iOS and macOS settings

The following settings are available:

General settings (iOS and macOS)

You can configure a general settings configuration that determines when configuration profiles can be removed from iOS and macOS devices.

General settings can be set once; if you want to use this screen to change these settings, then the user must manually delete the profile.

Procedure 

  1. Go to Policies & Configs > Configurations.
  2. Select Add New > Apple > iOS and macOS > General to specify the basic information for interactions with the iOS and macOS configuration profiles.
  3. Configure the general settings as described in General iOS and macOS settings .
  4. Select Save.

    Table 105.  General iOS and macOS settings

    Item

    Description

    Name

    Enter brief text that identifies this group of iOS and macOS general settings.

    Description

    Enter additional text that clarifies the purpose of this group of iOS and macOS general settings.

    Identifier

    Specify the profile identifier. It must uniquely identify this profile. Use the format

    com.companyname.identifier

    where identifier describes the profile, as in com.mycompany.work.

    Organization

    Specify the issuing organization of the profile, as it will be shown to the user.

    Control when the profile can be removed

    Not for iOS with MDM: Specify when configuration profiles should be removed:

    Always: always removable.

    With Authentication: removable with authentication.

    Never: never removable. Select this option to prevent users from removing the profile.

CalDAV settings (iOS and macOS)

CalDAV configurations allow you to specify parameters for connecting to CalDAV-compliant calendar servers. CalDAV (or Calendaring Extensions to WebDAV), is a remote calendar access standard supported by iOS and macOS.

Users may be prompted for any settings you do not specify.

Procedure 

  1. Go to Policies & Configs > Configurations.
  2. Select Add New > Apple > iOS and macOS > CalDAV.
  3. Specify parameters for connecting to CalDAV-compliant calendar servers, as described in CalDAV settings (iOS and macOS) .
  4. Select Save.

    Table 106.  CalDAV settings (iOS and macOS)

    Item

    Description

    Name

    Enter brief text that identifies this group of iOS and macOS CalDAV settings.

    Description

    Enter additional text that clarifies the purpose of this group of iOS and macOS general settings.

    HostName

    Enter the host name of the calendar server.

    Port

    Enter the port for the calendar server.

    Principal URL

    Enter the URL for accessing calendar services.

    Use SSL

    Select to use SSL for data transfer.

    Use Google Apps Password

    Select to use the Google Apps password. For more information about configuring the Google Apps password, see [].

    User Name

    Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format.

    Why: Some enterprises have a strong preference concerning which identifier is exposed.

    See Supported Variables for CalDAV Settings.

    Password

    Specify the password to use. The default value is $PASSWORD$. Use this field to specify a custom format, such as $PASSWORD$_US.

    See Supported Variables for CalDAV Settings.

Supported Variables for CalDAV Settings

You can use the following variables in fields that support variables.

  • $USERID$

  • $EMAIL$
  • $MANAGED_APPLE_ID$

    For Shared iPad devices and User Enrolled devices only.

  • $NULL$
  • $USER_CUSTOM1$... $USER_CUSTOM4$ (custom fields defined for LDAP)

CardDAV settings (iOS and macOS)

CardDAV configurations allow you to specify parameters for connecting to CardDAV-compliant address book servers. CardDAV (or vCard Extensions to WebDAV), is a remote contact data access standard supported by iOS and macOS.

This configuration is supported on iOS and macOS v10.8. macOS v10.7 Lion is not supported.

Procedure 

  1. Go to Policies & Configs > Configurations.
  2. Select Add New > Apple > iOS and macOS > CardDAV to configure access to subscription address books compatible with this protocol.
  3. Configure your CardDav settings as described in CardDAV settings (iOS and macOS) .
  4. Select Save.
Table 107.  CardDAV settings (iOS and macOS)

Item

Description

Name

Enter brief text that identifies this group of iOS and macOS subscribed address book settings.

Description

Enter additional text that clarifies the purpose of this group of iOS and macOS subscribed address book settings.

HostName

Enter the hostname or IP address of the CardDAV account.

Port

Enter the port number of the CardDAV account.

Principal URL

Enter the Principal URL for the CardDAV account.

Use SSL

Select to use SSL for data transfer.

Use Google Apps Password

Select to use the Google Apps password. For more information about configuring the Google Apps password, see [].

User Name

Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format.

Why: Some enterprises have a strong preference concerning which identifier is exposed.

See Supported variables for CardDAV Settings.

Password

Specify the password to use. The default value is $PASSWORD$. Use this field to specify a custom format, such as $PASSWORD$_$USERID$.

See Supported variables for CardDAV Settings.

Communication Service Rules (iOS 10 and later)

Select a default audio service or app to be associated with the device user's accounts on the Exchange, CardDAV, LDAP, and Google servers. All calls initiated on the iOS device to contacts from contact lists stored on the server will use the selected audio service by default. This feature is supported on devices running iOS 10 or supported newer versions.

To enable communication service rules:

Select Choose a default app to be used when calling contacts from this account. A drop-down list of apps is displayed.

Select the drop-down list to select the default audio app or service.

Supported variables for CardDAV Settings

You can use the following variables in fields that support variables.

  • $USERID$
  • $EMAIL$
  • $MANAGED_APPLE_ID$

    For Shared iPad devices and User Enrolled devices only.

  • $NULL$
  • $USER_CUSTOM1$... $USER_CUSTOM4$ (custom fields defined for LDAP)

Web Clips settings (iOS and macOS)

You can send web clips to the home screens of managed devices by creating a web clip setting.

Procedure 

  1. Go to Policies & Configs > Configurations.
  2. Select Add New > Apple > iOS and macOS > Web Clips to add web clips to the home screen of users’ devices.
  3. Use Web clips settings to make your configurations.

    Table 108.  Web clips settings

    Item

    Description

    Web Clips Set Name

    Enter brief text that identifies this group of iOS and macOS web clips settings.

    Description

    Enter additional text that clarifies the purpose of this group of iOS and macOS web clips settings.

  4. Under the Web Clips field, select Add New. The Add Web Clip dialog box opens.
  5. Use the table below as a guide to completing your web clip entry.

    Table 109.  Web clips settings (iOS and macOS)

    Item

    Description

    Name

    Enter a name that identifies this configuration.

    Address/URL

    Enter the address or URL for the target of the web clip. Ensure the URL you enter includes the prefix http:// or https://.

    Icon

    Select an icon to display for the web clip.

    Removable

    Clear the Removable check box to prevent users from removing the web clip once it is pushed out to their phones.

    Full Screen

    By default, Full Screen is selected. When selected, the web clip is displayed as a full-screen application.

    Apple does not currently support the display of full screen web clips in full screen mode on devices running iOS 8, iOS 8.1, and iOS 8.1.1.

    Precomposed

    By default, Precomposed is selected. When selected, iOS will not add the bezel shading effect to the icon.

    Ignore Manifest Scope

    Deselected (default) means Safari UI appears when device user navigates away from the web clip’s URL.

    Selected means a full screen web clip can navigate to an external web site without showing Safari UI.

    If Full Screen is deselected, this field has no effect.

    Target Bundle Identifier

    The application bundle identifier that specifies the application that opens the URL. To use this property, the profile must be installed through an MDM.

  6. In the New Web Clips Setting dialog box, select Add New for additional web clips.
  7. When finished, select Save.

Configuration profile settings (iOS, tvOS, and macOS)

Occasionally, you may want to upload an iOS, tvOS, or macOS configuration profile generated from outside of Ivanti EPMM and push it to devices.

For example, you can send devices an Apple Configurator payload by exporting the payload from Apple Configurator and pushing it to devices as a .plist file. This is particularly useful for edge case scenarios, where the command you wish to execute on the device is not otherwise available.

When pushing a configuration profile to iOS and macOS devices applied to a particular label, Ivanti EPMM also pushes the profile to any Apple TV devices applied to that label.

When using this option, it is required to only have the portion of the .plist that is inside the array of the "PayloadContent", essentially "<dict>...</dict>". Any substitution variables will not be substituted. The file will not be validated and will be added to the payload without any modifications.

Another use case is if you wish to deploy a signed .mobileconfig file, for example, Apple debug configurations via MDM. Because Ivanti EPMM does not expect a signed file, it would not be able to parse it and inject a substitution variable because it would change the signature of the signed file. To get around this, select the Send File Verbatim - do not parse or use substitution variables check box. Files uploaded with this option selected are sent as is to the device without parsing, validating, or signing of the file by Ivanti EPMM.

Ivanti EPMM server will not attempt to process the file by parsing for substitution variables, sign the configuration when delivering to a device, or make any additions or modifications to the configuration. File must be in a valid .mobileconfig format and should be signed.

Procedure 

  1. Go to Policies & Configs > Configurations.
  2. Select Add New > Apple > iOS and macOS > Configuration Profile.
  3. In the Name field, enter a name for the configuration profile setting.
  4. Select Choose File and navigate to the relevant .plist file.
  5.  You can hide or display the contents of the file as follows:
    • Select Allow Viewing of Content to make the file contents visible.
    • Deselect Allow Viewing of Content to hide the file contents.
  6. Select User or Device channel.
  7. If the file is a signed .mobileconfig file, select Send File Verbatim - do not parse or use substitution variables check box.
  8. Select Save.
  9. Select the configuration profile you created and apply it to a relevant label or labels.

LDAP settings (iOS and macOS)

You can configure an LDAP profile for iOS and macOS devices.

Procedure 

  1. Go to Policies & Configs > Configurations.
  2. Select Add New > iOS and macOS > LDAP to configure an LDAP profile for iOS and macOS devices.

    The New LDAP Setting dialog box opens.

  3. Use the guidelines in the table below to complete this form.

     

    Table 110.  Add new LDAP configuration

    Item

    Description

    Name

    Descriptive name to use when referencing this configuration.

    Account Description

    Optional. Description of the LDAP account.

    Account Username

    Optional. Username for accessing the LDAP account.

    Account Password

    Optional. Password that corresponds to the Account Username value. The password applies to encrypted accounts.

    Confirm Account Password

    Optional. Confirms the password entered in the Account Password field.

    Account Hostname

    The hostname for the LDAP server.

    Use SSL

    Whether to use SSL.

    Search Settings

    Should have at least one entry for the account. Each entry represents a node in the LDAP tree from which to start searching. Select the + button to add a new entry, then edit the entry.

    An entry consists of the following values:

    Description: Explains the purpose of the search setting.

    Scope: Select Base, Subtree, or One Level to indicate the scope of the search. Base indicates just the node level, Subtree indicates the node and all children, One Level indicates the node and one level of children.

    Search Base: The conceptual path to the specified note (e.g., ou=people, o=mycorp).

    Communication Service Rules (iOS 10 and later)

    Select a default audio service or app to be associated with the device user's accounts on the Exchange, CardDAV, LDAP, and Google servers. All calls initiated on the iOS device to contacts from contact lists stored on the server will use the selected audio service by default. This feature is supported on devices running iOS 10 or supported newer versions.

    To enable communication service rules:

    Select Choose a default app to be used when calling contacts from this account. A drop-down list of apps is displayed.

    Select the drop-down list to select the default audio app or service.

  4. Select Save.