Already a NinjaOne customer? Log in to view more guides and the latest updates.

Apple Policy Management in MDM

  • Last Updated February 6, 2026

Topic

Configure policies that manage Apple mobile devices. Policy configuration affects all devices managed by the policy. 

Environment

  • NinjaOne Mobile Device Management (MDM)
  • Apple iOS

Description

MDM policies determine how users can use company and personally owned devices. Administrators can control what apps device owners can use, password requirements, default Wi-Fi networks, and more.  

Are you interested in watching videos related to NinjaOne MDM? Refer to our NinjaOne MDM Video Library

Index

Select a category to continue: 

Create a New MDM Policy

To learn more about creating and managing policies in NinjaOne, refer to NinjaOne Policies: Resource Catalog.

  1. Click Administration in the left navigation pane, then open the Policies drop-down menu and select MDM Policies.
  2. Click Create New Policy.
create mdm policy.png
Figure 1: Create a new MDM policy in NinjaOne

The policy configuration modal displays. 

  1. Enter policy details and select the device role (Android, Apple iOS, or Apple iPad) from the Role drop-down.
  2. Click Save.

Apple Policy Configuration

There are seven configuration options for Apple policies. Refer to the table below for more information on these configuration options. 

apple policy sections.png
Figure 2: Configuration categories in an Apple MDM policy

Passcode

Click the Enabled toggle switch to allow configuration for password values, lock after failed attempts, passcode criteria, and update requirements, and auto-lock settings.

For more information about this section, refer to NinjaOne Apple MDM Policy Settings: Passcode

Restrictions

  • Functionality
  • Application
  • Security and Privacy
  • Media
  • iCloud
  • Classroom
  • Apple Intelligence
  • Wallpaper

Policies display restrictions in their appropriate category, which you can filter using the Category drop-down menu. You restrict a feature by selecting the checkbox next to it.

Use the search bar to find specific restrictions or the Enrollment type to find supervised or unsupervised settings. 

apple policy_restrictions_search.png
Figure 3: Search for restrictions in an Apple MDM policy

If you enrolled the device with a work profile, NinjaOne applies the restrictions to only the work profile. 

You can define wallpaper images if allowed for a supervised iOS or iPadOS device. Use the search field to find this feature and then click Define wallpaper image

Wallpaper requirements: 

  • File types must be formatted to .png, .jpg, or .jpeg and cannot exceed 5 MB. 
  • File dimensions must be less than 10,000 pixels.
Defining the wallpaper image does not prevent the user from modifying it. If you want to prevent user modification, activate Allow modifying wallpaper in the Restrictions section of the policy. 
mdm_define wallpaper image.png
Figure 4: Define wallpaper settings in an Apple MDM policy

Select the checkbox at the top of the modal if you want to use the same image for both the Lock and Home screens. Click Upload to apply the image. 

mdm_define wallpaper image_upload.png
Figure 5: Upload wallpaper image

Applications 

Adding apps via the MDM policy editor allows technicians to control which apps are available to end users and which apps are blocked from being used. 

In addition, NinjaOne's MDM tool supports apps assigned through Apple's App and Books (VPP) feature. Apple Business Manager (ABM) content tokens are supported per organization or location and provide information related to the token, assigned apps, and licenses from the MDM Configuration page in NinjaOne. To learn more about VPP support, refer to NinjaOne MDM: Apple Apps and Books.

Learn how to add and manage apps in the policy by referring to NinjaOne Apple MDM: Application Configuration and Management.

Network 

Add a policy network structure via manual proxy setup and Wi-Fi.

  • All Wi-Fi networks saved to the policy apply to the physical device.
    • When defining Wi-Fi security, use the Security drop-down to specify the security option your Wi-Fi should use during setup (typically, this is WPA2).
  • If you configure a global proxy, the user can turn it off on the device.
  • Ensure that the service set identifier (SSID) on the device matches (case-sensitive) the one in the system.
  • Move your cursor over the connection settings to review options to deactivate, edit, or remove. 
You can add only one proxy and multiple Wi-Fi networks. When you delete a network from the policy, the changes take effect on the physical device. 
apple network.png
Figure 6: Manage network connections in an Apple MDM policy

OS updates 

iOS and iPadOS 17+ devices support all settings configured in this section unless otherwise specified. Supervised (work profile devices) only support User behavior configurations.

Set policies that define which OS versions are approved and when, by establishing deadlines for their devices to adhere to. This allows devices to update whether they're locked with a passcode or not. It includes direct integrations with Apple's various APIs and additional server-side logic to simplify and further automate update management. 

For more information, refer to NinjaOne Apple MDM: OS Update Management.

Custom Payload

This section enables you to define a specific configuration profile that NinjaOne will apply to devices assigned to the policy. NinjaOne deploys each custom payload as a separate MDM profile to the device.

Custom payloads allow NinjaOne to support all Apple MDM payloads even if the UI does not reflect support. There may be a slight delay in implementing new functionalities introduced by Apple, but we will expedite the development of an appropriate solution. 

To learn more about Apple configuration profiles and profile-specific payloads, refer to Apple's developer documents

For more information about configuring this data in a NinjaOne policy, refer to NinjaOne Apple MDM Policy Settings: Custom Payloads.

Location Tracking 

Track the detailed location of mobile devices and devices that can provide GPS location information. Learn more at MDM Location Tracking.

Resync Policy

The action button on the device dashboard has a new Resync Policies option. Technicians must have minimum permissions of View, Update for device access.

apple_resync policy.png
Figure 7: Resync a policy for an Apple mobile device

This action will create a feed in the Activities section when started and completed.

policy resync_activity.png
Figure 8: Resync a policy for an Apple mobile device

Additional Resources

Refer to the following resources to learn more about NinjaOne MDM: 

FAQ

Next Steps