We will list the definitions of each of the iOS profiles here and what they can do. To see the available profiles click on the iOS Profiles tab in the top navigation.Â
RESTRICTIONS
Restrictions profiles allow you to restrict which apps, device functionality, and media content are available to the user. While most of the options can be unchecked there are a few that impact a kiosk or locked down scenario more than others, which we will focus on below
- Name – Use your own desired naming practices for the profile name
- Payload Removal Disallowed –Â Prevents the ability to remove the profile locally on the device
- Add a tag –Â You can place a tag on this profile which will then make this profile visible to restricted admins
- Autonomous App – Any apps listed in this text box will be allowed to access Autonomous Single App Mode (SAM). If the apps you want to allow aren’t listed in your Moki account you’ll need to get the bundleID of the app and type it in, such as com.apple.mobilesafari
- App Blacklist (supervised only) – Any apps listed in this text box will not be allowed on the device. If the app is installed on the device, like Safari, then it will be hidden
- App Whitelist (supervised only) – The apps listed in this text box are the only apps visible on the device. IF the apps you want aren’t listed in your Moki account you’ll need to get the bundleID of the app and type it in. Here is a list of all Apple app’s bundleIDs.
Functionality Section
- Allow use of camera –Â Allows the user of the device to use the camera and any apps that use the camera
- Allow FaceTime – Can allow the camera but restrict access to FaceTime
- Allow installing apps – App Store apps only
- Allow removing apps (supervised only) – Controls a users ability to remove the app from the device, doesn’t affect the ability to remove the app from the Moki platform
- Allow Erase All Content and Settings (supervised only) – Hides the Reset option for Erasing All Content and Settings but leaves the Reset All Settings option
- Allow modifying account settings (supervised only) – Controls a users ability to change logged in account settings
- Allow documents from managed sources in unmanaged destinations – Controls whether information, like photos, can be accessed in the app type
- Allow documents from unmanaged sources in managed destinations –Â Controls whether information, like photos, can be accessed in the app type
- Allow Passbook notifications in Lock screen – Controls a Lock screen item
- Show Control Center in Lock screen – Controls a Lock screen item
- Show Notification Center in Lock screen – Controls a Lock screen item
- Show Today view in Lock screen – Controls a Lock screen item
- Allow UI App Installation – Allows native Apple apps like Clock and Camera to be visible
- Allow Changing of Passcode (supervised only) – Controls the user’s ability to change the passcode
- Allow Changing of Device Name (supervised only) – Controls the user’s ability to change the name of the device on the iPad
- Allow Enterprise App Trust – Controls whether you can trust the developer of an enterprise app. Enterprise apps have to be trusted before they can be installed
Media Content
Apps – You must set this at or above the rating of the app you desire to use
Â
PASSCODES
Specify the passcode policies enforced on the device such as length, complexity and attempts.
- Name –Â Use your own desired naming practices for the profile name
- Payload Removal Disallowed –Â Prevents the ability to remove the profile locally on the device
- Add a tag –Â You can place a tag on this profile which will then make this profile visible to restricted admins
- Allow simple value – Permit the use of repeating, ascending, and descending character sequences
- Require alphanumeric value – Requires passcode to contain at least one letter and one number
- Minimum passcode length – Choose the smallest number of passcode characters allowed
- Minimum number of complex characters – Choose the smallest number of non-alphanumeric characters allowed
- Maximum passcode age (1-730 days, or none) – Choose the days after which the passcode must be changed
- Maximum Auto-Lock – Choose the longest auto-lock time available to users
- Passcode history (1-50 passcodes, or none) – Choose the number of unique passcodes before reuse of a previous passcode
- Maximum grace period for device lock – Choose the longest device lock grace period available to the user
- Maximum number of failed attempts – Choose the numbe rof passcode entry attempts allowed before all data on the device will be erased
Â
WI-FI
You can create a Wi-Fi profile to send to one or multiple devices. The profile will allow a device to connect to the Wi-Fi network specified in the profile.
- Name – Use your own desired naming practices for the profile name. Something easily identifiable will be beneficial if you plan on having multiple WiFi profiles in your account
- Payload Removal Disallowed – Prevents the ability to remove the profile locally on the device
- Add a tag – You can place a tag on this profile which will then make this profile visible to restricted admins
- SSID – Identification of the wireless network that shows up in the available networks view
- Hidden Network – If the network is setup as hidden, meaning the SSID is not broadcast, you will need to check this box
- Auto Join – Join the network automatically when in range
- Proxy Setup –Â Â If you connect to your device via Proxy you’ll need to enable this option then choose how you connect to the proxy
- Manual
- Server and Port – Hostname or IP address, and port number for the proxy server
- Username – Username used to connect to the proxy
- Password – Password used to authenticate with the proxy
- Auto
- Proxy Server URL – URL used to retrieve proxy settings
- Allow direct connection if PAC is unreachable
- Security Type – Type of encryption method used by the network when connecting
- Password – Password for the wireless network
WEB CLIPS
Specify a URL to be added to the Home Screen for easy access
- Name – Use your own desired naming practices for the profile name. Something easily identifiable will be beneficial if you plan on having multiple WiFi profiles in your account
- Payload Removal Disallowed – Prevents the ability to remove the profile locally on the device
- Add a tag – You can place a tag on this profile which will then make this profile visible to restricted admins
- Label:Â This is the label of the Web Clip. This text will appear directly beneath the icon on the user’s iOS home screen.
- URL:Â The URL that you want the icon to launch.
- Removable:Â Allows the Web Clip to be removed locally on the device
- Icon:Â Image for the Web Clip. Recommended size is 152 x 152 pixels. If you don’t specify an icon, a capture of your web page will be used as the icon.
- Precompressed icon:Â Sets whether the icon has added visual effects
- Full Screen:Â This will remove the navigation bars normally found at the top and bottom of the Safari browser.
APP LOCK
Lock the device down to a single app.
- Name – Use your own desired naming practices for the profile name. Something easily identifiable will be beneficial if you plan on having multiple WiFi profiles in your account
- Payload Removal Disallowed – Prevents the ability to remove the profile locally on the device
- Add a tag – You can place a tag on this profile which will then make this profile visible to restricted admins
- Application – Select the app you want the device to locked to. If the app isn’t in your Moki account you’ll need to add the bundleID for the app manually
- Disable touch screen – Disables all touches to the screen
- Disable device rotation – Disables the ability of the screen to display content in the other orientation from what the device is in when the profile is applied
- Disable volume buttons – Disables the ability to change the volume locally on the device
- Disable ringer switch – Disables the ability to change the ringer settings locally on the device
- Disable sleep/wake button – Disabled the abiltiy to lock the device or wake it up locally and prevents the ability to turn the device off. This does not prevent a hard reboot of the device
- Disable Auto-Lock – Disables the Auto-Lock timer from locking the device according to its setting
- The remaining features refer to Accessibility options of General settings – typically these aren’t used in a kiosk or digital signage scenario so we will just list the settings without givin ga description
- Enable VoiceOver
- Enable zoom
- Enable Invert Colors
- Enable AssistiveTouch
- Enable Speak Selection
- Enable Mono audio
- Allow user to adjust VoiceOver
- Allow user to adjust zoom
- Allow user to adjust Invert Colors
- Allow user to adjust AssistiveTouch
GLOBAL PROXY
Sets the HTTP PROXY settings for your network traffic to run through. If your company runs web traffic through a global proxy then this allows you to set the HTTP PROXY settings for your network traffic to run through. If you don’t know what this is then you probably don’t use it 🙂
- Name – Use your own desired naming practices for the profile name. Something easily identifiable will be beneficial if you plan on having multiple WiFi profiles in your account
- Payload Removal Disallowed – Prevents the ability to remove the profile locally on the device
- Add a tag – You can place a tag on this profile which will then make this profile visible to restricted admins
- Proxy Type – there are two types of proxies, Manual and Auto
- Manual
- Server and Port – Hostname or IP address, and port number for the proxy server
- Username – Username used to connect to the proxy
- Password – Password used to authenticate with the proxy
- Allow bypassing proxy to access captive networks
- Manual
- Auto
- Proxy Server URL – Input the URL that the PAC (Proxy Auto-Config) will use to retrieve the settings
- Allow direct connection if PAC is unreachable
- Allow bypassing proxy to access captive networks
CUSTOM
Is where you would go to upload profiles created in Apple Configurator.
- Import Profile – Brings up a file selector so you can import your profile
- Check to upload unsupported policy type – This needs to be checked if the profile you are importing contains any information for elements outside the options Moki gives you. For example Apple Configurator allows you to configure blacklists and whitelists for specific websites but Moki does not. In this scenario you would need to check this box