iOS 11 - New MDM payloads


#1

iOS 11 introduces a number of new MDM payloads and adds to existing payloads

New Payloads

DNS Proxy

There is not much information available regarding this payload yet.
It looks like DNS calls for specified applications can be proxied through another application

<key>PayloadContent</key>
	<array>
		<dict>
			<key>AppBundleIdentifier</key>
			<string>test</string>
			<key>PayloadDescription</key>
			<string>Configures DNS proxy network extension</string>
			<key>PayloadDisplayName</key>
			<string>DNS Proxy</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.dnsProxy.managed.C9DD4DF3-021A-4A84-B4FA-BD4823CE0F72</string>
			<key>PayloadType</key>
			<string>com.apple.dnsProxy.managed</string>
			<key>PayloadUUID</key>
			<string>C9DD4DF3-021A-4A84-B4FA-BD4823CE0F72</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>ProviderBundleIdentifier</key>
			<string>test</string>
		</dict>
	</array>

AirPlay Security
This is an Apple TV specific payload “Security type for device that connect to the Apple TV using Airplay”

<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string>Manages the AirPlay Security settings on Apple TV (Settings &gt; AirPlay &gt; Security)</string>
			<key>PayloadDisplayName</key>
			<string>AirPlay Security settings</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.airplay.security.9A46E41B-619D-49AD-AF5E-6E8E7B1FF28B</string>
			<key>PayloadType</key>
			<string>com.apple.airplay.security</string>
			<key>PayloadUUID</key>
			<string>9A46E41B-619D-49AD-AF5E-6E8E7B1FF28B</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>SecurityType</key>
			<string>PASSWORD</string>
		</dict>
	</array>

Modified Payloads

AirPrint
AirPrint payload adds ability to enforce TLS and specify a port

<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string>Configures AirPrint settings</string>
			<key>PayloadDisplayName</key>
			<string>AirPrint</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.airprint.7FC7C8AF-CADB-4813-A68C-D0F6786CDA2F</string>
			<key>PayloadType</key>
			<string>com.apple.airprint</string>
			<key>PayloadUUID</key>
			<string>7FC7C8AF-CADB-4813-A68C-D0F6786CDA2F</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>

Cellular
You can now select the supported IP version for APN configuration.
Options are IPv4, IPv6, IPv4 and IPv6

<key>PayloadContent</key>
    	<array>
    		<dict>
    			<key>AttachAPN</key>
    			<dict>
    				<key>AllowedProtocolMask</key>
    				<integer>3</integer>
    				<key>Name</key>
    				<string>test.test.com</string>
    				<key>Password</key>
    				<string>testpassword</string>
    				<key>Username</key>
    				<string>testuser</string>
    			</dict>
    			<key>PayloadDescription</key>
    			<string>Configures cellular data settings</string>
    			<key>PayloadDisplayName</key>
    			<string>Cellular</string>
    			<key>PayloadIdentifier</key>
    			<string>com.apple.cellular.0F393CD8-109D-4534-86A7-AA8D40797EB6</string>
    			<key>PayloadType</key>
    			<string>com.apple.cellular</string>
    			<key>PayloadUUID</key>
    			<string>0F393CD8-109D-4534-86A7-AA8D40797EB6</string>
    			<key>PayloadVersion</key>
    			<integer>1</integer>
    		</dict>
    	</array>

iOS 11 - Topic Summary
#2

I’m still unsure what should the DNS Proxy Provider Configuration field contain exactly.

I suppose these are completely arbitrary settings that a given extension may read. Does anyone know more about this?


#3

Looking at the Apple developer documentation (https://developer.apple.com/documentation/networkextension/nednssettings)

You can pass proxy configuration to the app

I imagine developer could put an app together that has an XML which sets the following values

var servers: [String]
var searchDomains: [String]?
var domainName: String?
var matchDomains: [String]?
var matchDomainsNoSearch: Bool