MDM

Device Enrollment MDM payloads for Apple devices

Payloads can be used on various operating systems, with users or devices. Payload settings for Apple devices are detailed in the table below, which contains the following columns. Before you review the table below, understand what each column contains.

Payload name: The name of the payload in Apple Configurator 2 or Profile Manager. If you’re using a third-party mobile device management (MDM) solution, the payload name may be different.
System and channel: This column notes the Apple device operating system and specifies whether the macOS payload can be used for a device configuration profile or a user configuration profile.
Interaction: This column notes how settings of different payloads interact when applied to a device. Multiple payloads of the same kind can be applied to a device. If payloads contain account, certificate, or network configurations, each of the payloads’ settings are applied simultaneously. Some network payloads may conflict with others. For example, if two payloads define different network settings for the same SSID, the result is undefined. iOS and iPadOS payloads containing restrictions don’t conflict, because each payload uses the most restrictive value possible. In combined payloads for macOS, most restriction settings (versus account settings) are undefined if more than one value exists across payloads.
You can use combined payloads to add usage restrictions together to form a restrictive environment where the user has very limited options on what can be used on the device.
- Combined payloads: Combined payload items aren’t mutually exclusive. These payload items are linked together, keeping all the payload items. Combined payloads are usually things like mail or LDAP accounts, where the existence of one doesn’t preclude your having additional accounts.
- Exclusive payloads: Exclusive payloads can have only one possible version of a setting (just like device names, password policies, or specific network settings), and this setting can be applied only once. For example, a device can’t simultaneously have more than one Global HTTP proxy payload. Any duplicate payload settings overwrite previous settings.
Note: In iOS, iPadOS, and tvOS, if combined payloads have the same account description (or display name), they’re treated as exclusive payloads.
Duplicates: This column notes whether one specified payload (Single) or more than one specified payload (Multiple) can be delivered to a user or device. For example, you can add more than one Subscribed Calendars payload to a configuration profile. This allows you to subscribe the user to, in this case, more than one calendar.

Note: Not all payloads and their respective settings are available in all MDM solutions. Consult your MDM vendor’s documentation to see which payload and settings they support.

Payload	OS	Interaction	Duplicates
General	iOS iPadOS Shared iPad tvOS macOS device macOS user	Exclusive	Single
Accessibility	macOS device macOS user	Exclusive	Single
Active Directory Certificate	macOS device macOS user	Exclusive	Multiple
AirPlay	iOS iPadOS Shared iPad device macOS device macOS user	Combined	Single
AirPlay Security	tvOS	Exclusive	Single
AirPrint	iOS iPadOS Shared iPad device macOS device macOS user	Combined	Single
App Configuration	iOS iPadOS tvOS	Exclusive	Multiple
Associated Domains	macOS device macOS user	Exclusive	Multiple
Autonomous Single App Mode	macOS device	Exclusive	Single
Calendar	iOS iPadOS Shared iPad user macOS user	Combined	Multiple
Cellular	iOS iPadOS Shared iPad device watchOS	Exclusive	Single
Certificates	iOS iPadOS Shared iPad device tvOS macOS device macOS user watchOS	Combined	Multiple
Certificate Preference	macOS user	Combined	Multiple
Certificate Transparency	iOS iPadOS Shared iPad device tvOS macOS device watchOS	Combined	Multiple
Contacts	iOS iPadOS Shared iPad user macOS user	Combined	Multiple
Content Caching	macOS device	Exclusive	Single
Directory	macOS device	Exclusive	Multiple
DNS Settings	iOS iPadOS Shared iPad device macOS device	Combined	Multiple
Dock	macOS device macOS user	Combined	Single
Domains	iOS iPadOS Shared iPad device Shared iPad user macOS device macOS user	Combined	Single
Energy Saver	macOS device	Combined	Single
Exchange ActiveSync (EAS)	iOS iPadOS Shared iPad user	Combined	Multiple
Exchange Web Services (EWS)	macOS user	Combined	Multiple
Extensible Single Sign-On Can be installed only by an MDM solution	iOS iPadOS Shared iPad user macOS	Exclusive	Single
Extensible Single Sign-On Kerberos Can be installed only by an MDM solution	iOS iPadOS Shared iPad user macOS device macOS user	Exclusive	Multiple
Extensions	macOS device macOS user	Exclusive	Multiple
File Provider	macOS device macOS user	Exclusive	Single
Finder	macOS device macOS user	Combined	Single
Fonts	iOS iPadOS Shared iPad device macOS device macOS user	Combined	Single
Global HTTP Proxy	macOS device	Exclusive	Single
Google Accounts	iOS iPadOS Shared iPad user	Combined	Multiple
Identification	macOS device macOS user	Exclusive	Single
Kernel Extension Policy	macOS device	Exclusive	Multiple
LDAP	iOS iPadOS Shared iPad user macOS user	Combined	Multiple
Lights Out Management	macOS device	Exclusive	Single
Login Items	macOS device macOS user	Combined	Multiple (Managed items) Single (Login items)
Login Window	macOS device macOS user	Combined	Multiple (Login Window) Single (Scripts)
Mail	iOS iPadOS Shared iPad user macOS user	Combined	Multiple
Network	iOS iPadOS Shared iPad device tvOS macOS device macOS user watchOS	Combined	Multiple
Notifications	iOS iPadOS Shared iPad device Shared iPad user macOS device macOS user	Exclusive	Single
Parental Controls	macOS device macOS user	Combined	Single
Passcode	iOS iPadOS macOS device macOS user	Combined	Single
Printing	macOS device macOS user	Combined	Single
Privacy Preferences Policy Control	macOS device	Exclusive	Multiple
Restrictions	iOS iPadOS macOS device macOS user	Exclusive	Single
Proxy	macOS device	Exclusive	Single
SCEP	iOS iPadOS Shared iPad device tvOS macOS device macOS user	Combined	Multiple
Security & Privacy	macOS device macOS user	Some	Single
Setup Assistant	iOS iPadOS Shared iPad device macOS device macOS user	Exclusive	Single
Single Sign-On Can be installed only by an MDM solution	iOS iPadOS	Exclusive	Single
Smart Card	macOS device	Exclusive	Single
Software Update	macOS device	Combined	Single
Subscribed Calendars	iOS iPadOS Shared iPad user	Combined	Multiple
System Migration	macOS device	Combined	Single
Time Machine	macOS device	Combined	Single
VPN	iOS iPadOS macOS device macOS user	Combined	Multiple
Web Clips	iOS iPadOS Shared iPad user macOS user	Combined	Multiple
Web Content Filter	iOS iPadOS Shared iPad device macOS device	Combined	Single
Xsan	macOS device	Exclusive	Single

Helpful?

Mobile Device Management Settings

Device Enrollment MDM payloads for Apple devices