Posted on 30th March 2017 by Richard Mallion

Management changes to iOS 10.3 and macOS Sierra 10.12.4

MacOS-Sierra-Banner

Apple has just released updates to their iOS and macOS operating systems. As seems to be the trend these days, these point releases add new features , especially in the area of management. Here is a breakdown of what is coming.
This information comes from Apple’s pre-release documentation for configuration profiles.

iOS 10.3

Restrictions Payload:

The following keys have been added to this existing payload. Again its worth pointing out that these new keys require the device to be supervised.

allowDictation:
Supervised only. If set to false this will disallow dictation. This payload defaults to true

forceWiFiWhitelisting:
Supervised only. If set to true, the device can join Wi-Fi networks only if they were set up through a configuration profile. This key defaults to false

forceUnpromptedManagedClassroomScreenObservation:
Supervised only. If set to true, and the key ScreenObservationPermissionModificationAllowed is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that course’s teacher’s requests to observe the student’s screen without prompting the student. Defaults to false.

macOS Sierra 10.12.4

Restrictions Payload:

The following keys have been added to this existing payload.

allowFingerprintForUnlock:
If set to false, prevents Touch ID from unlocking a device. Defaults to true.

allowCloudDesktopAndDocuments:
If set to false, disallows macOS cloud desktop and document services. Defaults to true.

allowCloudDesktopAndDocuments:
If set to false, disallows macOS cloud desktop and document services. Defaults to true.

SmartCard Settings Payload

The following payload has been added to handle smart cards.

UserPairing:
If set to false, users will not get the pairing dialog, although existing pairings will still work. Default is true.

If set to false, the SmartCard is disabled for logins, authorizations, and screensaver unlocking. It is still allowed for other functions, such as signing emails and web access. A restart is required for a change of setting to take effect. Default is true.

If set to true, certificates on the card must be valid in these ways: its issuer is system-trusted, the certificate is not expired, its “valid-after” date is in the past, and it passes CRL and OCSP checking. User overrides are not allowed. Usually this key is set to true for SmartCard use in corporate environments. Default is false.

If set to true, a user can pair with only one smart card, although existing pairings will be allowed if already set up. Default is false.

Apple TV

One interesting development with the Apple TV is with tvOS 10.2. These devices will now support Apple’s Device Enrolment Program (DEP), meaning you will be able to configure these out the box in the same way you can with iOS and Mac devices.

This information comes from Apple’s pre-release documentation for configuration profiles.