The URL that this account should use for signing in via OAuth. When this URL is specified, auto-discovery is not used for this account so you must also specify a host. This field is ignored unless OAuth is true .
OAuthTokenRequestURL
string
The URL that this account should use for token requests via OAuth. This field is ignored unless OAuth is true .
Restrictions
New Restrictions
There are some new restriction keys, looks like allowWiFiPowerModification has been replaced with forceWiFiPowerOn
Key
Type
Description
allowFilesNetworkDriveAccess
boolean
If false , prevents connecting to network drives in the Files app. Available in iOS 13.0 and later.
allowFilesUSBDriveAccess
boolean
If false , prevents connecting to any connected USB devices in the Files app. Available in iOS 13.0 and later.
allowFindMyDevice
boolean
If false , disables Find My Device in the Find My app. Requires a supervised device. Available in iOS 13 and later.
allowFindMyFriends
boolean
If false , disables Find My Friends in the Find My app. Requires a supervised device. Available in iOS 13 and later.
forceWiFiPowerOn
boolean
If false , prevents Wi-Fi from being turned off in Settings or Control Center, even by entering or leaving Airplane Mode. It does not prevent selecting which Wi-Fi network to use. Available in iOS 13.0 and later.
Restrictions that require supervision as of iOS 13
Key
Type
Description
allowAddingGameCenterFriends
boolean
If false , prohibits adding friends to Game Center. As of iOS 13, requires a supervised device. Available in iOS 4.2.1 and later, and macOS 10.13 and later.
allowAppInstallation
boolean
If false , disables the App Store, and its icon is removed from the Home screen. Users are unable to install or update their apps. In iOS 10 and later, MDM commands can override this restriction. As of iOS 13, this restriction requires a supervised device. Available in iOS 4 and later.
allowCamera
boolean
If false , disables the camera, and its icon is removed from the Home screen. Users are unable to take photographs. As of iOS 13, requires a supervised device. Available in iOS 4 and later, and macOS 10.11 and later.
allowCloudBackup
boolean
If false , disables backing up the device to iCloud. As of iOS 13, requires a supervised device. Available in iOS 5 and later.
allowCloudDocumentSync
boolean
If false , disables document and key-value syncing to iCloud. As of iOS 13, this restriction requires a supervised device. Available in iOS 5 and later, and macOS 10.11 and later.
allowExplicitContent
boolean
If false , hides explicit music or video content purchased from the iTunes Store. Explicit content is marked as such by content providers, such as record labels, when sold through the iTunes Store. As of iOS 13, requires a supervised device. Available in iOS 4 and later, and tvOS 11.3 and later.
allowiTunes
boolean
If false , disables the iTunes Music Store, and its icon is removed from the Home screen. Users cannot preview, purchase, or download content. As of iOS 13, requires a supervised device. Available in iOS 4 and later.
allowRemoteScreenObservation
boolean
If false , disables remote screen observation by the Classroom app. Nest this key beneath allowScreenShot as a subrestriction. If allowScreenShot is set to false , the Classroom app doesn’t observe remote screens. Required a supervised device until iOS 13 and macOS 10.15. Available in iOS 12 and later, and macOS 10.14.4 and later.
allowSafari
boolean
If false , disables the Safari web browser app, and its icon is removed from the Home screen. This setting also prevents users from opening web clips. As of iOS 13, requires a supervised device. Available in iOS 4 and later.
allowVideoConferencing
boolean
If false , hides the FaceTime app. As of iOS 13, requires a supervised device. Available in iOS 4 and later.
safariAllowAutoFill
boolean
If false , disables Safari autofill. As of iOS 13, requires a supervised device. Available in iOS 4 and later, and macOS 10.13 and later.
Apple have released a beta 1 of iOS 13.4 yesterday, looks like there are some new configuration profiles available and there are some changes in how iOS operates.
Commands
Looks like Apple are releasing shared iPad functionality for Apple Business Manager
New command is being added for dynamic quote management for users and apps. SharedDeviceConfiguraiton
Restrictions
Safari will not connect (instead of displaying a block message) to websites that present TLS 1.0 or TLS 1.1
New setting exists in restriction profile to allow this connection
<key>allowDeprecatedWebKitTLS</key>
<true/>
Looks like the following has also been added, Apple is releasing Shared iPad functionality for enterprises and below is designed to control temporary “Shared iPad Sessions” on the device.
<key>allowSharedDeviceTemporarySession</key>
Restrictions are documented by Apple here:
Key
Type
Description
allowDeprecatedWebKitTLS
boolean
If true , the deprecated TLS 1.0/1.1 behavior in Safari is allowed. Available in iOS 13.4 and later, and macOS 10.15.4 and later.
allowSharedDeviceTemporarySession
boolean
If false , temporary sessions are not available on Shared iPad. Available in iOS 13.4 and later.
VPN
VPN profiles for SSL VPN have a new key to send all traffic through the VPN and to exclude local networks