Managed Settings

RSS for tag

Set restrictions for certain settings, such as locking accounts in place, preventing password modification, filtering web traffic, and shielding apps.

Posts under Managed Settings tag

105 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

DurationUntilRemoval MDM property
Hello, I have an issue with DurationUntilRemoval—it never deletes my profile. I installed it via my MDM server and also tried installing it using Apple Configurator 2. The device is in supervised mode. Here is my profile: ** DurationUntilRemoval** ** 3600** <key>PayloadContent</key> <array> <dict> <key>PayloadDescription</key> <string>Configures restrictions</string> <key>PayloadDisplayName</key> <string>Restrictions</string> <key>PayloadIdentifier</key> <string>com.apple.applicationaccess.82B4587F-86F6-406B-9D27-03A799379EB5</string> <key>PayloadType</key> <string>com.apple.applicationaccess</string> <key>PayloadUUID</key> <string>82B4587F-86F6-406B-9D27-03A799379EB5</string> <key>PayloadVersion</key> <integer>1</integer> <key>allowActivityContinuation</key> <true/> <key>allowAddingGameCenterFriends</key> <true/> <key>allowAirPlayIncomingRequests</key> <true/> <key>allowAirPrint</key> <true/> <key>allowAirPrintCredentialsStorage</key> <true/> <key>allowAirPrintiBeaconDiscovery</key> <true/> <key>allowAppCellularDataModification</key> <true/> <key>allowAppClips</key> <true/> <key>allowAppInstallation</key> <true/> <key>allowAppRemoval</key> <true/> <key>allowApplePersonalizedAdvertising</key> <true/> <key>allowAssistant</key> <true/> <key>allowAssistantWhileLocked</key> <true/> <key>allowAutoCorrection</key> <true/> <key>allowAutoUnlock</key> <true/> <key>allowAutomaticAppDownloads</key> <true/> <key>allowBluetoothModification</key> <true/> <key>allowBookstore</key> <true/> <key>allowBookstoreErotica</key> <true/> <key>allowCamera</key> <true/> <key>allowCellularPlanModification</key> <true/> <key>allowChat</key> <true/> <key>allowCloudBackup</key> <true/> <key>allowCloudDocumentSync</key> <true/> <key>allowCloudPhotoLibrary</key> <true/> <key>allowContinuousPathKeyboard</key> <true/> <key>allowDefinitionLookup</key> <true/> <key>allowDeviceNameModification</key> <true/> <key>allowDeviceSleep</key> <true/> <key>allowDictation</key> <true/> <key>allowESIMModification</key> <true/> <key>allowEnablingRestrictions</key> <true/> <key>allowEnterpriseAppTrust</key> <true/> <key>allowEnterpriseBookBackup</key> <true/> <key>allowEnterpriseBookMetadataSync</key> <true/> <key>allowEraseContentAndSettings</key> <true/> <key>allowExplicitContent</key> <true/> <key>allowFilesNetworkDriveAccess</key> <true/> <key>allowFilesUSBDriveAccess</key> <true/> <key>allowFindMyDevice</key> <true/> <key>allowFindMyFriends</key> <true/> <key>allowFingerprintForUnlock</key> <true/> <key>allowFingerprintModification</key> <true/> <key>allowGameCenter</key> <true/> <key>allowGlobalBackgroundFetchWhenRoaming</key> <true/> <key>allowInAppPurchases</key> <true/> <key>allowKeyboardShortcuts</key> <true/> <key>allowManagedAppsCloudSync</key> <true/> <key>allowMultiplayerGaming</key> <true/> <key>allowMusicService</key> <true/> <key>allowNews</key> <true/> <key>allowNotificationsModification</key> <true/> <key>allowOpenFromManagedToUnmanaged</key> <true/> <key>allowOpenFromUnmanagedToManaged</key> <true/> <key>allowPairedWatch</key> <true/> <key>allowPassbookWhileLocked</key> <true/> <key>allowPasscodeModification</key> <true/> <key>allowPasswordAutoFill</key> <true/> <key>allowPasswordProximityRequests</key> <true/> <key>allowPasswordSharing</key> <true/> <key>allowPersonalHotspotModification</key> <true/> <key>allowPhotoStream</key> <true/> <key>allowPredictiveKeyboard</key> <true/> <key>allowProximitySetupToNewDevice</key> <true/> <key>allowRadioService</key> <true/> <key>allowRemoteAppPairing</key> <true/> <key>allowRemoteScreenObservation</key> <true/> <key>allowSafari</key> <true/> <key>allowScreenShot</key> <true/> <key>allowSharedStream</key> <true/> <key>allowSpellCheck</key> <true/> <key>allowSpotlightInternetResults</key> <true/> <key>allowSystemAppRemoval</key> <true/> <key>allowUIAppInstallation</key> <true/> <key>allowUIConfigurationProfileInstallation</key> <true/> <key>allowUSBRestrictedMode</key> <true/> <key>allowUnpairedExternalBootToRecovery</key> <false/> <key>allowUntrustedTLSPrompt</key> <true/> <key>allowVPNCreation</key> <true/> <key>allowVideoConferencing</key> <true/> <key>allowVoiceDialing</key> <true/> <key>allowWallpaperModification</key> <true/> <key>allowiTunes</key> <true/> <key>forceAirDropUnmanaged</key> <false/> <key>forceAirPrintTrustedTLSRequirement</key> <false/> <key>forceAssistantProfanityFilter</key> <false/> <key>forceAuthenticationBeforeAutoFill</key> <false/> <key>forceAutomaticDateAndTime</key> <false/> <key>forceClassroomAutomaticallyJoinClasses</key> <false/> <key>forceClassroomRequestPermissionToLeaveClasses</key> <false/> <key>forceClassroomUnpromptedAppAndDeviceLock</key> <false/> <key>forceClassroomUnpromptedScreenObservation</key> <false/> <key>forceDelayedSoftwareUpdates</key> <false/> <key>forceEncryptedBackup</key> <false/> <key>forceITunesStorePasswordEntry</key> <false/> <key>forceLimitAdTracking</key> <false/> <key>forceWatchWristDetection</key> <false/> <key>forceWiFiPowerOn</key> <false/> <key>forceWiFiWhitelisting</key> <false/> <key>ratingApps</key> <integer>1000</integer> <key>ratingMovies</key> <integer>1000</integer> <key>ratingRegion</key> <string>us</string> <key>ratingTVShows</key> <integer>1000</integer> <key>safariAcceptCookies</key> <real>2</real> <key>safariAllowAutoFill</key> <true/> <key>safariAllowJavaScript</key> <true/> <key>safariAllowPopups</key> <true/> <key>safariForceFraudWarning</key> <false/> </dict> </array> <key>PayloadDisplayName</key> <string>papala</string> <key>PayloadIdentifier</key> <string>MacBook-Pro-Kyrylo-2.4A2954CA-57A5-44D9-8AD3-546407A0CAD4</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>BEED8448-8866-43EB-AC3C-1C3C652AADE4</string> <key>PayloadVersion</key> <integer>1</integer> it's just test profile, without difficult stuff, but it doesn't work too What is wrong?
0
0
230
4d
How to remotely disable or block apps on a child’s device using FamilyControls and DeviceActivity API?
After reading Apple documentation (FamilyControls, DeviceActivity, ManagedSettings, ManagedSettingsUI, ScreenTime) and testing the API, I do not find a way to get the child's device apps on the parent device in order to block them or disable them for a certain time. Is there a way of doing it? Or can it only be done locally on the child device?
1
0
197
5d
MacOS sometimes not asking for password after sleep when close lid
Sometimes, when I close the lid using the MacOs version Sequoia 15.2, with the configuration to require a password for 5 seconds, the system does not ask for the password as expected. This happens sometimes even though nothing preventing the system from sleeping when you close and open the lid, but it still seems like a security concern. Is there some known issue related to this problem or a way to avoid it? Result of command pmset -g: Configuration:
1
0
163
1w
Detect change to apps Screen Time Access
I'm creating an app which gamifies Screen Time reduction. I'm running into an issue with apples Screen Time setting where the user can disable my apps "Screen Time access" and get around losing the game. Is there a way to detect when this setting is disabled for my app? I've tried using AuthorizationCenter.shared.authorizationStatus but this didn't do the trick. Does anyone have an ideas?
0
0
161
1w
ManagedSettingStore limits and groups
So what's the point of being able to block unto 50 apps per ManagedSettingStore via store.application.blockedApplications (which works fine) until removing the blocked apps or clearing the store. Where the following occurs if you have a social networking group with more than 9 apps only 9 apps will go back into the group and all the others will go onto the springboard all jumbled if you end up with an empty group then tap into the group, it is removed then during the reset all apps are placed back on to the springboard
0
0
163
3w
DeviceActivityMonitor extension does not call back at the set time
Hello Apple development team, I have developed an App for screen time management, which mainly uses ScreenTimeAPI. Users can set certain Apps to be disabled during a certain period of time. After the App is released, users often report that the settings do not take effect as expected. I have seen many developers on the forum reporting that the DeviceActivityMonitor extension sometimes does not trigger callbacks. Based on this background, I have the following questions: Is it a known problem that the DeviceActivityMonitor extension sometimes does not trigger callbacks? If so, are there any means to avoid or reduce the probability of occurrence? In addition to being killed by the system when the running memory exceeds (I just called some ScreenTimeAPI and accessed UserDefaults in the extension, which should not exceed the running memory), under what other circumstances will the DeviceActivityMonitor extension be killed by the system? Will it automatically recover after being killed? Will some callbacks be called when killing? Does ManagedSettingsStore have a life cycle? How do you avoid conflicts when configuring the underlying operating mechanism of multiple stores? This is a random problem. I have never encountered it during development and debugging, but users often report it. thanks
1
0
247
3w
AppLock payload - Need network change option
Managed iOS/iPad devices are struck with no network under below conditions Enrolling a Supervised iOS device Send InstallProfile command with AppLock payload (https://developer.apple.com/documentation/devicemanagement/applock) Now when the above managed device loses network connection with MDM server due to unknown network issues - the device is out of contact with MDM server and device is locked. Since such AppLock payload installed devices are placed in remote locations, it becomes difficult for Admins to recover such devices with no network connectivity. The devices have to be brought in from remote location and recover them. Under such conditions, it would be better to allow the end user to change the Network configuration manually to reconnect the device with MDM server. This option can also be allowed only when the device can’t ping MDM server.
1
0
351
Jan ’25
ShieldActionExtention not calling code or printing to console
I'm using ShieldActionExtention to make a HTTP request to a server when a user selects one of the buttons on their app shield. The apps are shielded, but nothing happens when I press one of the shield buttons. There is no message on the server signaling an HTTP request and nothing is printed to the XCode console while in debug mode. Here is my code for my Shield Action Extention // ShieldActionExtension.swift // ShieldAction // // import Foundation import UIKit import SwiftUI import ManagedSettings // Override the functions below to customize the shield actions used in various situations. // The system provides a default response for any functions that your subclass doesn't override. // Make sure that your class name matches the NSExtensionPrincipalClass in your Info.plist. class ShieldActionExtension: ShieldActionDelegate { override func handle(action: ShieldAction, for application: ApplicationToken, completionHandler: @escaping (ShieldActionResponse) -> Void) { print(action) let deviceID = UserDefaults.standard.string(forKey: UserDefaultKeys.userID.rawValue)! Task{ do{ print("sending to server") try await PlayerLosesGame(playerID: deviceID) completionHandler(.close) } catch { print("error occured on the shield") completionHandler(.none) } } } override func handle(action: ShieldAction, for webDomain: WebDomainToken, completionHandler: @escaping (ShieldActionResponse) -> Void) { print(action) let deviceID = UserDefaults.standard.string(forKey: UserDefaultKeys.userID.rawValue)! Task{ do{ print("sending to server") try await PlayerLosesGame(playerID: deviceID) completionHandler(.close) } catch { print("error occured on the shield") completionHandler(.none) } } } override func handle(action: ShieldAction, for category: ActivityCategoryToken, completionHandler: @escaping (ShieldActionResponse) -> Void) { print(action) let deviceID = UserDefaults.standard.string(forKey: UserDefaultKeys.userID.rawValue)! Task{ do{ print("sending to server") try await PlayerLosesGame(playerID: deviceID) completionHandler(.close) } catch { print("error occured on the shield") completionHandler(.none) } } //completionHandler(.close) } func PlayerLosesGame(playerID: String) async throws{ let url = URL(string: ServerConnection.GetWebsite() + "game/find?playerID="+playerID)! var request = URLRequest(url: url) request.httpMethod = "GET" print("trying this out") let (data, _) = try await URLSession.shared.data(for: request) } } I believe all my targets are set up correctly and should be working. Why is nothing happening?
2
0
327
Jan ’25
Related WebDomain Token is automatically blocked, but how do we know the related ManagedSettingsStore?
I have noticed that when I select the app token of the youtube app to be blocked via a ManagedSettingsStore, the youtube website is blocked as well (which is a good and intended behavior IMO). But how do I know in the ShieldConfigurationDataSource’s override func configuration(shielding webDomain: WebDomain, in category: ActivityCategory) -> ShieldConfiguration to which ManagedSettingsStore the WebDomain’s token is related? We use different ManagedSettingsStores for different block purposes, which differentiate in their ShieldConfiguration. Thanks a lot and have a great day!
2
0
282
6d
App Settings Not Appearing with Xcode 16.2
I recently encountered an issue with Xcode 16.2 while attempting to integrate Settings.bundle into a new app. I added Settings.bundle as a new file (using the provided template), but when I ran the app (the standard simple "Hello World" project), the expected three default controls (Name, Enabled, Slider) did not appear in the app's settings. To troubleshoot, I downgraded my system to macOS Sonoma 14.7.2 and Xcode 15.4 (on a 2023 Mac Mini, M2). After this downgrade, everything worked as expected. With a new project, adding Settings.bundle, and running the app, the settings entry for the app appeared, including the three default fields. This behavior suggests a potential issue or incompatibility with Xcode 16.2.
0
0
281
Dec ’24
Issues with ApplicationTokens After Transferring an App Using FamilyControls Framework
I am encountering an issue after transferring an app that uses the FamilyControls framework to a different app account. After releasing a new version of the app post-transfer, the following problems arose: ApplicationTokens obtained in the pre-transfer version no longer function when used with ManagedSettingsGroup.ShieldSettings in the post-transfer version. Using the same ApplicationTokens with Label(_ applicationToken: ApplicationToken) does not display the app name or icon. These issues did not occur in the pre-transfer version and everything worked as expected. We suspect that ApplicationTokens obtained prior to the transfer are no longer valid in the updated app released under the new app account. We are seeking guidance on the following: Is this expected behavior after transferring an app to another app account? What steps should we take to ensure that ApplicationTokens obtained before the transfer remain functional in the post-transfer environment? If these tokens are invalidated due to the transfer, what are the recommended procedures for regenerating or updating ApplicationTokens for existing app users? Maintaining a seamless user experience after transferring the app is critical. We would greatly appreciate any insights or guidance. Please let us know if additional information or logs would assist in investigating this issue. Thank you!
2
1
307
3w
Issue with Parent selecting child's apps using Family Controls API
I'm trying to accomplish the features in this video where the child device requests permission from parent to control scren time. Then the parent can choose apps on the childs phone from their phone. Everything on the childs device is working exactly like in the video. However, on the parents phone, when the FamilyActivityPicker appears, it's only the apps on the parents phone and when an app is selected, nothing changes in the FamilyActivitySelection. I found this forum post describe the same issue I am having. I have a physical device logged in the child and a simulator running as the parent. Why can't I see the child's apps on the parents phone? Is it cause I'm running one of them on a simulator?
1
0
312
Dec ’24
allowWebDistributionAppInstallation and forcePreserveESIMOnErase require supervision discrepantly with documentation
We provide a MDM product. In our product, payloads and properties which require supervision display those requirements. Two properties forcePreserveESIMOnErase and allowWebDistributionAppInstallation of the restriction payload don’t require a supervised device according to the descriptions in Apple Developer Documentation. However, in our observation, those properties seem to require it. Are those OS bugs or documentation errors? (In which category should I submit a feedback?) Steps to reproduce Prepare a supervised device (I used an iPhone 12 mini with iOS 18.1) and a configuration profile contains the following restrictions: <!-- Does not require a supervised device --> <key>allowDiagnosticSubmission</key> <false/> <!-- Requires a supervised device --> <key>allowESIMModification</key> <false/> <!-- Does not require a supervised device according to its description --> <key>allowWebDistributionAppInstallation</key> <false/> <!-- Does not require a supervised device according to its description --> <key>forcePreserveESIMOnErase</key> <true/> Then, Install the profile with Apple Configurator. Confirm 4 restrictions are shown in Settings > General > VPN & Device Management > PayloadDisplayName > Restrictions. Punch Settings > General > Transfer or Reset iPhone > Erase All Content and Settings, to unsupervise. Install the profile with Apple Configurator. It cannot be installed automatically because the device was not supervised. Manually install the downloaded profile. Check Settings > General > VPN & Device Management > PayloadDisplayName > Restrictions. Expected results 3 restrictions—allowDiagnosticSubmission, allowWebDistributionAppInstallation and forcePreserveESIMOnErase—are shown. Actual results Only one restriction—allowDiagnosticSubmission—is shown. Appendix: Restriction keys and their restricted message shown in Settings allowESIMModification: eSIM modification not allowed forcePreserveESIMOnErase: Preserve eSIM on erase enforced allowWebDistributionAppInstallation: Web app distribution not allowed allowDiagnosticSubmission: Diagnostic submission not allowed
1
0
532
Dec ’24
Unable to Access Team ID and Account Login Issues
Hello everyone, I am a developer and admin on App Store Connect, and I'm experiencing some issues with my account. Here’s a summary of the situation: Account Email: [Redacted] Team ID: [Redacted] Upon visiting the resources page, I encountered a popup stating: Unable to find a team with the given Team ID to which you belong. Please contact Apple Developer Program Support. When I sought assistance from a account holder, they attempted to log in using the account email but were unable to access it, despite entering the correct credentials multiple times. The login page prompted them to enter the email or phone number and password for the Apple account. Currently, I admin can log into App Store Connect, but the account holder is unable to access their account. We are facing difficulties because the Team ID appears to be disabled or unavailable in Xcode. We still have an Individual Developer subscription, but we intend to upgrade to an Organization level. I submitted a request for "Organization Membership" earlier this month. After contacting Apple support helpline multiple times, we received inconsistent responses, including suggestions to create a new account or contact developer support via email. Our main issues are: The account holder is unable to log in. The Team ID is not functioning. If we cannot continue with the individual account, we are open to using a different email for the account holder, as he handle sensitive information such as verification and payments. I have already submitted my request and am opening this thread in hopes of finding a speedy solution and guidance. I've seen multiple threads on this issue, but none have provided a resolution. Any guidance or suggestions on how to resolve these issues would be greatly appreciated! Thank you!
0
0
405
Nov ’24