Declarative app configuration for Apple devices
This declaration can be used to deploy the following apps to devices: App Store apps, Custom Apps, Unlisted Apps, and proprietary in-house apps. The app configuration supports the following:
Minimum supported operating system versions and channels: iOS 17.2, iPadOS 17.2, Shared iPad user, visionOS 2.4.
Requires supervision: No.
Supported enrollment methods: User Enrollment, Device Enrollment, Automated Device Enrollment.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
App Store ID | The App Store ID of the Managed App. Either App Store ID, bundle ID, or manifest URL must be set and are mutually exclusive. | No | |||||||||
Bundle ID | The bundle ID of the Managed App. Either App Store ID, bundle ID, or manifest URL must be set and are mutually exclusive. | No | |||||||||
Manifest URL | The manifest URL of the Managed App. Either App Store ID, bundle ID, or manifest URL must be set and are mutually exclusive. | No | |||||||||
Install behavior | Defines whether the app is required and gets installed automatically or if the user can decide about install and removal. | No | |||||||||
License | Indicates whether a device or user based volume purchasing license is used for the app. | No | |||||||||
Include in backup | Defines whether the app and its data are included in a backup. | No | |||||||||
App attributes
In addition, the following attributes can be defined for each app.
Setting | Description | Required |
|---|---|---|
Associated Domains | The associated domains to add to an app. | No |
Associated Domains Enable Direct Downloads | Allow claimed website association verification to be done at the domain. | No |
Cellular network slice | The data network name (DNN) or traffic category identifying a network slice provided by a carrier. | No |
Content filter UUID | The UUID of a content filter configuration to assign to the app. | No |
DNS proxy UUID | The UUID of a DNS proxy configuration to assign to the app. | No |
Relay UUID | The UUID of a network relay configuration to assign to the app. | No |
Tap to Pay on Lock Screen | Requires a user to unlock their device with Face ID, Touch ID, or a passcode after every transaction during which the device was handed over to a customer to enter their card PIN. | No |
VPN UUID | The UUID of an app-layer VPN configuration to assign to an app. | No |
Note: Each MDM vendor implements these settings differently. To learn how authentication credential assets and identity assets are applied to your devices and users, consult your MDM vendor’s documentation.