Web Content Filter MDM payload settings for Apple devices
Learn how to deny access to websites, or allow access to only specific websites, for users of iPhone, iPad, and Mac devices enrolled in a mobile device management (MDM) solution. Use the Web Content Filter payload to choose which websites the device can view. You can automatically filter out adult content, and then permit or deny access to specific sites. You can also set up a device so that it can view only specific websites and create bookmarks for those websites. In macOS 10.15, or later you can also:
Set the filter grade type: firewall or inspector
OS and channel
Supported enrollment types
Shared iPad device
When you enter URLs, start the URL with https:// or http://. If necessary, add separate entries for http:// and https:// versions of the same URL. These settings can’t be edited on an iOS or iPadOS device when an installed configuration profile contains content restrictions.
Add URLs to this list to permit access to certain websites, even if they’re considered adult by the automatic filter. If you leave this list empty, access is permitted to all non-adult websites except for those listed in Denied URLs.
Add URLs to this list to deny access to certain websites. Users can’t visit these sites even if they’re considered non-adult by the automatic filter.
Note: If a restriction contains denied URLs, then any URLs in the Allow URLs field that contradict the denied list are removed.
Specific Web Sites Only
Add the websites that you want to give access to. Enter the URL of the website in the URL column. Enter the name for the bookmark in the Name column.
Create customized settings to connect and authenticate to third-party content filters.
Built-in or plug-in (plug-in must be used for macOS)
Display name of the filter in the app and on the device
The identifier for the plug-in filter.
The IP address, fully qualified domain name (FQDN) or URL of the service.
The organization name for the service.
The user name for authenticating to the service.
The password for the user name.
The Certificates payload used to authorize connections to the service.