Managed App Configuration
Introduction
It is possible to pre-configure some apps with the policy configuration Managed App (Managed App). This configuration is only available for iOS devices from version 7 and macOS devices from version 11+.
Configuration
Specify the bundle ID of the app you want to configure and attach a valid app configuration payload.
In the payload, you can use the placeholders that appear at the bottom of the page. For example, you can configure an email client app by using the placeholder {$user.email}. This way you can make the configuration usable for different users. The placeholders will be filled in when the configuration is pushed to the devices.
The app to be configured must already be installed on the devices before the app configuration is applied. If you install the app on the devices in the same policy, make sure to run the app configuration after installing the app by adding it to the list of configurations later.
Basically, the manufacturer of each app is responsible for the configuration options. We have listed some examples here that worked with the apps at the time of writing. We make no guarantee, that this will continue to be the case.
Goodnotes 6
com.goodnotesapp.x
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ManagedAppConfigurationVersion</key>
<string>1</string>
<key>LicenseKey</key>
<string>AAAAAA-BBBBBB-CCCCCC-DDDDDD-123456-V3</string>
</dict>
</plist>
Additional informations can be found on the Goodnotes webseite.
Microsoft Outlook for Office365
com.microsoft.Office.Outlook
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.microsoft.outlook.EmailProfile.AccountType</key>
<string>ModernAuth</string>
<key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>
<string>${user.fullname}</string>
<key>com.microsoft.outlook.EmailProfile.ServerHostName</key>
<string>outlook.office365.com</string>
<key>com.microsoft.outlook.EmailProfile.EmailAddress</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.EmailUPN</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
<string></string>
<key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>
<string>Username and Password</string>
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>${user.email}</string>
</dict>
</plist>
Microsoft Outlook for an on premise Exchange Server
com.microsoft.Office.Outlook
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.microsoft.outlook.EmailProfile.AccountType</key>
<string>BasicAuth</string>
<key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>
<string>${user.fullname}</string>
<key>com.microsoft.outlook.EmailProfile.ServerHostName</key>
<string>exchange.server.name</string>
<key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
<string>domainname</string>
<key>com.microsoft.outlook.EmailProfile.EmailAddress</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.EmailUPN</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
<string></string>
<key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>
<string>Username and Password</string>
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Disabled</string>
<key>IntuneMAMUPN</key>
<string>${user.email}</string>
</dict>
</plist>
SecurePIM for Office365
com.virtual-solution.securepim-enterprise
<?xml version="1.0" ?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>license</key>
<string>your-license-key</string>
<key>activeSyncServer</key>
<string>outlook.office365.com</string>
<key>userEmail</key>
<string>${user.email}</string>
<key>activeSyncUser</key>
<string>${user.email}</string>
<key>deviceSerialNumber</key>
<string>${device.serialnumber}</string>
<key>recipientCertificateEmail</key>
<string>${user.email}</string>
<key>allowTouchIDAuthentication</key>
<string>true</string>
<key>callKitEnabled</key>
<string>true</string>
</dict>
</plist>
FileBrowser for Education
com.stratospherix.filebrowsereducation
Configuration of an SMB share
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mdm-enforce</key>
<integer>1</integer>
<key>lockdown</key>
<integer>1</integer>
<key>1displayname</key>
<string>My NAS</string>
<key>1domain</key>
<string>office.mwaysolutions.com</string>
<key>1flags</key>
<integer>1746</integer>
<key>1machinename</key>
<string>smb://yoursmbservershare/</string>
<key>1username</key>
<string>${user.email}</string>
<key>1vpntype</key>
<integer>0</integer>
<key>waitForSearchButton</key>
<integer>0</integer>
</dict>
</plist>
IBM Verse client
com.ibm.lotus.traveler
<?xml version="1.0" ?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>appConfigOnly</key>
<string>true</string>
<key>serverType</key>
<string>onpremise</string>
<key>serverURL</key>
<string>server_url_or_ip_address</string>
<key>user</key>
<string>${user.name}</string>
<key>password</key>
<string></string>
<key>restrictClipboard</key>
<string>false</string>
<key>disableShareMenu</key>
<string>false</string>
<key>disableRemoteImages</key>
<string>false</string>
<key>mamKey</key>
<string></string>
<key>mamKeyMismatchTimeout</key>
<integer>24</integer>
<key>disableAttachmentExport</key>
<string>false</string>
<key>mailFilterDays</key>
<integer>3</integer>
<key>mailFilterDays.lock</key>
<string>false</string>
<key>previewLines</key>
<integer>2</integer>
<key>previewLines.lock</key>
<string>false</string>
<key>confirmDelete</key>
<string>false</string>
<key>confirmDelete.lock</key>
<string>false</string>
<key>attachmentFilter</key>
<integer>100</integer>
<key>attachmentFilter.lock</key>
<string>false</string>
<key>mailThreads</key>
<string>false</string>
<key>mailThreads.lock</key>
<string>false</string>
<key>useMailSignature</key>
<string>false</string>
<key>useMailSignature.lock</key>
<string>false</string>
<key>mailSignature</key>
<string></string>
<key>mailSignature.lock</key>
<string>false</string>
<key>bccMyself</key>
<string>false</string>
<key>bccMyself.lock</key>
<string>false</string>
<key>calendarPastFilterDays</key>
<integer>14</integer>
<key>calendarPastFilterDays.lock</key>
<string>false</string>
<key>calendarAlarms</key>
<string>true</string>
<key>calendarAlarms.lock</key>
<string>false</string>
<key>calendarAudioAlarms</key>
<string>true</string>
<key>calendarAudioAlarms.lock</key>
<string>false</string>
<key>weekStartDay</key>
<integer>0</integer>
<key>weekStartDay.lock</key>
<string>false</string>
<key>exportContacts</key>
<string>false</string>
<key>exportContacts.lock</key>
<string>false</string>
<key>searchCorpDirectory</key>
<string>true</string>
<key>searchCorpDirectory.lock</key>
<string>false</string>
<key>contactSortOrder</key>
<string>lastfirst</string>
<key>contactSortOrder.lock</key>
<string>false</string>
<key>contactDisplayOrder</key>
<string>firstlast</string>
<key>contactDisplayOrder.lock</key>
<string>false</string>
<key>appPassword</key>
<string>false</string>
<key>appPasswordType</key>
<string>numeric</string>
<key>appPasswordMinLetters</key>
<integer>0</integer>
<key>appPasswordMinNumeric</key>
<integer>0</integer>
<key>appPasswordMinNonLetters</key>
<integer>0</integer>
<key>appPasswordMinUppercase</key>
<integer>0</integer>
<key>appPasswordMinLowercase</key>
<integer>0</integer>
<key>appPasswordMinSymbols</key>
<integer>0</integer>
<key>appPasswordMinLength</key>
<integer>4</integer>
<key>appPasswordAutolock</key>
<integer>30</integer>
<key>appPasswordExpiration</key>
<integer>0</integer>
<key>appPasswordHistory</key>
<integer>0</integer>
<key>appPasswordWipeFailures</key>
<integer>0</integer>
<key>appPasswordProhibitSequences</key>
<string>false</string>
<key>appPasswordProhibitTouchID</key>
<string>false</string>
</dict>
</plist>