: The name of the payload in Apple Configurator 2 or Profile Manager. If you’re using a third-party mobile device management (MDM) solution, the payload name may be different.
System and channel: This column notes the Apple device operating system and specifies whether the macOS payload can be used for a device configuration profile or a user configuration profile.
Supported enrolment type: This column notes the three enrolment types: User Enrolment, Device Enrolment and Automated Device Enrolment. See Enrolment types.
Interaction: This column notes how settings of different payloads interact when applied to a device. Multiple payloads of the same kind can be applied to a device. If payloads contain account, certificate or network configurations, each of the payloads’ settings are applied simultaneously. Some network payloads may conflict with others. For example, if two payloads define different network settings for the same SSID, the result is undefined. iOS or iPadOS payloads containing restrictions don’t conflict, because each payload uses the most restrictive value possible. In combined payloads for macOS, most restriction settings (vs. account settings) are undefined if more than one value exists across payloads.
You can use combined payloads to add usage restrictions together to form a restrictive environment where the user has very limited options on what can be used on the device.
Combined payloads: Combined payload items aren’t mutually exclusive. These payload items are linked together, keeping all the payload items. Combined payloads are usually things like mail or LDAP accounts, where the existence of one doesn’t preclude your having additional accounts.
Exclusive payloads: Exclusive payloads can have only one possible version of a setting (just like device names, password policies or specific network settings), and this setting can be applied only once. For example, a device can’t simultaneously have more than one Global HTTP proxy payload. Any duplicate payload settings overwrite previous settings.
Note: In iOS, iPadOS and tvOS, if combined payloads have the same account description (or display name), they’re treated as exclusive payloads.
Duplicates: This column notes whether one specified payload (Single) or more than one specified payload (Multiple) can be delivered to a user or device. For example, you can add more than one Subscribed Calendars payload to a configuration profile. This allows you to subscribe the user to, in this case, more than one calendar.
Note: Not all payloads and their respective settings are available in all MDM solutions. Consult your MDM vendor’s documentation to see which payload and settings they support.
Payload | OS | Supported enrolment type | Interaction | Duplicates |
|---|---|---|---|---|
 | iOS iPadOS Shared iPad tvOS macOS device macOS user | User Device Automated Device | Exclusive | Single |
 | macOS device macOS user | Device Automated Device | Exclusive | Single |
 | macOS device macOS user | User Device Automated Device | Exclusive | Multiple |
 | iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | Combined | Single |
 | tvOS | Device Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | Combined | Single |
 | iOS iPadOS tvOS | Device Automated Device | Exclusive | Multiple |
 | macOS device macOS user | User Device Automated Device | Exclusive | Multiple |
 | macOS device | Device Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad user macOS user | User Device Automated Device | Combined | Multiple |
 | iOS iPadOS Shared iPad device watchOS | Device Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad device tvOS macOS device macOS user watchOS | User Device Automated Device | Combined | Multiple |
| macOS user | User Device Automated Device | Combined | Multiple |
 | iOS iPadOS Shared iPad device tvOS macOS device watchOS | User Device Automated Device | Combined | Multiple |
 | tvOS | Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad user macOS user | User Device Automated Device | Combined | Multiple |
 | macOS device | Device Automated Device | Exclusive | Single |
 | macOS device | User Device Automated Device | Exclusive | Multiple |
 | iOS iPadOS Shared iPad device | Automated Device | Exclusive | Multiple |
 | iOS iPadOS Shared iPad device macOS device | Device Automated Device | Combined | Multiple |
 | macOS device macOS user | Device Automated Device | Combined | Single |
 | iOS iPadOS Shared iPad device Shared iPad user macOS device macOS user | Device Automated Device | Combined | Single |
 | macOS device | Device Automated Device | Combined | Single |
 | iOS iPadOS Shared iPad user | User Device Automated Device | Combined | Multiple |
| macOS user | User Device Automated Device | Combined | Multiple |
 Can be installed only by an MDM solution | iOS iPadOS Shared iPad user macOS device macOS user | User Device Automated Device | Exclusive | Single |
Extensible Single Sign-On Kerberos Can be installed only by an MDM solution | iOS iPadOS Shared iPad user macOS device macOS user | User Device Automated Device | Exclusive | Multiple |
 | macOS device macOS user | Device Automated Device | Exclusive | Multiple |
| macOS device macOS user | Device Automated Device | Exclusive | Single |
 | macOS device macOS user | Device Automated Device | Combined | Single |
 | iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | Combined | Single |
 | iOS iPadOS Shared iPad device tvOS macOS device | Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad user | User Device | Combined | Multiple |
 | iOS iPadOS Shared iPad device Shared iPad user tvOS | Automated Device | Exclusive | Single |
 | macOS device macOS user | User Device Automated Device | Exclusive | Single |
 | macOS device | Device Automated Device | Exclusive | Multiple |
| iOS iPadOS Shared iPad user macOS user | User Device Automated Device | Combined | Multiple |
| macOS device | Device Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad device | Automated Device | Exclusive | Single |
 | macOS device macOS user | User (Managed items only) Device Automated Device | Combined | Multiple (Managed items) Single (Login items) |
 | macOS device macOS user | Device Automated Device | Combined | Multiple (Login Window) Single (Scripts) |
 | iOS iPadOS Shared iPad user macOS user | User Device Automated Device | Combined | Multiple |
 | iOS iPadOS Shared iPad device tvOS macOS device macOS user watchOS | User Device Automated Device | Combined | Multiple |
 Can be installed only by an MDM solution | iOS iPadOS Shared iPad device | Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad device Shared iPad user macOS device macOS user | User (macOS only) Device (macOS only) Automated Device | Exclusive | Single |
 | macOS device macOS user | Device Automated Device | Combined | Single |
 | iOS iPadOS macOS device macOS user | User Device Automated Device | Combined | Single |
 | macOS device macOS user | Device Automated Device | Combined | Single |
 | macOS device | Device Automated Device | Exclusive | Multiple |
 | macOS device | Device Automated Device | Exclusive | Single |
| iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | Exclusive | Single |
 | iOS iPadOS Shared iPad device tvOS macOS device macOS user | User Device Automated Device | Combined | Multiple |
| macOS device macOS user | Device Automated Device | Some | Single |
| iOS iPadOS Shared iPad device macOS device macOS user | User Device Automated Device | Exclusive | Single |
| iOS iPadOS Shared iPad device tvOS | Automated Device | Exclusive | Single |
 Can be installed only by an MDM solution | iOS iPadOS | User Device Automated Device | Exclusive | Single |
 | macOS device | Device Automated Device | Exclusive | Single |
 | macOS device | Device Automated Device | Combined | Single |
 | iOS iPadOS Shared iPad user | User Device Automated Device | Combined | Multiple |
 | macOS device | Device Automated Device | Combined | Single |
 | macOS device | Device Automated Device | Combined | Single |
 | iOS iPadOS Shared iPad device tvOS | Automated Device | Exclusive | Single |
 | iOS iPadOS macOS device macOS user | User (App-Layer VPN and App-to-App Layer VPN mapping only) Device Automated Device | Combined | Multiple |
 | iOS iPadOS Shared iPad user macOS user | User Device Automated Device | Combined | Multiple |
 | iOS iPadOS Shared iPad device macOS device | Device Automated Device | Combined | Single |
 | macOS device | Device | Exclusive | Single |