iOS 12 - changes in configuration profiles


#1

iOS 12 has been announced today at WWDC18

New configuration profiles are available in iOS 12 at this stage.

Changes were made in the following profiles:

  • Exchange
  • Notifications
  • Restrictions

Exchange Payload

Deprecated keys

Deprecate Key Replacement Key Type Description
SMIMEEncryptionEnabled SMIMEEncryptByDefault Boolean Optional. Default false. If set to true, S/MIME encryption is on by default for this account. Availability: Available only in iOS 10.3 and later. As of iOS 12.0, this key is deprecated. It is recommended to use SMIMEEncryptByDefault instead.
SMIMEEnablePerMessageSwitch SMIMEEnableEncryptionPerMessageSwitch Boolean Optional. Default false. If set to true, displays the per-message encryption switch in the Mail Compose UI. Availability: Available only in iOS 8.0 and later. As of iOS 12.0, this key is deprecated. It is recommended to use SMIMEEnableEncryptionPerMessageSwitch instead.

New Keys

Key Type Description
SMIMESigningUserOverrideable Boolean Optional. Default false. If set to true, the user can toggle S/MIME signing on or off in Settings.
SMIMESigningCertificateUUIDUserOverrideable Boolean Optional. Default false. If set to true, the user can select the signing identity.
SMIMEEncryptByDefault Boolean Optional. Default false. If set to true, S/MIME encryption is enabled by default. If SMIMEEnableEncryptionPerMessageSwitch is false, this default cannot be changed by the user.
SMIMEEncryptByDefaultUserOverrideable Boolean Optional. Default false. If set to true, the user can toggle the encryption by default setting.
SMIMEEncryptionCertificateUUIDUserOverrideable Boolean Optional. Default false. If set to true, the user can select the S/MIME encryption identity and encryption is enabled.
SMIMEEnableEncryptionPerMessageSwitch Boolean Optional. Default false. If set to true, enable the per-message encryption switch in the compose view and encryption is enabled.
OAuth Boolean Optional. Specifies whether the connection should use OAuth for authentication. If enabled, a password should not be specified. This defaults to false.

Notifications Payload

Key Type Description
ShowInCarPlay Boolean Optional. Whether notifications can be shown in CarPlay. Default is true.
CriticalAlertEnabled Boolean Optional. Whether an app can mark a notification as a critical notification that will ignore Do Not Disturb and ringer settings. Default is false.

Restrictions Payload

Key Type Description
forceAutomaticDateAndTime boolean Optional. Supervised only. If set to true, the Date & Time “Set Automatically” feature is turned on and can’t be turned off by the user. Defaults to false. Note: The device’s time zone will only be updated when the device can determine its location (cellular connection or wifi with location services enabled).

Full list of profiles available here: https://developer.apple.com/library/archive/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html


#2

Thanks for this review!


#3

Apple have since added additional keys

Restrictions

Key Type Description
allowPasswordAutoFill Boolean Optional. Supervised only. If set to false, users will not be able to use the AutoFill Passwords feature on iOS and will not be prompted to use a saved password in Safari or in apps. If set to false, Automatic Strong Passwords will also be disabled and strong passwords will not be suggested to users. Defaults to true.
allowPasswordProximityRequests Boolean Optional. Supervised only. If set to false, a userʼs device will not request passwords from nearby devices. Defaults to true.
allowPasswordSharing Boolean Optional. Supervised only. If set to false, users can not share their passwords with the Airdrop Passwords feature. Defaults to true.

SCEP Payload

Key Type Description
AllowAllAppsAccess Boolean Optional. If true, all apps have access to the private key. Default is false

Note: this is very interesting and requires further testing but potentially this payload may allow the certificates pushed by MDM to be used across other applications (not just Apple signed applications).

Notifications

Key Type Description
GroupingType Integer Optional. The type of grouping for notifications for this app:• 0:Automatic-groupnotificationsintoapp-specifiedgroups. (Default)1:Byapp-groupnotificationsintoonegroup.2:Off-donotgroupnotifications.
CriticalAlertEnabled Boolean Optional. Whether an app can mark a notification as a critical notification that will ignore Do Not Disturb and ringer settings. Default is false.

#4

These keys are now available in Apple Configurator 2.8 (Beta)

Restrictions

2018-07-31_13-56-30

<key>forceAutomaticDateAndTime</key>
<false/>

2018-07-31_13-56-53

<key>allowPasswordProximityRequests</key>
<true/>
<key>allowPasswordSharing</key>
<true/>

2018-07-31_14-02-41

<key>allowPasswordAutoFill</key>
<false/>

Exchange
2018-07-31_14-06-30

2018-07-31_14-08-07

<key>OAuth</key>
<false/>

Notifications
2018-07-31_14-33-26