Apple device configuration list in the Intune settings catalog
This article lists and describes the Apple configurations you can manage using a settings catalog policy in Microsoft Intune.
This article applies to:
- iOS/iPadOS
- macOS
Before you begin
- At a minimum, sign into the Intune admin center as a member of the Policy and Profile Manager role. For more information on the built-in Intune roles, go to Role-based access control (RBAC) with Microsoft Intune.
- Create a settings catalog policy.
How to use this article
This article covers the two types of configurations from Apple's mobile device management (MDM) protocol:
- Apple declarative configurations
- Apple MDM payloads
Each section can have links to other documents:
- Apple platform guides: The Apple Platform Deployment and Security guides that cover deployment and security features of Apple technology
- Apple developer: The developer documentation outlines the device management API that gets updated with every OS release
- Apple YAML: Apple GitHub repository that contains setting definitions that are ingested into the settings catalog. Use this information to see requirements like applicable OS version, enrollment types, and if supervision is required
- Intune documentation: Intune guides for scenario-based configuration like setting up Platform Single Sign On or deploying declarative software updates
- Known issues: Updated list of known issues related to each configuration
Some settings are available in device configuration templates and in the settings catalog. To help with a manual policy migration, this article lists the template settings that maps to their equivalent setting in the settings catalog.
Important
It's recommended to create all new policies using the settings catalog where possible. Some of the existing device configuration templates are no longer being updated. In a future Intune release, they will be migrated to use the settings catalog policy type and the ability to create new templates will be deprecated. These templates include:
- Device features
- Device restrictions
- Endpoint protection (Deprecated)
- Extensions (Deprecated)
Policies that should still be created using templates include:
- Derived credential
- PKCS certificate
- PKCS imported certificate
- SCEP certificate
- Trusted certificate
- VPN
- Wi-Fi
- Wired network
Apple declarative configurations
This section is specific to the configurations that are under the Declarative Device Management (DDM) category in the settings catalog. You can learn more about DDM at Intro to declarative device management and Apple devices on Apple's website.
Disk Management
Use Disk Management setting to install disk management settings on devices. This configuration is located in the Declarative Device Management (DDM) category of the settings catalog. You can learn more about Disk Management using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Storage management declarative configuration | Disk Management Settings | Disk Management Settings |
Known issues
- None
Math Settings
Use Math Settings to configure the Math and Calculator apps on devices. This configuration is located in the Declarative Device Management (DDM) category of the settings catalog. You can learn more about Math Settings using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Math and Calculator app declarative configuration | Math Settings | Math Settings |
Known issues
- None
Passcode
Use the passcode configuration to require that devices have a password or passcode that meet your organization's requirements. This configuration is located in the Declarative Device Management (DDM) category of the settings catalog. You can learn more about Passcode using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Passcode | Passcode |
Known issues
- None
Safari Extension Settings
Use the Safari extensions settings to manage extensions in the Safari browser. This configuration is located in the Declarative Device Management (DDM) category of the settings catalog. You can learn more about Safari Extension Settings using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Safari extensions management declarative configuration | Safari Extension Settings | Safari Extension Settings |
Known issues
- None
Software Update
Use the Software Update configuration to enforce an update to install at a specific time. This configuration is located in the Declarative Device Management (DDM) category of the settings catalog. You can learn more about this configuration using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Software Update Enforcement Specific | Software Update Enforcement Specific | Use the settings catalog to configure managed software updates |
Known issues
- None
Software Update Settings
Use the Software Update Settings configuration to defer OS updates and control how users can manually interact with software updates in System Settings. This configuration is located in the Declarative Device Management (DDM) category of the settings catalog. You can learn more about Passcode using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Software Update Settings declarative configuration | Software Update Settings | Software Update Settings | Use the settings catalog to configure managed software updates |
Known issues
- None
Apple MDM payload settings
This section is specific to Apple payloads that use the standard MDM channel. A list of these payloads is available at Review MDM payloads for Apple devices on Apple's website.
FileVault
Use FileVault configurations to manage disk encryption on macOS devices. These configurations are located in the Full Disk Encryption category of the settings catalog. You can learn more about FileVault using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Encrypt macOS devices (Microsoft Learn) |
Known issues
Intune device configuration template to settings catalog mapping
Endpoint protection template | Settings catalog category | Settings catalog setting |
---|---|---|
Enable FileVault | Full Disk Encryption > FileVault | Enable |
Escrow location description of personal recovery key | Full Disk Encryption > FileVault Recovery Key Escrow | Location |
Personal recovery key rotation | Full Disk Encryption > FileVault | Recovery Key Rotation In Months |
Hide recovery key | Full Disk Encryption > FileVault | Show Recovery Key |
Disable prompt at sign out | Full Disk Encryption > FileVault | Defer Don't Ask At User Logout |
Number of times allowed to bypass | Full Disk Encryption > FileVault | Defer Force At User Login Max Bypass Attempts |
Firewall
Use the Firewall configuration to manage the native macOS application firewall. This configuration is located in the Security category of the settings catalog. You can learn more about Firewall using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML |
---|---|---|
Firewall | Firewall (YAML) |
Known issues
Intune device configuration template to settings catalog mapping
Endpoint protection template | Settings catalog category | Settings catalog setting |
---|---|---|
Enable Firewall | Networking > Firewall | Enable Firewall |
Block all incoming connections | Networking > Firewall | Block All Incoming |
Apps allowed | Networking > Firewall | Applications (Allowed = True) |
Apps blocked | Networking > Firewall | Applications (Allowed = False) |
Enable stealth mode | Networking > Firewall | Enable Stealth Mode |
Font
Note
Font files being uploaded to Intune must be less than 2MB in size.
Use the Font payload to configure fonts on devices. This configuration is located in the System Configuration category of the settings catalog. You can learn more about Font using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML | Intune documentation |
---|---|---|---|
Fonts MDM payload settings | Font | Font |
Known issues
- None
System Policy Control (Gatekeeper)
Use the System Policy Control payload to configure Gatekeeper settings. This configuration is located in the System Policy Control category of the settings catalog. You can learn more about System Policy Control using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML |
---|---|---|
SystemPolicyControl | System Policy Control |
Known issues
- None
Intune device configuration template to settings catalog mapping
Endpoint protection template | Settings catalog category | Settings catalog setting |
---|---|---|
Do not allow user to override Gatekeeper | System Policy Control > System Policy Control | Enable Assessment |
Allow apps downloaded from these locations | System Policy Control > System Policy Control | Allow Identified Developers |
System Extensions
Use the System Extensions payload to configure system extensions to be automatically loaded or prevent users from approving specific extensions. This configuration is located in the System Configuration category of the settings catalog. You can learn more about System Extensions using the following documentation:
Apple Platform Guides | Apple Developer | Apple YAML |
---|---|---|
System Extensions | System Extensions |
Known issues
- None
Intune device configuration template to settings catalog mapping
Extensions template | Settings catalog category | Settings catalog setting |
---|---|---|
Block User Overrides | System Configuration > System Extensions | Allow User Overrides |
Allowed team identifiers | System Configuration > System Extensions | Allowed Team Identifiers |
Allowed system extensions | System Configuration > System Extensions | Allowed System Extensions |
Allowed system extension types | System Configuration > System Extensions | Allowed System Extension Types |