Managed App Configuration macOS
Introduction
It is possible to pre-configure some apps with the policy configuration Managed App (Managed App)
. This configuration is only available for iOS devices from version 7 and macOS devices from version 11+.
Configuration
The bundle ID of the apps that have to be configured have to be specified and a valid app configuration has to be attached.
In the payload, the placeholders that appear at the bottom of the page be used. For example, you can configure an email client app by using the placeholder {$user.email}
. This way, it is possible to make the configuration usable for different users. The placeholders will be filled in when the configuration is pushed to the devices.
Basically, the manufacturer of each app is responsible for the configuration options. We have listed some examples here that worked with the apps at the time of writing. We make no guarantee that this will continue to be the case.
Microsoft Outlook for Office365
com.microsoft.Office.Outlook
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.microsoft.outlook.EmailProfile.AccountType</key>
<string>ModernAuth</string>
<key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>
<string>${user.fullname}</string>
<key>com.microsoft.outlook.EmailProfile.ServerHostName</key>
<string>outlook.office365.com</string>
<key>com.microsoft.outlook.EmailProfile.EmailAddress</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.EmailUPN</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
<string></string>
<key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>
<string>Username and Password</string>
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>${user.email}</string>
</dict>
</plist>
Microsoft Outlook for an on premise Exchange Server
com.microsoft.Office.Outlook
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.microsoft.outlook.EmailProfile.AccountType</key>
<string>BasicAuth</string>
<key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>
<string>${user.fullname}</string>
<key>com.microsoft.outlook.EmailProfile.ServerHostName</key>
<string>exchange.server.name</string>
<key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
<string>domainname</string>
<key>com.microsoft.outlook.EmailProfile.EmailAddress</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.EmailUPN</key>
<string>${user.email}</string>
<key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
<string></string>
<key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>
<string>Username and Password</string>
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Disabled</string>
<key>IntuneMAMUPN</key>
<string>${user.email}</string>
</dict>
</plist>
SecurePIM for Office365
com.virtual-solution.securepim-enterprise
<?xml version="1.0" ?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>license</key>
<string>your-license-key</string>
<key>activeSyncServer</key>
<string>outlook.office365.com</string>
<key>userEmail</key>
<string>${user.email}</string>
<key>activeSyncUser</key>
<string>${user.email}</string>
<key>deviceSerialNumber</key>
<string>${device.serialnumber}</string>
<key>recipientCertificateEmail</key>
<string>${user.email}</string>
<key>allowTouchIDAuthentication</key>
<string>true</string>
<key>callKitEnabled</key>
<string>true</string>
</dict>
</plist>
FileBrowser for Education
com.stratospherix.filebrowsereducation
Configuration of an SMB share
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mdm-enforce</key>
<integer>1</integer>
<key>lockdown</key>
<integer>1</integer>
<key>1displayname</key>
<string>My NAS</string>
<key>1domain</key>
<string>office.mwaysolutions.com</string>
<key>1flags</key>
<integer>1746</integer>
<key>1machinename</key>
<string>smb://yoursmbservershare/</string>
<key>1username</key>
<string>${user.email}</string>
<key>1vpntype</key>
<integer>0</integer>
<key>waitForSearchButton</key>
<integer>0</integer>
</dict>
</plist>
IBM Verse client
com.ibm.lotus.traveler
<?xml version="1.0" ?>
<!DOCTYPE plist PUBLIC "-//Apple Inc//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>appConfigOnly</key>
<string>true</string>
<key>serverType</key>
<string>onpremise</string>
<key>serverURL</key>
<string>server_url_or_ip_address</string>
<key>user</key>
<string>${user.name}</string>
<key>password</key>
<string></string>
<key>restrictClipboard</key>
<string>false</string>
<key>disableShareMenu</key>
<string>false</string>
<key>disableRemoteImages</key>
<string>false</string>
<key>mamKey</key>
<string></string>
<key>mamKeyMismatchTimeout</key>
<integer>24</integer>
<key>disableAttachmentExport</key>
<string>false</string>
<key>mailFilterDays</key>
<integer>3</integer>
<key>mailFilterDays.lock</key>
<string>false</string>
<key>previewLines</key>
<integer>2</integer>
<key>previewLines.lock</key>
<string>false</string>
<key>confirmDelete</key>
<string>false</string>
<key>confirmDelete.lock</key>
<string>false</string>
<key>attachmentFilter</key>
<integer>100</integer>
<key>attachmentFilter.lock</key>
<string>false</string>
<key>mailThreads</key>
<string>false</string>
<key>mailThreads.lock</key>
<string>false</string>
<key>useMailSignature</key>
<string>false</string>
<key>useMailSignature.lock</key>
<string>false</string>
<key>mailSignature</key>
<string></string>
<key>mailSignature.lock</key>
<string>false</string>
<key>bccMyself</key>
<string>false</string>
<key>bccMyself.lock</key>
<string>false</string>
<key>calendarPastFilterDays</key>
<integer>14</integer>
<key>calendarPastFilterDays.lock</key>
<string>false</string>
<key>calendarAlarms</key>
<string>true</string>
<key>calendarAlarms.lock</key>
<string>false</string>
<key>calendarAudioAlarms</key>
<string>true</string>
<key>calendarAudioAlarms.lock</key>
<string>false</string>
<key>weekStartDay</key>
<integer>0</integer>
<key>weekStartDay.lock</key>
<string>false</string>
<key>exportContacts</key>
<string>false</string>
<key>exportContacts.lock</key>
<string>false</string>
<key>searchCorpDirectory</key>
<string>true</string>
<key>searchCorpDirectory.lock</key>
<string>false</string>
<key>contactSortOrder</key>
<string>lastfirst</string>
<key>contactSortOrder.lock</key>
<string>false</string>
<key>contactDisplayOrder</key>
<string>firstlast</string>
<key>contactDisplayOrder.lock</key>
<string>false</string>
<key>appPassword</key>
<string>false</string>
<key>appPasswordType</key>
<string>numeric</string>
<key>appPasswordMinLetters</key>
<integer>0</integer>
<key>appPasswordMinNumeric</key>
<integer>0</integer>
<key>appPasswordMinNonLetters</key>
<integer>0</integer>
<key>appPasswordMinUppercase</key>
<integer>0</integer>
<key>appPasswordMinLowercase</key>
<integer>0</integer>
<key>appPasswordMinSymbols</key>
<integer>0</integer>
<key>appPasswordMinLength</key>
<integer>4</integer>
<key>appPasswordAutolock</key>
<integer>30</integer>
<key>appPasswordExpiration</key>
<integer>0</integer>
<key>appPasswordHistory</key>
<integer>0</integer>
<key>appPasswordWipeFailures</key>
<integer>0</integer>
<key>appPasswordProhibitSequences</key>
<string>false</string>
<key>appPasswordProhibitTouchID</key>
<string>false</string>
</dict>
</plist>