Commands and Queries

Manage the configuration and behavior of your devices with these commands.

Overview

The Mobile Device Management (MDM) protocol provides a way to tell a device to remotely execute certain management commands. First, a device registers with the MDM server. Then, the server sends push notifications to the device when there are commands to be performed on the device.

When the device receives the notification, it polls the server for the command, performs the command, and reports the command results to the server. The device then checks for other commands to be performed.

Topics

Profile Management

Install a Profile

Install a profile on the device.

List the Installed Profiles

Get a list of installed profiles on the device.

Remove a Profile

Remove a previously installed profile from the device.

Install a Provisioning Profile

Install a provisioning profile on the device.

List the Installed Provisioning Profiles

Get a list of installed provisioning profiles on the device.

Remove a Provisioning Profile

Remove a previously installed provisioning profile from the device.

Device Details

List the Installed Apps

Get a list of the installed third-party apps on the device.

Get Device Information

Get details about the device.

Release Device from Await Configuration

Inform the device that it can continue in DEP enrollment.

List the Installed Restrictions

Get a list of all the restrictions being enforced by all the profiles on the device.

Device State

Erase a Device

Remotely and immediately erase a device.

Lock a Device

Remotely and immediately lock a lost device.

Restart a Device

Remotely and immediately restart a device.

Shut Down a Device

Remotely and immediately shut down a device.

Managed Apps

Install an App

Install managed third-party apps on the device.

Install an Enterprise App

Install managed enterprise apps on the device.

Apply a Redemption Code

Complete the installation of an app with a redemption code.

Remove an App

Remove managed apps that were previously installed.

Validate Apps

Allow the server to force validation of developer and universal provisioning profiles that are associated with an enterprise app.

List the Managed Apps

Get the status of all the managed apps on the device.

Get App Attributes

Get app attributes from a managed app on the device.

Get App Configuration

Get app configuration from a managed app on the device.

Get App Feedback

Get app feedback from a managed app on the device.

Managed Media

Install Media

Install a book onto a device.

List the Managed Media

Get a list of the managed media on the device.

Remove Media

Remove previously installed managed media from the device.

Accounts

Account Configuration

Configure accounts, including admin accounts, on the device.

Invite to the Program

Invite a user to join a volume purchase program.

Passwords

Clear the Passcode

Remove the passcode from the device.

Clear the Restrictions Password

Clear the restrictions password and the restrictions set on the device.

Unlock a User Account

Unlock a user account that has been locked because of too many failed password attempts.

Set the Auto Admin Password

Update the local admin account password.

Set the Firmware Password

Change or clear the firmware password on the device.

Verify the Firmware Password

Verify the device's firmware password.

Updates

Schedule an OS Update Scan

Schedule a background scan for OS updates on the device.

List the Available OS Updates

Get a list of available OS updates for the device.

Schedule an OS Update

Schedule an update of the OS on the device.

Get the OS Update Status

Get the status of OS updates on the device.

Lost Device

Enable MDM Lost Mode

Enable lost mode on the device, which provides a message and phone number on the lock screen.

Get the Location of a Device

Request the location of the device when in lost mode.

Play the Lost Mode Sound

Play the lost mode sound on the remote device.

Disable MDM Lost Mode

Take the device out of lost mode.

AirPlay Mirroring

Start AirPlay Mirroring

Configure the device to mirror its display on another device.

Stop AirPlay Mirroring

Stop mirroring of the display on another device.

eSim Management

Update the eSIM Cellular Plan

Query a carrier URL for active eSIM cellular-plan profiles.

Managed Settings

Disable Remote Desktop

Disable Remote Desktop on the computer.

Enable Remote Desktop

Enable Remote Desktop on the computer.

Set Settings

Configure settings on the device.

Security

Security Information

Get security-related information about the device.

List the Certificates

Get a list of installed certificates.

Get the Bypass Code for Activation Lock

Get the code you use to bypass activation lock.

Clear the Bypass Code for Activation Lock

Clear the activation lock bypass code from the device.

Rotate the FileVault Key

Reset the FileVault password periodically to mitigate the security risk of deployed devices.

Extensions

List Active NSExtensions

Get a list of active NSExtensions for a particular user.

List the NSExtensions

Get a list of the installed extensions for a user.

User Management

List the User Accounts

Get a list of users with active accounts on the device.

Log Out the User

Force the current user to log out.

Delete a User

Delete a user's account on the device.

Deprecated

Request the Unlock Token

Request an unlock token from the device.

Deprecated

See Also

MDM Protocol

Check-in

Authenticate devices and maintain push tokens with these commands.