Topic
This article shows examples of custom payloads for Apple MDM (Mobile Device Management) devices that can be used to add a mobile configuration to a NinjaOne policy and configure settings not available directly in the NinjaOne UI (User Interface).
Environment
NinjaOne MDM
Description
Technicians with the appropriate MDM permissions can use custom payloads for Apple MDM devices to add a mobile configuration to a NinjaOne policy and configure settings not available directly in the NinjaOne UI.
Select a category to learn more:
- Standard Format for Mobile Configuration Files
- Payloads for iOS, iPadOS, & macOS
- Certificates
- Payloads for iOS and iPadOS
Standard Format for Mobile Configuration Files
You will use mobile configuration files to create custom payloads, and Apple documentation defines the required top-level keys for these file types. Refer to TopLevel | Apple Developer Documentation (external) for more information.
The following example shows the required keys and format for each Apple MDM mobileconfig file:
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
…
</array>
<key>PayloadDisplayName</key>
<string>Profile Name</string>
<key>PayloadIdentifier</key>
<string>Profile.2DE4CC74-A880-402D-A9CF-6665C87FE12E</string>
<key>PayloadUUID</key>
<string>2DE4CC74-A880-402D-A9CF-6665C87FE12E</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
This structure contains several required fields:
| Field | Description |
|---|---|
| PayloadContent | This array of dictionaries defines each configuration payload sent to the device. Each mobileconfig must have a minimum of one payload dictionary defined within the PayloadContent array. |
| PayloadDisplayName | This is the name of the payload. |
| PayloadIdentifier | This identifier is unique among all MDM payloads sent to each device. A common practice is to use the format {Name}.{UUID}. If you attempt to install two payloads with the same identifier on a device, the second payload will typically fail to install. |
| PayloadUUID | This GUID (globally unique identifier) format string should be unique among all MDM payloads sent to each device. On a Mac, you can use the following command in Terminal to generate a random UUID (universally unique identifier).uuidgen |
| PayloadType | This is a string that matches the type of the payload. This should always have the value “Configuration" or must match one of Apple’s defined payload types. |
| PayloadVersion | This is the version of a payload. A payload can be updated without incrementing the PayloadVersion. |
Once defined in a policy, you cannot change the
PayloadIdentifier and PayloadUUID of a custom payload. If you need to modify these values, you must first define a new custom payload and delete the old one.The dictionaries within the PayloadContent array also have a very specific structure. You must include certain standard keys in each dictionary and keys unique to each PayloadType. Refer to Apple developer documentation (external) for more information.
The keys are listed in the following code block:
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
… {keys specific to the PayloadType} …
<key>PayloadDisplayName</key>
<string>Restriction</string>
<key>PayloadIdentifier</key>
<string>Restriction.63FBE224-B91A-4030-8D19-0D8D8883C4B7</string>
<key>PayloadUUID</key>
<string>63FBE224-B91A-4030-8D19-0D8D8883C4B7</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Profile Name</string>
<key>PayloadIdentifier</key>
<string>Profile.2DE4CC74-A880-402D-A9CF-6665C87FE12E</string>
<key>PayloadUUID</key>
<string>2DE4CC74-A880-402D-A9CF-6665C87FE12E</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
You must include the following fields for each dictionary within the PayloadContent array:
| Field | Description |
|---|---|
| PayloadDisplayName | This is the human-readable name for the profile payload. |
| PayloadIdentifier | This identifier is unique among all MDM payloads sent to each device. A common practice is to use the format {Name}.{UUID}. If you attempt to install two payloads with the same identifier on a device, the second payload will typically fail to install. |
| PayloadUUID | This GUID (globally unique identifier) format string should be unique among all MDM payloads sent to each device. On a Mac, you can use the following command in Terminal to generate a random UUID (universally unique identifier).uuidgen |
| PayloadType | This is a string that matches the type of the payload. It should always have the value “Configuration" or must match one of Apple’s defined payload types. Refer to Profile-Specific Payload Keys | Apple Developer Documentation (external) for more information about the defined payload types. |
| PayloadVersion | This is the version of a payload. A payload can be updated without incrementing the PayloadVersion. |
Additionally, NinjaOne supports the following variables for custom payloads. The system will automatically replace the variable with the corresponding information from the device or assigned user:
| Variable | Description |
|---|---|
| ${device.location.name} | This is the device's assigned location name value. |
| ${device.location.id} | This is the device's assigned location ID value. |
| ${device.organization.name} | This is the device's organization's name value. |
| ${device.organization.id} | This is the device's organization ID value. |
| ${device.serialNumber} | This is the device's serial number value. |
| ${device.id} | This is the device's GUID value (unique identifier). |
| ${device.owner.email} | This is the device's assigned user email address value. |
| ${device.owner.firstName} | This is the device's assigned user's first name value. |
| ${device.owner.lastName} | This is the device's assigned user's last name value. |
| ${device.owner.displayName} | This is the device's assigned user's display name value. |
Payloads for iOS, iPadOS, & macOS
Notifications
You can use the Notifications payload to define the notification settings for one or more apps. Users cannot override these settings. Refer to Notifications | Apple Developer Documentation (external) for more information.
You can modify the following keys to achieve your desired behavior:
| Key | Description |
|---|---|
| NotificationSettings | This is an array of dictionaries, each defining the notification settings of an individual app. It contains all keys outside the top level. You can add more dictionaries to this key as needed to manage all desired apps. This field is required. |
| BundleIdentifier | This is the bundle ID of an individual app whose notification settings you manage. This field is required. |
| NotificationsEnabled | This Boolean field specifies whether notifications are turned on or off for this app. This field is required. |
| AlertType | Set to "0" for None, "1" for Temporary Banner, and "2" for Persistent Banner. |
| BadgesEnabled | Set whether badges are enabled. |
| CriticalAlertEnabled | Set whether to allow critical alerts that can ignore "Do Not Disturb" and ringer settings. |
| GroupingType | Set to "0" for automatic grouping, "1" for grouping notifications from this app into a single group, and "2" for don’t group notifications. |
| PreviewType | Set to "0" for Always show previews, "1" for only show previews when a device is unlocked, and "2" for never show previews. |
| ShowInCarPlay | Set whether to show notifications in CarPlay. |
| ShowInLockScreen | Set whether to show notifications on the lock screen. |
| ShowInNotificationCenter | Set whether to show notifications in the notification center. |
| SoundsEnabled | Set whether to enable sounds for notifications. |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>NotificationSettings</key>
<array>
<dict>
<key>BundleIdentifier</key>
<string>com.ninjaone.assist</string>
<key>NotificationsEnabled</key>
<true/>
<key>AlertType</key>
<integer>2</integer>
<key>BadgesEnabled</key>
<true/>
<key>CriticalAlertEnabled</key>
<true/>
<key>GroupingType</key>
<integer>2</integer>
<key>PreviewType</key>
<integer>2</integer>
<key>ShowInCarPlay</key>
<true/>
<key>ShowInLockScreen</key>
<true/>
<key>ShowInNotificationCenter</key>
<true/>
<key>SoundsEnabled</key>
<true/>
</dict>
<dict>
<key>BundleIdentifier</key>
<string>com.apple.tips</string>
<key>NotificationsEnabled</key>
<false/>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Notifications</string>
<key>PayloadIdentifier</key>
<string>Notifications.8E87A542-1AF1-4DBF-B1FE-645044C84C64</string>
<key>PayloadUUID</key>
<string>8E87A542-1AF1-4DBF-B1FE-645044C84C64</string>
<key>PayloadType</key>
<string>com.apple.notificationsettings</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Notifications</string>
<key>PayloadIdentifier</key>
<string>Notifications.C10A32DE-C782-4374-8D67-968EC168DD7A</string>
<key>PayloadUUID</key>
<string>C10A32DE-C782-4374-8D67-968EC168DD7A</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Certificates
There are a few payloads you can use to transfer certificates to a device, such as the CertificatePKCS12 payload or the CertificatePKCS1 payload.
Generally speaking, you will use the PKCS12 payload for certificates that also contain a private key (you will specify the password used to access the private key within the payload) and the PKCS1 payload for certificates without a private key, primarily to ensure the device trusts the specified certificates.
We provide examples of each payload in this section:
PKCS1 Certificate
Use for certificates that do not contain the private key. Note the following key:
| Key | Description |
|---|---|
| PayloadContent | This key contains the certificate file converted to base64. You can generate this key on a Mac with the command base64 -i {path_to_cert_file}. |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<data>
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFakNDQWZxZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFuTVJnd0ZnWURWUVFEREE5VVpYTjAKUTJWeWRHbG1hV05oZEdVeEN6QUpCZ05WQkFZVEFsVlRNQjRYRFRJMU1ESXlNREU1TkRVd05Wb1hEVEkyTURJeQpNREU1TkRVd05Wb3dKekVZTUJZR0ExVUVBd3dQVkdWemRFTmxjblJwWm1sallYUmxNUXN3Q1FZRFZRUUdFd0pWClV6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1KNHdJS1BBVXlWVXgyandtZUoKU0lSa0VCOUFLQXN3c2VhMnFMWUNTQlhlcmRxZE5SdDArdmdaQnN5T1lwUEY4TXQ0SEdXVVF3OVNEQ2pLQUl3MQovaFl5MDFrZDgrTUsvdnlXcExSNnhxTDZRQTBKajhnVlVid0JxbDBVanlCb3BabW1wMlZWbTlyYTNtRGpnNEFiCkttQkFIZjhldkJPRFBEZ3RaTm01Snk3MVBBelM3N3B3YjFINU4rUURJQy9uV1NLcTBSUjlNbXZZaTMzZUlJcngKT0hiZEN5dlBGMzEwd2Z1WUM1cGhxcU5oOGRLTUw3SnR2RXZVNHlzSzJoa0loTXYxQUhiM1ZIQisybEFWdjNnOQpoQ3FPbjVNd1VKMzNWNEZHWDN4OXhlVnZCSWlTK3F5MXFKSEdvZVJFbmVVZmN1Z2xUU2pNb1lwVUVSRU84QTMwCjJ3a0NBd0VBQWFOSk1FY3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUYKQndNQk1CMEdBMVVkRGdRV0JCUWh3M3JDVTg2SmhPWWwrdDFrNlF6eXlFcmFDVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQVNRM1dwVTdnZHZhMW05cXk4TFZOUlIralMzdHFBOE02T24rYXBNeTVkT0ZNQ3pjTWNhV2J2c2lSCmNCYVQxdXhxeFJMRmRBTUNtTWs1dW1vTGp1c3FJYjVCcVJlUzJFUVRmYm5MeThSV0lsSjM1K0VuUWNDRW9JWUcKWUhIWDY5ZWh2bFlITExaQ01BK21hTVhVYTlVNURMcy9WNG9UdWllVGZMeE0xOXlOT0dIS0VTbWl0QWNseFl3YgpMTUJoTGY1dmVXOW12ak9jc2lKblc0eWU3MVBtWG5oK2RhWFhoZzFJU0lHeEsyTkFvZFRzWFpRNm5iN200ZHNpCjdGVDRwcFFRcTllQWNJS1dSN3pTSVJMenZ6Wm8rSkRPeTltbVYyZVpYTjhIOFA2UVdlUTRoZmM0QW5RWGsxR1IKZmRGYzhKeUtSVktFcUM4UlE0WGR5UXE3RC9jZ2tBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
</data>
<key>PayloadDisplayName</key>
<string>CertificateP1</string>
<key>PayloadIdentifier</key>
<string>CertificateP1.95B82EE6-B86D-4F00-A152-7CE20F2E2CD4</string>
<key>PayloadUUID</key>
<string>95B82EE6-B86D-4F00-A152-7CE20F2E2CD4</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs1</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>CertificateP1</string>
<key>PayloadIdentifier</key>
<string>CertificateP1.33A95849-29DE-4F61-BBD5-D5D588B5D698</string>
<key>PayloadUUID</key>
<string>33A95849-29DE-4F61-BBD5-D5D588B5D698</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
PKCS12 Certificate
Use this payload for certificates that do contain a private key and require a specified password to access the private key. Note the following keys:
| Key | Description |
|---|---|
| AllowAllAppsAccess | If true, the system allows apps to access the private key. |
| KeyIsExtractable | If true, the user can extract the private key from the keychain. |
| Password | This is the password needed to access the certificate's private key. |
| PayloadContent | This key contains the certificate file converted to base64. Can be generated on a Mac with the command base64 -i {path_to_cert_file}. |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AllowAllAppsAccess</key>
<true />
<key>KeyIsExtractable</key>
<false />
<key>Password</key>
<string>ninjaone</string>
<key>PayloadContent</key>
<data>
MIIJrwIBAzCCCXYGCSqGSIb3DQEHAaCCCWcEggljMIIJXzCCA+cGCSqGSIb3DQEHBqCCA9gwggPUAgEAMIIDzQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIsW3A0TlifRsCAggAgIIDoIXbmvjObzrxfQHvCTGlvRfjbsp2QozlINd/odcMfquKiFLFovXoYrNVbwhu9JGbAdRMAPrXAdCoSlLc7ocJjp0h1BCrQ067uQD5zQSJDZFORwMKPzPTThdM2/LzTXRWTRXDj0H5BA2IB9OkWimojLw6ufEPGmqRsxnosWUKYlxtRqv28IqEi11fySoGtKqrsMhmJkVH/c0rwM/35mxDTcLTMrp3tQ7O+DUjnpVosrJ5gHkyS2ZAFL1e4JAn6qC34YJVQ0+2MyRAJ85AEbOM5OO54oMZLB9C3QopkLHk1RkY0pwQ28wFRw3LEEDmnq2DBHelTZmIGje43E8Aea+FxZQOPgp9YbmD1p9MoXGsI5J5vNMPiyZfV32MrQHTKY5yutRd29lgGpJ6rt9fd4z0VOPkmbTLPT7qnWyGOuWS8tL023UaR5pNfsLQTB1EoP+PRw3aFL/HjEs6lnanbOEtLSx/jX06kK6LGrHihDbXs+RSvZzVoJDRCYBAhNSSSGPw5H4naI2nk+m4LHiDlFzigqZwfR836qrI/0nXEB6QmgT5aXBQjsN/y2Jjnv+fl4mBDDKrLJg4ucgXEELtlG8oOqViFYq4ESrvCijOwp775a3m+KBtAlMGMnK7I0X/KW/GvAwCh15Rj9u16vgLT+X0qyxPOgCrtmsxoo4xX/kKxqXwYAgh96tmnRNFsAsXtBVPo1XFHMEb6DzKfbyLztCfSb+IXk4HAx/4nvj2llMqmoePq3rhtRAHQmAYtM/pu7AgVqF5RpR7lJ8Q/0B6Sw7sNzOHnQFxCU60Ow/CA5Xhd4h8VQXvLvJYtGTnjmbx1dQ6VZmRkuMjT0thoq4IH6k6K1EBymucW8uSeJI3ahNXASsJw6sQZ8vp3HlzeQxlMBVSHF2vU1R4Z1ecbDN2sOWx/XUyYj8zE73RC4UYb/lUWDOoz2HrN7Ps10wJSSM/X2vkZbgqi9Xt53yb7r9m7bPsITBtJJnARZ0CcQCVhG4a1LhA1wASAzgbnoZKL1PuWEKKZ0yGqGPsE+tfi/J91T0wFecb6uiRBEMcsqlxN9Ev3axB6NkUtBpgY0T9dIrv1LoJOLTJNxxVk5/ek6JaP4gw6jZ9OT6uv1g5wXvo1Htvnc6tvGJ6ivWP2yU3Kfy7213dezUPTpKoEF5SUJtXwt9YONgkU7jEbeanrexbIX8mIpQCMbApY2GIjcIUSt0jvHdWTYxxhSU5b5w/nJGL9Pc6tygwggVwBgkqhkiG9w0BBwGgggVhBIIFXTCCBVkwggVVBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQI5jsdKBP2aYcCAggABIIEyAD2wf+tWIu3BYMTihY1yHYoAfPjDzY1i2AAij4yQRcBgwvJHYw5+y+Lv7XSsBnCYM4RovycGRRI1jBb15nwcuZm+BK3Gco1syK84m2tN27PYapfezIKfAiRC/2V5jPs5vsAuRJLt8gz9i0JdUM0rk9gfHuf9TqPESXpJ9ux9WRBzYJivjdNceeC5PCXXv0wnpfoKc4xZZOEwZrUvHHmrX0aIQJqXuqTXBx0NWmrJVNkAixH0AzhJygMaGQfIqu9/svVaFUMd0+idJPc5re0TZssRIu/OcRyOyDo6JrjXr7PXd0n/KEltaFN4AIJP9MIpQxms8quCgfFfGWrr9laIaDD36lEDpt6liS6jTHXR4Y3pK0j4in1pOWCVA1ROhIhzNRBGxdUaJhlvxTTaHvZ2zYZlu4KnNdXkCwQKvGFcjmy3YhQsf/Eh/mEbu+5OtOCb1Wj9lBWuEsc80B+2koyZkAsGcF2pLbZYmvkWiEWd/4Ku63SkOt2kDeVVsHsPqdfJNH5J3rPFQYNrqm2ePbyOYRHOx6F76VMeH/y3At3dwMOtbqkd2Mi5JQ2i4ks4ZUCEfQuI2qKs+qUM7lj07YtXRHO/VcelIfjn511Q1t1Cvwn3MgM5VgwGuyWUZ6Kbyu+GHNz3GR2N42aIqcxgsArUpV8rOztuNucfVhwRIDtKUZ8DY8WQp0PtLyb/6syBfXuS4kuD397ZrG4GvLvoIrgqBNQourHLC9Rfm+Xy2V2wIth+KfGFaohkY1PqlUyqgELelcRUgybqNsTDK/78GgJjEk0c4HNVOd+635dvRuDNP0BCX9aqk1dbjCSlpsvZ7nlL9Qx1nEF+opWAHoot2Ft7Gb46S6TLr5XyOk4gG6y6mFsmaoM4ee8UOX10pWgvep8PxnuZG0mZJibfCT12NNlv5vKUeiF31fWEs34OR8J26WOAzAp/OmxwVxcX/MxyRoukO07TRW9AUAwwqXv6fDFpazSYAnbeh2ONin0eo2OUSyvBXZXkBmpiMhxN8VugBgcrcyYFq6nZKWR9ZwqpHQgd/zd8vcCGawU6gK2g6oHD3uIDQQ4BFC9JpltDZPRNey2Q+mzXeRrnuStp4YlrM54aef4E8ry1O6Ei/TYeESmhynAL1ekUvhwNP+eoO51a0bhXvKO8FQPlJKNWsurau+a2uGEkg2gTcilT8Ut7tmaE5OelMAes2W0xs/qzI2rQCFs84Bw26IBsNQeAXDZ3IkLjU6QFrllC6ahTAm2rtBDUo/OpLzu1FMW6kSMdRBb1flvWv1FhYWKqe2FR1ITQfuSYUeH1UwZ4DA9b02K40xP3r9WfXiSGIQ0wVHGuitTLQtD4obKNUpaHjt26yBtTX8lXhBPqhoEBIRLhXVty0+WIUNMNQJadP+4taWQci1RNaEcJ9VtmTM67D3yCkmFlMvJEUT8yeVwqujf1zKkjSf0G/rZu4FpsrH1+oHemCSnfal7zMuCuEmywr+Rr7eJMPaqqAzn6lba5PjdZ5MBmUq7vHbORTtZxGIbtztkfwz2nlJKegrwcjMER5sLoO4jS5nY4kToLM2Kvhwv/ljQtVLIlD1FWJYLoanO+jp2RIi8UxPpdD84zz/pmZOM6UwyRI3EgrncDH5/6MgQ+TFUMC0GCSqGSIb3DQEJFDEgHh4AVABlAHMAdABDAGUAcgB0AGkAZgBpAGMAYQB0AGUwIwYJKoZIhvcNAQkVMRYEFCHDesJTzomE5iX63WTpDPLIStoJMDAwITAJBgUrDgMCGgUABBQZO4cE2Hvkufizr9Qj7mzqz2iY2AQIRYe4ys20e4QCAQE=
</data>
<key>PayloadDisplayName</key>
<string>CertificateP12</string>
<key>PayloadIdentifier</key>
<string>CertificateP12.D1351A32-C4B8-4B6E-B225-51E1CCB2AB8A</string>
<key>PayloadUUID</key>
<string>D1351A32-C4B8-4B6E-B225-51E1CCB2AB8A</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs12</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>CertificateP12</string>
<key>PayloadIdentifier</key>
<string>CertificateP12.5530D661-D71D-4D04-8A79-4CB0F516D8EE</string>
<key>PayloadUUID</key>
<string>5530D661-D71D-4D04-8A79-4CB0F516D8EE</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Payloads for iOS and iPadOS
Kiosk mode (AppLock payload)
The AppLock payload can be used to lock a device into a single app. Make sure to also deploy the app to the device in the NinjaOne policy, or else the device could be stuck in an unusable state until the AppLock payload is removed.
Note the following keys, which can be modified to achieve your desired behavior:
| Key | Description |
|---|---|
| Identifier | This is the bundleID of the app you want to lock the device into. Make sure the app is deployed to the device. |
| Options | This is a dictionary of options that allow you to turn on or off various hardware behaviors or accessibility options. |
| UserEnabledOptions | By using the Accessibility Shortcut on your device (press the lock button three times), you can allow the user to modify certain accessibility settings. |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>App</key>
<dict>
<key>Identifier</key>
<string>com.ninjaone.assist</string>
<key>Options</key>
<dict>
<key>DisableAutoLock</key>
<false />
<key>DisableDeviceRotation</key>
<false />
<key>DisableRingerSwitch</key>
<false />
<key>DisableSleepWakeButton</key>
<false />
<key>DisableTouch</key>
<false />
<key>DisableVolumeButtons</key>
<false />
<key>EnableAssistiveTouch</key>
<false />
<key>EnableInvertColors</key>
<false />
<key>EnableMonoAudio</key>
<false />
<key>EnableSpeakSelection</key>
<false />
<key>EnableVoiceOver</key>
<false />
<key>EnableZoom</key>
<false />
<key>EnableVoiceControl</key>
<false />
</dict>
<key>UserEnabledOptions</key>
<dict>
<key>AssistiveTouch</key>
<false />
<key>InvertColors</key>
<false />
<key>VoiceOver</key>
<false />
<key>Zoom</key>
<false />
<key>VoiceControl</key>
<false />
</dict>
</dict>
<key>PayloadIdentifier</key>
<string>com.apple.app.lock.0EB94448-30BA-4CDC-BB8D-6321F60F608E</string>
<key>PayloadUUID</key>
<string>0EB94448-30BA-4CDC-BB8D-6321F60F608E</string>
<key>PayloadType</key>
<string>com.apple.app.lock</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Kiosk</string>
<key>PayloadIdentifier</key>
<string>Kiosk.3E0C188E-AC9E-4AAF-AF4B-943F980B6480</string>
<key>PayloadUUID</key>
<string>3E0C188E-AC9E-4AAF-AF4B-943F980B6480</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Web Clips
You can use the WebClip payload to add icons onto the device home screen that link directly to a specified webpage.
Each dictionary within the PayloadContent array will configure an individual web clip, but you can define multiple dictionaries to configure multiple Web clips. Note the following keys, which can be modified to achieve your desired behavior:
| Key | Description |
|---|---|
| Label | This is the label for the icon that will appear on the device. |
| URL | This is the exact URL that will be navigated to when the user taps the icon. |
| IsRemovable | This key allows you to determine whether the user can remove the icon from the home screen. |
| FullScreen | This key allows you to determine whether the webpage should appear on full screen or the browser menu bar should be visible. |
| TargetApplicationBundleIdentifier | (Optional key) This key allows you to specify the bundleID of a browser to use to launch the web clip. If not included, the device will use the default browser. |
| Icon | This is a base64-encoded string that contains the content of an image file to use for the icon. The device will use a default “blank” icon if it is not included. On a macOS, you can generate this string using the following command in Terminal:base64 -i {path_to_icon} |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Label</key>
<string>N1</string>
<key>URL</key>
<string>https://www.ninjaone.com</string>
<key>IsRemovable</key>
<false />
<key>FullScreen</key>
<true />
<key>Icon</key>
<data>
iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAACXBIWXMAACxKAAAsSgF3enRNAAARPklEQVR4nO3dv2tdZ57H8e8ZZTQoXGExAmOBF4ddZFiYxqqmknurmi3GaXabpErlNDNNXLnabSbNTJU0W8XNbuX08R8gN4EBmyxjJiAj8ODgy5iIEWeLE41/jOxYV1f3nHs/rxeI2EpiPxLYz/s8z3nOaX76y1+3BQBE+UnfAwAAZk8AAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAwNvYWO57BABT9U7fA4BB216r9v3zVVXVfHS/58EATI8AgOPsrFf74UbVhR+u/O+N+x0PwJQJADgyWuom/vfPP5/4ARaUAIDRUjfpXz/fRQBAAAFAro3laq+fr9pZN/H/mK3V5z/eXKl29ZXv18Zy1cbPjv9/976v2jt46VPN08OqB8+ef2L36ZQGCrwtAUCejeVuf//aet8jGY7NlarVd6rdGnUxdPnd7p+bK6f/ta+M/uFT7ev+2wfPqsaHVff/WjU+rGZ3XPX0by/HAjAVAoAcW6vV7vzcxL+12l3FX16p2nx3OpP8tByN5YdoaD944d/dG1ftfV/N/WfdioEogFMRACy+rdXuiv+YK9GFN1rqvv6tUXdVP8/fgyujqiujaq+98Ll746rdp91KgW0EOBEBwOLaWe/2+Id0hTsLmyvVXl2r2l5b/K/9KAo+qG7rYHdczd0nXQy8ct8B8DIBwOJ59Qx/gu21aq+e6yb91BsaR0tV2+eq3T7X/fzBs2ruPK66+0QMwDEEAIvh6CjfznrOxH90T0PypP8mmyvV3rhYdeNiFwO396u+etKtFADV/PSXv37tDbkweLM6w39vPIxHAW8sV7uznhU60/bl42ru/MU9A8SzAsB8SjvKt7Xa3c9wtLzN5K6tV3tt/fmqwJ3HfY8IeiEAmC9pE3/i/QyzsrlS7SeXqj7cqOaLH0LA9gBBBADzIekon0cTz9aF5e5egQ83qm7vdzEgBAggABg2Ez+zMlqq+mCj2p31aj7bszXAwhMADFPa0vf1893Xa+Lv34Xl51sDtx66WZCFJQAYjtFS1dW1rIl/e63ajy/mfL3z5MJytb/frLr7XTWf/tmzBFg4AoD+JS59b65U+/E/ZWxtzLvtc9Vujbptgdv7fY8GpkYA0J+jM+1JE/9R7Hyw0fdIOInRUnej4M56Nbf+5EVELAQBwOylHeU7srVa7c1Llvvn2eZKtf/9r9V8+q3VAOaeAGB2Ul/HO1rqguf6+b5HwpS0Ny5WXV2r5jffODLI3BIAnL2ko3yv2lyp9r/+xVX/IroyqvZ/f1HNb//PSQHmkgDg7Oysd3v8iRN/VXe078bFvkfBWRotVfv7TVsCzCUBwPSlneF/1Wip2pvveW5/kPbGxarLK9X87ltbAswNAcB0jJa6if/987kTf1W35H/zvarNlb5HwqxdW692893urZEigDkgADidxDP8r7O1Wu1//rPvQ7LNle6+gI/uOyrI4AkAJnN0lG97zYRX1a1+fHKp71EwBKOlav9wWQQweAKAk0k9w/8G7Y2LjvjxsqMIuPWw6u6TvkcDx/pJ3wNgjuysV/s/vzD5v6C9ecnkz/FGS92W0I4/LwyTAOCttRvBN/cdo715SQzxo9pPLokABkkAwARM/pyECGCIBACckMmfSbSfXHI8lEERAHACJn9Oo/3DZRHAYAgAeEsmf05ttNS9G8LRWQZAAMDb2Fwx+TMdF5a7lQDomQCAt+GKjWnaXPGiKHonAAD6cP189yRN6IkAAOhJe/NSledr0BMBANCXo1dHQw8EAECfrow8TppeCACAnrUfbtgKYOYEAEDfbAXQAwEAMARXRk4FMFMCAGAg2o8veuYEMyMAAIbiwnK177shkNkQAABDcv28VQBmQgAADMloqdsKgDMmAACG5tq6Y4GcOQEAMEDthxt9D4EFJwAAhsgqAGdMAAAMlFUAzpIAABiq7TUnAjgzAgBgqEZLngvAmREAAEO2s973CFhQAgBgyC4siwDOhAAAGLhWAHAGBADA0F0ZORLI1AkAgDlgFYBpEwAA80AAMGUCAGAeXFiu2lrtexQsEAEAMCfanZ/3PQQWiAAAmBfba32PgAUiAICq8WHVvXH38eBZ36PhdUZLIoCpeafvAQBn6NFB1d5B1e7Tap4ePp/cd5+e7NfZXKlafadqY7najR/2ojeWu31pZqq9eq6au0/6HgYLQADAIrk37ib73fHJJ/k3eWFVoKmqqr3uJ6Olqq3VardGXRRsrkzv9+R4bgRkSgQAzLNHB1VfPekm/D6uCseHVXefPL8i3Viu2l7rzqyLgbNxYbn73tqq4ZQEAMyjLx9X89V3/Uz6b7J3UHV7v5rb+912wfXz3fl1r7SdqvbqWjUCgFMSADAvHh1U3XlczRf73ZX30O0dVPPpt1Wf7XWvtL1+XghMy/Za1Wd7fY+COScAYOgeHVTz2V7Vncd9j2Qy48Nu/F/sdyHwwUbfI5p/mytdTM1DCDJYjgHCUI0Pqz7fq+ZXX8/v5P+iH0Kg+bevu5sVOR03A3JKAgCG6MvH1fzq6+7KedHsHVTz0f1ue8AV7MTaq+f6HgJzzhYADMmjg2puPZzuEb6hur1fze7Tam++58TAJKwAcEpWAGAo7n5Xzb//MWPyP/LgWTUf3bclMIkLy26q5FQEAAxA8+m31fz2m8wl8fFhFwFfLsB9DrNmFYBTEADQp/FhNf/xx6rb+32PpHfNrYci4ITarVHfQ2COCQDoy9Hytwe6/J0IOKHL7/Y9AuaYAIA+mPxfq7n10PflbV2xAsDkBADM2tHkn7jf/5aaj+53Tz7kxzlBwYQEAMySyf/tjA+r+c03fY9iPtgGYEICAGbl6G53k//befCse1gQb9RaAWBCAgBmweQ/mdv7nhHwY6wAMCEBADPQfPqtG9sm1Nz6U99DGDYrAExIAMBZu72/GC/z6cveQdXnC/hOhGkZLVVtLPc9CuaQAICzZB97Kpov9m2fvMnGz/oeAXNIAMAZsnw9JeNDIfUmtgGYgACAs/L5nn3/abrz2CrAa7S2AJiAAICz8Oigms/sW0+ddyYcz0kAJiAA4Aw0tx72PYSF1HwhAI5lBYAJCACYtnvjqt2nfY9iMY0PvSzoOBcEACcnAGDKLP2frebOX/oewjBZBeCEBABMk6v/s7f71IuCjuMoICckAGCKXP3PyFdP+h7B8IyW+h4Bc0YAwLQ8eObqf0YaT1b8B+1lzwLgZAQATEnjiNrsPHhmGwBOSQDANIwPPe9/1qy2vGxrte8RMGcEAEzDXXvSs9bsek0wnIYAgCnwgJoeWAGAUxEAcFqPDjzzvw97B+4DeNGVUd8jYM4IADgtR9L6YxUAJiYA4JSau9/1PYRYzX0rLzApAQCnMT50FdonWy8v8zhgTkAAwGm4E71f9//a9wiGxeOAOQEBAKfQuPrv1/iw+wBOTADAaQiA/tkGgIkIAJjU+NDkMwR73/c9AphLAgAmZfIfhj3PAvg7bwTkBAQATMry/yA0T90DcMQbATkJAQATcgZ9IKzEwEQEAEzK3jMwxwQATMqV5zB4FgBMRADAJEz+w+E5ADARAQCTMOkAc04AwCQsOwNzTgDAJKwADMsjzwKAkxIAMAFHAAfGw4DgxAQATMIKADDnBAAABBIAMAmPAQbmnAAAgEACAAACCQAACCQA4KQ8BhhYAAIATsoRQGABCAAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAgkAAAgEACAAACCQAACCQAACCQAACAQAIAAAIJAAAIJAAAIJAAAIBAAgAAAgkAAAgkAAAg0Dt9D4D50dx5XLU77nsY/Xv6t75HwCua3/25atVfZ7X3fd8jYI74E8Pb2zvoPmBoHjzrewQwd2wBAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAEAgAQAAgQQAAAQSAAAQSAAAQCABAACBBAAABBIAABBIAABAIAEAAIEEAAAEEgAAEEgAAECg/wdsqOIF108fkQAAAABJRU5ErkJggg==
</data>
<key>PayloadDisplayName</key>
<string>N1</string>
<key>PayloadIdentifier</key>
<string>N1.E935A83C-30E0-4F4F-A04B-6CF1B900714D</string>
<key>PayloadUUID</key>
<string>E935A83C-30E0-4F4F-A04B-6CF1B900714D</string>
<key>PayloadType</key>
<string>com.apple.webClip.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>Label</key>
<string>Apple</string>
<key>URL</key>
<string>https://www.apple.com</string>
<key>IsRemovable</key>
<false />
<key>FullScreen</key>
<true />
<key>TargetApplicationBundleIdentifier</key>
<string>com.apple.mobilesafari</string>
<key>Icon</key>
<data>
iVBORw0KGgoAAAANSUhEUgAAAOEAAADhCAMAAAAJbSJIAAAAflBMVEX///8AAAD39/f6+vrw8PBKSkoqKirz8/MdHR3p6elVVVUUFBT5+flhYWGxsbHb29uqqqri4uIwMDB8fHyZmZlNTU3FxcXJyclpaWk5OTkkJCS8vLyenp6CgoLV1dU+Pj6Kiopvb2+Hh4ekpKQWFhZ0dHQLCwuSkpJERERbW1vBTkBRAAAJiklEQVR4nO2dh5qqMBBGI6AIKogNEcVl7e//gteyxV2ZSSZEMu53/wcAj6RMpkW0WGrfHbXn41PPwKOEgWeYVnYaR7E4yxsYeBo7wk45SR1xkzM38EBmhO1D7okv/T3C4zLuC/F3CTubxBU/5P8twoPzi++PrTRh/BvvrCQ08GQehOvhw/e7qDgaeDYLwl1RxSfELDPwcA6EE68aUEQLA0+3T9iJKkfoRRsTz7dOOE0hPiEOJl5gm/BUtYZ+yBubeINlwspN4lOxic3CMiH2Bc9LadfEO6wSol9QiKGRl9gkHAHboNFpaJUwRwFFPDLyFouESxxQ5GZeY49w7OOAjplBao9wmkg+YbI38yJbhD3JJDRksrXsEa4kY1T0O4beZInwiG8Uwtg6Y4twK1tHhTBx+L3KDuE0aOwTWiKUfsK+EaP7KiuEHdkyIzYmIhY3WSGUfsJkau5lNgj3MkD3zeDbbBC+yQiN+Ng+ZYMQPxUKEZhw5n/JAuG8jwO6S6Ovs0Aos0hTI86LLzVP2JUMUs+EG/hOzRPuIA/3TX0zJ/tvNU84RAF9c8bMhxon7CI+btPL6FWNE06xaRgY8lzcq3FCbBoGY0Oei3s1TjiBAWMTQe0HNU64AQFTk7batxonBJfS6EkvbJpwH1XzJeWz3tg04baS0IueM0IvappwUWGVuunqCWvop5om7DwSFof1M9/YNOFo9nuLeGs/941NE65/GG1OXj5vAn6oacJ7Z3cxHj1x/n2qacJ26vi+lxT5swfnlxrfD3vbnjlfqIps59M8XwwJ14Pd+2Fy1uF9XA6mo5qf3AhhNlhNNlF+UTRcvpVHXV9S7/Q2TIsk8K+pbq7jBUlcpPlmXCMSVZuwfUjj80/qf6bfuf3z74qLCd0v3x3nceCICrnnJ+Y7zb+tHuEpCh5zl28/ykmGJMj5zAdzFD8w01LnN+oT9trDyj/8Tv7wuFV40n4xyHG6L0VT8qzUJczK3+ZXtYrVVDK6RuFElpZxr9mOaAXpEa5XqMfsh4LhDrast+H7TOLkf1C6IrlUdQi3q1RxUN3kpMt55eDKVpEsSlMld0ZxyWkQhjPca12lZHb4baXtB1FBf9BNXqRu89EJSbPmW06SHu5mULgppNkKmOL3ZxEeaQP0h/p+PAnPi+tiHgWSrUEuN1dMKSIS7mr98VcBGyhdihU1JMKFPNGnUa1ME2bSbLumdVCINRIIscoIWxrKt0Z1woE02c6C3EiKqEw419mbny83ki2pqoQDnoBCniCmSIjGNS1LkkClRthmDCgEbqUqEWYMV9F7oUdtJUJ2++AvxVjgQ4UQCUwzEWbcKBBK0+qta4Md++WEod5pqUG9ofuFlLCr5o+xp0CSwSEl5D4JU1l4VUZ44j1G3byuXVoRlOYkuVUqJdzZZsA1VPD044Rdjiembw1VHOA44dg2A6pIKVaDE8oCE1alMAelhAfbEJhMeBP39V2Hz1OqGjTFCFemPJtPUKKci4oRMl5ICYXeCGGpGzdpQISyGoQQyATloJgQCYYJM8aDlFKUARO+8z34kkr1QUIoXZmBElIkHySc8h2ktApTkHDM1mIj9qmDCPfMQoXfcokdwCDCh2xlNiqIiakQYcjWJqV2j4IIS9sgkNQNUpywx3YazoiAEOGCayzGITcjAAhHXK3ugFy9ABC2bZNASqmAECHbhYbeDhMg5LrQuPQqDYCQ60LjkwEhQq77PX0aQoRcfVAaTUEAQtskkEpThFvbJJA0ajGrCUe2SSBpVAhVE2a2SSDRAQHCo20SSMYIp7ZJAHnGCE+2UQAl/wmVCee2UQD9J3x9wuDPEzp/ntDcfvif0Jo0GkRXEw5sk0DSaDVRTRjaJoGk0c/ttexSnSsvXuxsUZgiZHsC1jhcVBN2bZNAcukNMl7ME2XO520bBJSxuAXX0JNIyD14AUK2tWo+eUcECPmm6JMvTQAI+WYHo3VqBEK2prfoU1fTV4sBCzEjni8AwoxvYiL1sjKAsMN2MVVP0scJu3wXU+pNzwDhnnNRXkra9SHPB+uSLtJMhAhPfJea8wmD0pwOIlzzTREWNMMGIlzwTfO+SLlLFJIFzdduu8g71Sfkm+d9lbTAWU7IvMRZtfoQIeSb6H2Tu1TssgxHAvDbUhhIMZcWJlyx9WR8SqmZGULIu+vOVTX7te2ZT8SzXJVtEYnILamNRZuXM5GngSGEA65JpndyavVr6zHfEW/KZcn7WNyY8Sn4TnX608iu8eOiDXqYQmP/LzARryrmyKkfJeR9grqTE8FnDZSQbbD7UckSWnFeuLfJT7nFTofwZYbpRU51lT5OyDbrpFLVyTaSLkr8re9vARVDkkyxN9s/myAg10ZCOGV/SPwW0CxDQsjcqXivAnDcyPIZmbvc7gSdFWWEa66ViL8F9qCX5qTCt2ryEth+T0rI3W/6Ia+EAOR5xa+x1sCBYTnhKzgzsEYECrnh/H1u560C9mUoEM75bxjOBP75Kvn9/DeMBPG4qRByrWT7Ftb8S6lGg/uG4WGuKCVC7h8RTXVTq7PhvZzi9V5qhAPWyymerahG2OVs2MR4vFuxGoyzYSPJkFIk7PGNec8k0Sflm3S47hjwoYJI2Jowbegi7fSpTNjhabvF0mat6nWnJcdsRUee106orOW4Yygk0xIIO/x2DEehiSKlOppfEzeVklJS/Tc381Sp3pJEmDEbp0pNr2k1/GNWm6Ja2TONsMNpPVWs8SL2YWB0S6APRLVrErbGbMJtKrfo6BDuh0ymYqzaQILcLWTLY5yqV7DR+6HwKNxTbx+h0fGFg2lD6B6h09PG/pYRELq46BAurFtvajns+oTWd0VSDxctwlZp1UCllcnqEbYOFl3ExMsRNAlbG2sbP/XqAF1CawtqQG2MoU1oKc/doyyjNQmt1NTQr0aoQWjljlI6YB3C1oiM6HpJkaazs9IiCcjrscYXrEdIPPLHy13YXmejm7L1MZwfZpSSDsKFeaYI1aMZ/dmuU1WEte+GkepZhXzDjBFCJevGifE/f5768j/KlUXRINUlbI1S/Nf58VBug2STQuIdCZCcIFy1CVutJWKHJ/m72l/fHecx/Ff5KeU+wJ8yQNiabqrDp366pEyd8JBXD3knX231f50JwlbvNHn4jk6xLKn3+ozOi+vDaE2GO80ZeJMRwvOaeNzld78tiFanTLFe/qdG4W5YfG2UXjopj5RGJhUyRHhWr9Mu3y8aD9YLjVsavrTvdrJwUM4H06xTk+6if3Lbr+mVsm1KAAAAAElFTkSuQmCC
</data>
<key>PayloadDisplayName</key>
<string>Apple</string>
<key>PayloadIdentifier</key>
<string>Apple.D06CCEE5-DD8A-4E00-B6C4-D8F8C64F54E2</string>
<key>PayloadUUID</key>
<string>D06CCEE5-DD8A-4E00-B6C4-D8F8C64F54E2</string>
<key>PayloadType</key>
<string>com.apple.webClip.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>WebClips</string>
<key>PayloadIdentifier</key>
<string>WebClips.013CE3FD-8844-4334-9506-2EF8693E6C56</string>
<key>PayloadUUID</key>
<string>013CE3FD-8844-4334-9506-2EF8693E6C56</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Browser Allowlist
You can use the WebContentFilter payload to define an allowlist that contains all the websites accessible via an Internet browser. In the native Safari browser, these websites will also show as favorites. If a domain is allowed, subdomains and subpages will be allowed.
Note the following keys, which you can modify to achieve your desired behavior:
| Key | Description |
|---|---|
| FilterType | Always set this key to "BuiltIn." |
| AllowList | This is an array of dictionaries, each specifying a webpage that the device can access through the Internet browser. Each dictionary contains a title (which is used for the favorite tab in Safari) and the actual URL. You can specify subdomains for the URL, but you are not required to do so. More dictionaries can be added as needed. |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>FilterType</key>
<string>BuiltIn</string>
<key>AllowListBookmarks</key>
<array>
<dict>
<key>Title</key>
<string>NinjaOne</string>
<key>URL</key>
<string>ninjaone.com</string>
</dict>
<dict>
<key>Title</key>
<string>Apple</string>
<key>URL</key>
<string>apple.com</string>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Allowlist</string>
<key>PayloadIdentifier</key>
<string>Allowlist.8ADB4E90-A490-4C8E-BBFE-0DE3BD923923</string>
<key>PayloadUUID</key>
<string>8ADB4E90-A490-4C8E-BBFE-0DE3BD923923</string>
<key>PayloadType</key>
<string>com.apple.webcontent-filter</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Allowlist</string>
<key>PayloadIdentifier</key>
<string>Allowlist.129BBAA6-40E8-46E2-92BF-0CDABAD54BA6</string>
<key>PayloadUUID</key>
<string>129BBAA6-40E8-46E2-92BF-0CDABAD54BA6</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Browser Blocklist
You can use the WebContentFilter payload to define a denylist that contains all websites that are inaccessible via a browser. If a domain is denied, subdomains will also be denied.
| Key | Description |
|---|---|
| FilterType | Always set this key to "BuiltIn." |
| DenyListURLs | This is an array of strings, each specifying a webpage that the device cannot access through the browser. Optionally, you can specify subdomains for the URL. More strings can be added as needed. |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>FilterType</key>
<string>BuiltIn</string>
<key>DenyListURLs</key>
<array>
<string>facebook.com</string>
<string>reddit.com</string>
</array>
<key>PayloadDisplayName</key>
<string>Denylist</string>
<key>PayloadIdentifier</key>
<string>DenyList.3CF8F060-E776-4950-8B64-2A6080BBB694</string>
<key>PayloadUUID</key>
<string>3CF8F060-E776-4950-8B64-2A6080BBB694</string>
<key>PayloadType</key>
<string>com.apple.webcontent-filter</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Denylist</string>
<key>PayloadIdentifier</key>
<string>Denylist.C72D246D-F2D6-4D41-B83D-592D195B7A79</string>
<key>PayloadUUID</key>
<string>C72D246D-F2D6-4D41-B83D-592D195B7A79</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Mail Configuration
You can use the ExchangeActiveSync payload to configure the native Mail app on a device to connect to an Exchange ActiveSync (EAS) account for email. The user must initially authenticate to the EAS account before data will be synced. There are several configurable options for this payload, but note the following keys in particular:
| Key | Description |
|---|---|
| PayloadDisplayName | This is the account name that will appear on the device. |
| Host | This is the Exchange server hostname or IP address. For Office365, use “outlook.office365.com.” |
| EmailAddress | This is the user's email address. When you use the variable ${device.owner.email}, NinjaOne will automatically populate this field with the email address of the device owner specified in NinjaOne. If you use this, ensure a user is assigned to the device. To learn how to assign a device to a user, refer to Add or Change Device Owner. |
| UserName | This is the device owner's username. When you use the variable ${device.owner.email} NinjaOne will automatically populate this field with the email address of the device owner specified in NinjaOne. If you use this, ensure a user is assigned to the device. |
| OAuth | This key allows you to determine whether the Exchange configuration uses OAuth for federated authentication. |
| MailNumberOfPastDaysToSync | This key allows you to determine how many days of mail to sync upon first setup of the account. |
| SSL | "Secure socket layer." This key allows you to determine whether to enforce SSL is used for the connection. |
| PreventMove | This key allows you to determine whether messages can be moved from this account into another account. |
| PreventAppSheet | This key allows you to determine whether an app other than the Apple Mail app can be used to send mail. |
| EnableCalendars | This key allows you to determine whether calendars will be synced. |
| EnableCalendarsUserOverridable | This key allows you to determine whether the user can modify the EnableCalendars setting. |
| EnableContacts | This key allows you to determine whether contacts will be synced. |
| EnableContactsUserOverridable | This key allows you to determine whether the user can modify the EnableCalendars setting. |
| EnableMail | This key allows you to determine whether mail will be synced. |
| EnableMailUserOverridable | This key allows you to determine whether the user can modify the EnableMail setting. |
| EnableNotes | This key allows you to determine whether Notes will be synced. |
| EnableNotesUserOverridable | This key allows you to determine whether the user can modify the EnableNotes setting. |
| EnableReminders | This key allows you to determine whether Reminders will be synced. |
| EnableRemindersUserOverridable | This key allows you to determine whether the user can modify the EnableReminders setting. |
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>Corporate Email</string>
<key>Host</key>
<string>outlook.office365.com</string>
<key>EmailAddress</key>
<string>${device.owner.email}</string>
<key>UserName</key>
<string>${device.owner.email}</string>
<key>OAuth</key>
<true/>
<key>MailNumberOfPastDaysToSync</key>
<integer>7</integer>
<key>SSL</key>
<true/>
<key>PreventMove</key>
<true />
<key>PreventAppSheet</key>
<true />
<key>EnableCalendars</key>
<true/>
<key>EnableCalendarsUserOverridable</key>
<false/>
<key>EnableContacts</key>
<true/>
<key>EnableContactsUserOverridable</key>
<false/>
<key>EnableMail</key>
<true/>
<key>EnableMailUserOverridable</key>
<false/>
<key>EnableNotes</key>
<true/>
<key>EnableNotesUserOverridable</key>
<false/>
<key>EnableReminders</key>
<true/>
<key>EnableRemindersUserOverridable</key>
<false/>
<key>PayloadIdentifier</key>
<string>com.apple.eas.account.9B232C94-3E0A-4E4B-BF88-64370E3BA105</string>
<key>PayloadUUID</key>
<string>9B232C94-3E0A-4E4B-BF88-64370E3BA105</string>
<key>PayloadType</key>
<string>com.apple.eas.account</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Corporate Email</string>
<key>PayloadIdentifier</key>
<string>Corporate Email.158FBE77-8888-4578-A443-DBF46AD4C937</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>158FBE77-8888-4578-A443-DBF46AD4C937</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Additional Resources
Refer to the following resource(s) to learn more about Apple MDM: