diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertExpiringLicenses.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertExpiringLicenses.ps1
index a770812e9c7a..ac0f0c4d9d04 100644
--- a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertExpiringLicenses.ps1
+++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertExpiringLicenses.ps1
@@ -10,6 +10,7 @@ function Get-CIPPAlertExpiringLicenses {
$InputValue,
$TenantFilter
)
+
try {
# Parse input parameters - default to 30 days if not specified
# Support both old format (direct value) and new format (object with properties)
@@ -22,41 +23,52 @@ function Get-CIPPAlertExpiringLicenses {
$UnassignedOnly = $false
}
- $AlertData = Get-CIPPLicenseOverview -TenantFilter $TenantFilter | ForEach-Object {
- $UnassignedCount = [int]$_.CountAvailable
+ $AlertData = @(
+ Get-CIPPLicenseOverview -TenantFilter $TenantFilter | ForEach-Object {
- # If unassigned only filter is enabled, skip licenses with no unassigned units
- if ($UnassignedOnly -and $UnassignedCount -le 0) {
- return
- }
+ $UnassignedCount = [int]$_.CountAvailable
- foreach ($Term in $TermData) {
- if ($Term.DaysUntilRenew -lt $DaysThreshold -and $Term.DaysUntilRenew -gt 0) {
- $Message = if ($UnassignedOnly) {
- "$($_.License) has $UnassignedCount unassigned license(s) expiring in $($Term.DaysUntilRenew) days. The estimated term is $($Term.Term)"
- } else {
- "$($_.License) will expire in $($Term.DaysUntilRenew) days. The estimated term is $($Term.Term)"
- }
+ # If unassigned only filter is enabled, skip licenses with no unassigned units
+ if ($UnassignedOnly -and $UnassignedCount -le 0) {
+ return
+ }
+
+ # FIX: term rows are in TermInfo on the overview object
+ $TermData = @($_.TermInfo)
- Write-Host $Message
- [PSCustomObject]@{
- Message = $Message
- License = $_.License
- SkuId = $_.skuId
- DaysUntilRenew = $Term.DaysUntilRenew
- Term = $Term.Term
- Status = $Term.Status
- TotalLicenses = $Term.TotalLicenses
- CountUsed = $_.CountUsed
- CountAvailable = $UnassignedCount
- NextLifecycle = $Term.NextLifecycle
- Tenant = $_.Tenant
+ foreach ($Term in $TermData) {
+ $DaysUntilRenew = [int]$Term.DaysUntilRenew
+
+ if ($DaysUntilRenew -lt $DaysThreshold -and $DaysUntilRenew -gt 0) {
+
+ $Message = if ($UnassignedOnly) {
+ "$($_.License) has $UnassignedCount unassigned license(s) expiring in $DaysUntilRenew days. The estimated term is $($Term.Term)"
+ } else {
+ "$($_.License) will expire in $DaysUntilRenew days. The estimated term is $($Term.Term)"
+ }
+
+ [PSCustomObject]@{
+ Message = $Message
+ License = $_.License
+ SkuId = $_.skuId
+ DaysUntilRenew = $DaysUntilRenew
+ Term = $Term.Term
+ Status = $Term.Status
+ TotalLicenses = $Term.TotalLicenses
+ CountUsed = $_.CountUsed
+ CountAvailable = $UnassignedCount
+ NextLifecycle = $Term.NextLifecycle
+ Tenant = $_.Tenant
+ }
}
}
}
- }
+ )
+
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
} catch {
+ Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -error $_
+ throw
}
}
diff --git a/Modules/CIPPCore/Public/Enable-CIPPMDEConnector.ps1 b/Modules/CIPPCore/Public/Enable-CIPPMDEConnector.ps1
new file mode 100644
index 000000000000..298da51d771e
--- /dev/null
+++ b/Modules/CIPPCore/Public/Enable-CIPPMDEConnector.ps1
@@ -0,0 +1,151 @@
+function Enable-CIPPMDEConnector {
+ <#
+ .SYNOPSIS
+ Provisions the Microsoft Defender for Endpoint Intune connector for a tenant.
+ .DESCRIPTION
+ Checks whether the MDE mobile threat defense connector (partnerState) is already 'available' or 'enabled'.
+ If not, iterates through regional MDE API portal endpoints until one succeeds, then verifies
+ the connector state afterwards. Endpoints are ordered so that the tenant's likely region
+ (based on org countryLetterCode) is tried first.
+ .PARAMETER TenantFilter
+ The tenant domain or ID to provision the connector for.
+ .FUNCTIONALITY
+ Internal
+ #>
+ [CmdletBinding()]
+ param(
+ [Parameter(Mandatory = $true)]
+ [string]$TenantFilter
+ )
+
+ # MDE connector ID is fixed across all tenants
+ $ConnectorId = 'fc780465-2017-40d4-a0c5-307022471b92'
+ $ConnectorUri = "https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/$ConnectorId"
+
+ # All known regional provisioning endpoints
+ $AllEndpoints = @(
+ 'mde-rsp-apiportal-prd-eus.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-eus3.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-cus.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-cus3.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-weu.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-weu3.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-neu.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-neu3.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-uks.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-ukw.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-aue.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-aus.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-aec0a.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-aen0a.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-ins0a.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-inc0a.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-sww0a.securitycenter.windows.com'
+ 'mde-rsp-apiportal-prd-swn0a.securitycenter.windows.com'
+ )
+
+ # Country code -> likely regional endpoint prefixes (used to prioritize, not restrict)
+ $RegionPriority = @{
+ 'US' = @('eus', 'eus3', 'cus', 'cus3')
+ 'CA' = @('eus', 'eus3', 'cus', 'cus3')
+ 'GB' = @('uks', 'ukw')
+ 'AU' = @('aue', 'aus', 'aec0a', 'aen0a')
+ 'IN' = @('ins0a', 'inc0a')
+ 'SE' = @('sww0a', 'swn0a')
+ 'DE' = @('weu', 'weu3')
+ 'FR' = @('weu', 'weu3')
+ 'NL' = @('weu', 'weu3')
+ 'BE' = @('weu', 'weu3')
+ 'AT' = @('weu', 'weu3')
+ 'CH' = @('weu', 'weu3')
+ 'IE' = @('neu', 'neu3')
+ 'FI' = @('neu', 'neu3')
+ 'NO' = @('neu', 'neu3')
+ 'DK' = @('neu', 'neu3')
+ }
+
+ # Check current connector state
+ try {
+ $ConnectorState = New-GraphGetRequest -uri $ConnectorUri -tenantid $TenantFilter
+ } catch {
+ $ErrorMessage = Get-CippException -Exception $_
+ Write-LogMessage -API 'MDEConnector' -tenant $TenantFilter -message "Failed to retrieve MDE connector state. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+ throw "Failed to retrieve MDE connector state for $TenantFilter. Error: $($ErrorMessage.NormalizedError)"
+ }
+
+ if ($ConnectorState.partnerState -in @('available', 'enabled')) {
+ Write-LogMessage -API 'MDEConnector' -tenant $TenantFilter -message 'MDE Intune connector is already in available state.' -Sev Info
+ return [PSCustomObject]@{
+ Success = $true
+ AlreadyDone = $true
+ PartnerState = $ConnectorState.partnerState
+ }
+ }
+
+ # Build a prioritized endpoint list based on tenant country
+ $PrioritizedEndpoints = [System.Collections.Generic.List[string]]::new()
+ try {
+ $OrgInfo = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/organization' -tenantid $TenantFilter
+ $CountryCode = $OrgInfo.countryLetterCode
+ if ($CountryCode -and $RegionPriority.ContainsKey($CountryCode)) {
+ $PrefixHints = $RegionPriority[$CountryCode]
+ foreach ($endpoint in $AllEndpoints) {
+ foreach ($prefix in $PrefixHints) {
+ if ($endpoint -like "*-prd-$prefix.*") {
+ $PrioritizedEndpoints.Add($endpoint)
+ break
+ }
+ }
+ }
+ }
+ Write-Information "MDE connector provisioning for $TenantFilter (country: $CountryCode): prioritized $($PrioritizedEndpoints.Count) regional endpoint(s)"
+ } catch {
+ Write-Information "Could not retrieve org country for $TenantFilter - will try all endpoints"
+ }
+
+ # Append remaining endpoints that weren't already prioritized
+ foreach ($endpoint in $AllEndpoints) {
+ if ($endpoint -notin $PrioritizedEndpoints) {
+ $PrioritizedEndpoints.Add($endpoint)
+ }
+ }
+
+ # Try each endpoint until one succeeds
+ $ProvisionBody = '{"timeout":60000}'
+ $ProvisionScope = 'https://api.securitycenter.windows.com/.default'
+ $SuccessfulEndpoint = $null
+
+ foreach ($endpoint in $PrioritizedEndpoints) {
+ $ProvisionUri = "https://$endpoint/api/cloud/portal/onboarding/intune/provision"
+ try {
+ Write-Information "Attempting MDE provisioning for $TenantFilter via $endpoint"
+ $null = New-GraphPOSTRequest -uri $ProvisionUri -tenantid $TenantFilter -body $ProvisionBody -scope $ProvisionScope
+ $SuccessfulEndpoint = $endpoint
+ Write-LogMessage -API 'MDEConnector' -tenant $TenantFilter -message "MDE Intune connector provisioned successfully via $endpoint" -Sev Info
+ break
+ } catch {
+ $ErrorMessage = Get-CippException -Exception $_
+ Write-Information "Endpoint $endpoint failed for $TenantFilter`: $($ErrorMessage.NormalizedError)"
+ }
+ }
+
+ if (-not $SuccessfulEndpoint) {
+ $Msg = "Failed to provision MDE Intune connector for $TenantFilter - all regional endpoints were unsuccessful."
+ Write-LogMessage -API 'MDEConnector' -tenant $TenantFilter -message $Msg -Sev Error
+ throw $Msg
+ }
+
+ # Verify the connector state after provisioning
+ try {
+ $UpdatedState = New-GraphGetRequest -uri $ConnectorUri -tenantid $TenantFilter
+ } catch {
+ $UpdatedState = $null
+ }
+
+ return [PSCustomObject]@{
+ Success = $UpdatedState.partnerState -in @('available', 'enabled')
+ AlreadyDone = $false
+ Endpoint = $SuccessfulEndpoint
+ PartnerState = $UpdatedState.partnerState
+ }
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/CIPPDBCache/Push-ExecCIPPDBCache.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/CIPPDBCache/Push-ExecCIPPDBCache.ps1
index ac069351da91..3addac873be0 100644
--- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/CIPPDBCache/Push-ExecCIPPDBCache.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/CIPPDBCache/Push-ExecCIPPDBCache.ps1
@@ -4,7 +4,11 @@ function Push-ExecCIPPDBCache {
Generic wrapper to execute CIPP DB cache functions
.DESCRIPTION
- Executes the specified Set-CIPPDBCache* function with the provided parameters
+ Supports two modes:
+ - Grouped collection: When CollectionType is specified, delegates to Invoke-CIPPDBCacheCollection
+ which runs all cache functions for that license group sequentially in one activity.
+ - Single type (legacy): When Name is specified, executes a single Set-CIPPDBCache* function.
+ Used by the HTTP endpoint for on-demand single-type cache refreshes.
.FUNCTIONALITY
Entrypoint
@@ -12,12 +16,30 @@ function Push-ExecCIPPDBCache {
[CmdletBinding()]
param($Item)
- $Name = $Item.Name
$TenantFilter = $Item.TenantFilter
$QueueId = $Item.QueueId
- $Types = $Item.Types
try {
+ # Grouped collection mode — runs all cache types for a license category in one activity
+ if ($Item.CollectionType) {
+ Write-Information "Collecting $($Item.CollectionType) group for tenant $TenantFilter"
+
+ $Params = @{
+ CollectionType = $Item.CollectionType
+ TenantFilter = $TenantFilter
+ }
+ if ($QueueId) { $Params.QueueId = $QueueId }
+
+ $Result = Invoke-CIPPDBCacheCollection @Params
+
+ Write-Information "Completed $($Item.CollectionType) group for $TenantFilter - $($Result.Success)/$($Result.Total) succeeded"
+ return "Successfully executed $($Item.CollectionType) collection for $TenantFilter ($($Result.Success)/$($Result.Total))"
+ }
+
+ # Single-type mode (legacy) — used by HTTP endpoint for on-demand cache refresh
+ $Name = $Item.Name
+ $Types = $Item.Types
+
Write-Information "Collecting $Name for tenant $TenantFilter"
# Build the full function name
@@ -53,7 +75,7 @@ function Push-ExecCIPPDBCache {
return "Successfully executed $Name for tenant $TenantFilter"
} catch {
- $ErrorMsg = "Failed to execute $Name for tenant $TenantFilter : $($_.Exception.Message)"
+ $ErrorMsg = "Failed to execute $(if ($Item.CollectionType) { "$($Item.CollectionType) collection" } else { $Item.Name }) for tenant $TenantFilter : $($_.Exception.Message)"
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message $ErrorMsg -sev Error
throw $ErrorMsg
}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Mailbox Permissions/Push-GetCalendarPermissionsBatch.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Mailbox Permissions/Push-GetCalendarPermissionsBatch.ps1
index 5c98bacd6aec..319a573a21ed 100644
--- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Mailbox Permissions/Push-GetCalendarPermissionsBatch.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Mailbox Permissions/Push-GetCalendarPermissionsBatch.ps1
@@ -4,7 +4,10 @@ function Push-GetCalendarPermissionsBatch {
Process a batch of calendar permission queries
.DESCRIPTION
- Queries calendar permissions for a batch of mailboxes
+ Queries calendar permissions for a batch of mailboxes.
+ Uses a folder name cache to avoid the expensive Get-MailboxFolderStatistics call
+ on subsequent runs. First run discovers and caches the locale-specific calendar
+ folder name; all future runs skip that call entirely (50% fewer Exchange requests).
.FUNCTIONALITY
Entrypoint
@@ -19,31 +22,65 @@ function Push-GetCalendarPermissionsBatch {
try {
Write-Information "Processing calendar permissions batch $BatchNumber of $TotalBatches for tenant $TenantFilter with $($Mailboxes.Count) mailboxes"
+ # Load cached calendar folder names for this tenant
+ $FolderCacheTable = Get-CippTable -tablename 'CalendarFolderCache'
+ $CachedFolders = @{}
+ try {
+
+ $CacheEntries = Get-CIPPAzDataTableEntity @FolderCacheTable -Filter "PartitionKey eq '$TenantFilter'"
+ foreach ($Entry in $CacheEntries) {
+ $CachedFolders[$Entry.RowKey] = $Entry.FolderName
+ }
+ Write-Host "CAL Cached Folders count is $($CachedFolders.count)"
+ } catch {
+ Write-Information "Could not load folder name cache for $TenantFilter, will discover all folder names"
+ }
+
+ $CacheHits = 0
+ $CacheMisses = 0
+ $NewCacheEntries = [System.Collections.Generic.List[hashtable]]::new()
$AllCalendarPermissions = [System.Collections.Generic.List[object]]::new()
foreach ($MailboxUPN in $Mailboxes) {
try {
- # Step 1: Get the calendar folder name (locale-specific)
- $GetCalParam = @{Identity = $MailboxUPN; FolderScope = 'Calendar' }
- $CalendarFolder = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-MailboxFolderStatistics' -anchor $MailboxUPN -cmdParams $GetCalParam | Select-Object -First 1
-
- if ($CalendarFolder -and $CalendarFolder.name) {
- # Step 2: Get calendar permissions using the folder name
- $CalParam = @{Identity = "$($MailboxUPN):\$($CalendarFolder.name)" }
- $CalendarPermissions = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-MailboxFolderPermission' -anchor $MailboxUPN -cmdParams $CalParam -UseSystemMailbox $true
-
- # Normalize the results
- foreach ($Perm in $CalendarPermissions) {
- $AllCalendarPermissions.Add([PSCustomObject]@{
- id = [guid]::NewGuid().ToString()
- Identity = $Perm.Identity
- User = $Perm.User
- AccessRights = $Perm.AccessRights
- FolderName = $Perm.FolderName
+ # Check cache for folder name
+ $FolderName = $CachedFolders[$MailboxUPN]
+
+ if (-not $FolderName) {
+ # Cache miss — discover the locale-specific calendar folder name
+ $CacheMisses++
+ $GetCalParam = @{Identity = $MailboxUPN; FolderScope = 'Calendar' }
+ $CalendarFolder = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-MailboxFolderStatistics' -anchor $MailboxUPN -cmdParams $GetCalParam | Select-Object -First 1
+
+ if ($CalendarFolder -and $CalendarFolder.name) {
+ $FolderName = $CalendarFolder.name
+ # Queue for cache write
+ $NewCacheEntries.Add(@{
+ PartitionKey = $TenantFilter
+ RowKey = $MailboxUPN
+ FolderName = $FolderName
})
+ } else {
+ Write-Information "No calendar folder found for mailbox $MailboxUPN"
+ continue
}
} else {
- Write-Information "No calendar folder found for mailbox $MailboxUPN"
+ $CacheHits++
+ }
+
+ # Get calendar permissions using the folder name
+ $CalParam = @{Identity = "$($MailboxUPN):\$($FolderName)" }
+ $CalendarPermissions = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-MailboxFolderPermission' -anchor $MailboxUPN -cmdParams $CalParam -UseSystemMailbox $true
+
+ # Normalize the results
+ foreach ($Perm in $CalendarPermissions) {
+ $AllCalendarPermissions.Add([PSCustomObject]@{
+ id = [guid]::NewGuid().ToString()
+ Identity = $Perm.Identity
+ User = $Perm.User
+ AccessRights = $Perm.AccessRights
+ FolderName = $Perm.FolderName
+ })
}
} catch {
Write-Information "Failed to get calendar permissions for $MailboxUPN : $($_.Exception.Message)"
@@ -51,7 +88,17 @@ function Push-GetCalendarPermissionsBatch {
}
}
- Write-Information "Completed calendar permissions batch $BatchNumber of $TotalBatches - processed $($Mailboxes.Count) mailboxes: $($AllCalendarPermissions.Count) calendar permissions"
+ # Persist newly discovered folder names to cache
+ if ($NewCacheEntries.Count -gt 0) {
+ try {
+ Add-CIPPAzDataTableEntity @FolderCacheTable -Entity $NewCacheEntries -Force
+ Write-Information "Cached $($NewCacheEntries.Count) new calendar folder names for $TenantFilter"
+ } catch {
+ Write-Information "Failed to write folder name cache for $TenantFilter : $($_.Exception.Message)"
+ }
+ }
+
+ Write-Information "Completed calendar permissions batch $BatchNumber of $TotalBatches - processed $($Mailboxes.Count) mailboxes: $($AllCalendarPermissions.Count) permissions (cache hits: $CacheHits, misses: $CacheMisses)"
# Return results grouped by command type for consistency with mailbox permissions
return @{
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPDBCacheData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPDBCacheData.ps1
index f3f1d954fccc..e12222b5b037 100644
--- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPDBCacheData.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPDBCacheData.ps1
@@ -4,7 +4,13 @@ function Push-CIPPDBCacheData {
List cache collection tasks for a single tenant (Phase 1 of fan-out/fan-in)
.DESCRIPTION
- Checks tenant license capabilities and returns a list of cache collection work items.
+ Checks tenant license capabilities and returns a list of grouped cache collection work items.
+ Each item represents one collection type (Graph, ExchangeConfig, ExchangeData, etc.) that
+ will run all its cache functions sequentially within a single activity invocation.
+
+ This grouped approach reduces activity count from ~50-67 per tenant down to ~2-6 per tenant,
+ dramatically cutting orchestrator replay overhead and table storage I/O.
+
Does NOT start sub-orchestrators. The returned items are aggregated by the PostExecution
function (CIPPDBCacheApplyBatch) and executed in a single flat orchestrator.
@@ -26,160 +32,93 @@ function Push-CIPPDBCacheData {
Write-Information "License capabilities for $TenantFilter - Intune: $IntuneCapable, CA: $ConditionalAccessCapable, P2: $AzureADPremiumP2Capable, Exchange: $ExchangeCapable"
- # Build list of cache collection tasks based on license capabilities
+ # Build grouped collection tasks — one activity per license category instead of one per cache type
$Tasks = [System.Collections.Generic.List[object]]::new()
- #region All Licenses - Basic tenant data collection
- $BasicCacheFunctions = @(
- 'Users'
- 'Groups'
- 'Guests'
- 'ServicePrincipals'
- 'Apps'
- 'Devices'
- 'Organization'
- 'Roles'
- 'AdminConsentRequestPolicy'
- 'AuthorizationPolicy'
- 'AuthenticationMethodsPolicy'
- 'DeviceSettings'
- 'DirectoryRecommendations'
- 'CrossTenantAccessPolicy'
- 'DefaultAppManagementPolicy'
- 'Settings'
- 'SecureScore'
- 'PIMSettings'
- 'Domains'
- 'B2BManagementPolicy'
- 'DeviceRegistrationPolicy'
- 'OAuth2PermissionGrants'
- 'AppRoleAssignments'
- 'LicenseOverview'
- 'MFAState'
- 'BitlockerKeys'
- )
+ # Graph collection always runs (no special license needed) — 25 cache types in one activity
+ $Tasks.Add(@{
+ FunctionName = 'ExecCIPPDBCache'
+ CollectionType = 'Graph'
+ TenantFilter = $TenantFilter
+ QueueId = $QueueId
+ QueueName = "DB Cache Graph - $TenantFilter"
+ })
+ # MFAState runs as its own activity — it makes 6+ API calls, bulk group/role member
+ # resolution, and O(users × policies) CPU work that can take minutes on large tenants
+ $Tasks.Add(@{
+ FunctionName = 'ExecCIPPDBCache'
+ Name = 'MFAState'
+ TenantFilter = $TenantFilter
+ QueueId = $QueueId
+ QueueName = "DB Cache MFAState - $TenantFilter"
+ })
- foreach ($CacheFunction in $BasicCacheFunctions) {
+ # Exchange collections — split into config (quick policy calls), data (usage reports), and mailboxes (heavy, spawns permission/rule child orchestrators)
+ if ($ExchangeCapable) {
+ $Tasks.Add(@{
+ FunctionName = 'ExecCIPPDBCache'
+ CollectionType = 'ExchangeConfig'
+ TenantFilter = $TenantFilter
+ QueueId = $QueueId
+ QueueName = "DB Cache ExchangeConfig - $TenantFilter"
+ })
+ $Tasks.Add(@{
+ FunctionName = 'ExecCIPPDBCache'
+ CollectionType = 'ExchangeData'
+ TenantFilter = $TenantFilter
+ QueueId = $QueueId
+ QueueName = "DB Cache ExchangeData - $TenantFilter"
+ })
+ # Mailboxes runs as its own activity — it's heavy (fetches all mailboxes) and spawns
+ # child orchestrators for permission/calendar/rules batching that need their own time
$Tasks.Add(@{
FunctionName = 'ExecCIPPDBCache'
- Name = $CacheFunction
+ Name = 'Mailboxes'
TenantFilter = $TenantFilter
QueueId = $QueueId
+ QueueName = "DB Cache Mailboxes - $TenantFilter"
})
- }
- #endregion All Licenses
-
- #region Exchange Licensed - Exchange Online features
- if ($ExchangeCapable) {
- $ExchangeCacheFunctions = @(
- 'ExoAntiPhishPolicies'
- 'ExoMalwareFilterPolicies'
- 'ExoSafeLinksPolicies'
- 'ExoSafeAttachmentPolicies'
- 'ExoTransportRules'
- 'ExoDkimSigningConfig'
- 'ExoOrganizationConfig'
- 'ExoAcceptedDomains'
- 'ExoHostedContentFilterPolicy'
- 'ExoHostedOutboundSpamFilterPolicy'
- 'ExoAntiPhishPolicy'
- 'ExoSafeLinksPolicy'
- 'ExoSafeAttachmentPolicy'
- 'ExoMalwareFilterPolicy'
- 'ExoAtpPolicyForO365'
- 'ExoQuarantinePolicy'
- 'ExoRemoteDomain'
- 'ExoSharingPolicy'
- 'ExoAdminAuditLogConfig'
- 'ExoPresetSecurityPolicy'
- 'ExoTenantAllowBlockList'
- 'Mailboxes'
- 'CASMailboxes'
- 'MailboxUsage'
- 'OneDriveUsage'
- )
-
- foreach ($CacheFunction in $ExchangeCacheFunctions) {
- $Tasks.Add(@{
- FunctionName = 'ExecCIPPDBCache'
- Name = $CacheFunction
- TenantFilter = $TenantFilter
- QueueId = $QueueId
- })
- }
} else {
Write-Host "Skipping Exchange Online data collection for $TenantFilter - no required license"
}
- #endregion Exchange Licensed
- #region Conditional Access Licensed - Azure AD Premium features
if ($ConditionalAccessCapable) {
- $ConditionalAccessCacheFunctions = @(
- 'ConditionalAccessPolicies'
- #'AuthenticationFlowsPolicy'
- 'CredentialUserRegistrationDetails'
- 'UserRegistrationDetails'
- )
- foreach ($CacheFunction in $ConditionalAccessCacheFunctions) {
- $Tasks.Add(@{
- FunctionName = 'ExecCIPPDBCache'
- Name = $CacheFunction
- TenantFilter = $TenantFilter
- QueueId = $QueueId
- })
- }
+ $Tasks.Add(@{
+ FunctionName = 'ExecCIPPDBCache'
+ CollectionType = 'ConditionalAccess'
+ TenantFilter = $TenantFilter
+ QueueId = $QueueId
+ QueueName = "DB Cache ConditionalAccess - $TenantFilter"
+ })
} else {
Write-Host "Skipping Conditional Access data collection for $TenantFilter - no required license"
}
- #endregion Conditional Access Licensed
- #region Azure AD Premium P2 - Identity Protection/PIM features
if ($AzureADPremiumP2Capable) {
- $P2CacheFunctions = @(
- 'RiskyUsers'
- 'RiskyServicePrincipals'
- 'ServicePrincipalRiskDetections'
- 'RiskDetections'
- 'RoleEligibilitySchedules'
- 'RoleAssignmentScheduleInstances'
- 'RoleManagementPolicies'
- )
- foreach ($CacheFunction in $P2CacheFunctions) {
- $Tasks.Add(@{
- FunctionName = 'ExecCIPPDBCache'
- Name = $CacheFunction
- TenantFilter = $TenantFilter
- QueueId = $QueueId
- })
- }
+ $Tasks.Add(@{
+ FunctionName = 'ExecCIPPDBCache'
+ CollectionType = 'IdentityProtection'
+ TenantFilter = $TenantFilter
+ QueueId = $QueueId
+ QueueName = "DB Cache IdentityProtection - $TenantFilter"
+ })
} else {
Write-Host "Skipping Azure AD Premium P2 data collection for $TenantFilter - no required license"
}
- #endregion Azure AD Premium P2
- #region Intune Licensed - Intune management features
if ($IntuneCapable) {
- $IntuneCacheFunctions = @(
- 'ManagedDevices'
- 'IntunePolicies'
- 'ManagedDeviceEncryptionStates'
- 'IntuneAppProtectionPolicies'
- 'DetectedApps'
- )
- foreach ($CacheFunction in $IntuneCacheFunctions) {
- $Tasks.Add(@{
- FunctionName = 'ExecCIPPDBCache'
- Name = $CacheFunction
- TenantFilter = $TenantFilter
- QueueId = $QueueId
- })
- }
+ $Tasks.Add(@{
+ FunctionName = 'ExecCIPPDBCache'
+ CollectionType = 'Intune'
+ TenantFilter = $TenantFilter
+ QueueId = $QueueId
+ QueueName = "DB Cache Intune - $TenantFilter"
+ })
} else {
Write-Host "Skipping Intune data collection for $TenantFilter - no required license"
}
- #endregion Intune Licensed
- Write-Information "Built $($Tasks.Count) cache tasks for tenant $TenantFilter"
+ Write-Information "Built $($Tasks.Count) grouped cache tasks for tenant $TenantFilter (down from individual per-type tasks)"
# Return the task list — the PostExecution function will aggregate and start a flat orchestrator
return @($Tasks)
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1
index efa9cddcd24b..f5a9b6d7609a 100644
--- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1
@@ -11,7 +11,6 @@ function Invoke-AddDefenderDeployment {
$APIName = $Request.Params.CIPPEndpoint
$Headers = $Request.Headers
-
$Tenants = ($Request.Body.selectedTenants).value
if ('AllTenants' -in $Tenants) { $Tenants = (Get-Tenants -IncludeErrors).defaultDomainName }
$Compliance = $Request.Body.Compliance
@@ -22,6 +21,15 @@ function Invoke-AddDefenderDeployment {
$Results = foreach ($tenant in $Tenants) {
try {
if ($Compliance) {
+ $ConnectorStatus = Enable-CIPPMDEConnector -TenantFilter $tenant
+ if (!$ConnectorStatus.Success) {
+ "$($tenant): Failed to enable MDE Connector - $($ConnectorStatus.ErrorMessage)"
+ continue
+ } else {
+ "$($tenant): MDE Connector is $($ConnectorStatus.PartnerState)"
+ }
+
+
$SettingsObject = @{
id = 'fc780465-2017-40d4-a0c5-307022471b92'
androidEnabled = [bool]$Compliance.ConnectAndroid
@@ -32,29 +40,44 @@ function Invoke-AddDefenderDeployment {
partnerUnresponsivenessThresholdInDays = 7
allowPartnerToCollectIOSApplicationMetadata = [bool]$Compliance.ConnectIosCompliance
allowPartnerToCollectIOSPersonalApplicationMetadata = [bool]$Compliance.ConnectIosCompliance
+ androidDeviceBlockedOnMissingPartnerData = [bool]$Compliance.androidDeviceBlockedOnMissingPartnerData
+ iosDeviceBlockedOnMissingPartnerData = [bool]$Compliance.iosDeviceBlockedOnMissingPartnerData
+ windowsDeviceBlockedOnMissingPartnerData = [bool]$Compliance.windowsDeviceBlockedOnMissingPartnerData
+ macDeviceBlockedOnMissingPartnerData = [bool]$Compliance.macDeviceBlockedOnMissingPartnerData
androidMobileApplicationManagementEnabled = [bool]$Compliance.ConnectAndroidCompliance
iosMobileApplicationManagementEnabled = [bool]$Compliance.appSync
+ windowsMobileApplicationManagementEnabled = [bool]$Compliance.windowsMobileApplicationManagementEnabled
+ allowPartnerToCollectIosCertificateMetadata = [bool]$Compliance.allowPartnerToCollectIosCertificateMetadata
+ allowPartnerToCollectIosPersonalCertificateMetadata = [bool]$Compliance.allowPartnerToCollectIosPersonalCertificateMetadata
microsoftDefenderForEndpointAttachEnabled = [bool]$true
}
$SettingsObj = $SettingsObject | ConvertTo-Json -Compress
+ $ConnectorUri = 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/fc780465-2017-40d4-a0c5-307022471b92'
+ $ConnectorExists = $false
+ $SettingsMatch = $false
try {
- $ExistingSettings = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/fc780465-2017-40d4-a0c5-307022471b92' -tenantid $tenant
+ $ExistingSettings = New-GraphGETRequest -uri $ConnectorUri -tenantid $tenant
+ $ConnectorExists = $true
# Check if any setting doesn't match
+ $SettingsMatch = $true
foreach ($key in $SettingsObject.Keys) {
if ($ExistingSettings.$key -ne $SettingsObject[$key]) {
- $ExistingSettings = $false
+ $SettingsMatch = $false
break
}
}
} catch {
- $ExistingSettings = $false
+ $ConnectorExists = $false
}
- if ($ExistingSettings) {
+ if ($SettingsMatch) {
"Defender Intune Configuration already correct and active for $($tenant). Skipping"
+ } elseif ($ConnectorExists) {
+ $null = New-GraphPOSTRequest -uri $ConnectorUri -tenantid $tenant -type PATCH -body $SettingsObj -AsApp $true
+ "$($tenant): Successfully updated Defender Compliance and Reporting settings."
} else {
$null = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/' -tenantid $tenant -type POST -body $SettingsObj -AsApp $true
- "$($tenant): Successfully set Defender Compliance and Reporting settings. Please remember to enable the Intune Connector in the Defender portal."
+ "$($tenant): Successfully created Defender Compliance and Reporting settings."
}
}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1
index d00439f6d36c..8aa000b48019 100644
--- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1
@@ -61,7 +61,11 @@ function Invoke-AddUser {
$body = [pscustomobject] @{
'Results' = @(
$CreationResults.Results[0],
- $CreationResults.Results[1],
+ @{
+ 'resultText' = $CreationResults.Results[1]
+ 'copyField' = $CreationResults.Username
+ 'state' = 'success'
+ },
@{
'resultText' = $CreationResults.Results[2]
'copyField' = $CreationResults.password
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserDefaults.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserDefaults.ps1
index cb59b07113b2..63e6e2b50cfc 100644
--- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserDefaults.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserDefaults.ps1
@@ -106,8 +106,8 @@ function Invoke-AddUserDefaults {
copyFrom = $CopyFrom
}
- # Generate GUID for the template
- $GUID = (New-Guid).GUID
+ # Use existing GUID if editing, otherwise generate new one
+ $GUID = if ($Request.Body.GUID) { $Request.Body.GUID } else { (New-Guid).GUID }
# Convert to JSON
$JSON = ConvertTo-Json -InputObject $TemplateObject -Depth 100 -Compress
@@ -122,7 +122,8 @@ function Invoke-AddUserDefaults {
GUID = "$GUID"
}
- $Result = "Created User Default Template '$($TemplateName)' with GUID $GUID"
+ $Action = if ($Request.Body.GUID) { 'Updated' } else { 'Created' }
+ $Result = "$Action User Default Template '$($TemplateName)' with GUID $GUID"
Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev 'Info'
$StatusCode = [HttpStatusCode]::OK
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
index 15728f58e429..c8a44a162f8b 100644
--- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
@@ -183,7 +183,14 @@ function Invoke-ExecJITAdmin {
'UserPrincipalName' = $Username
}
Roles = $Request.Body.AdminRoles.value
- Action = 'AddRoles'
+ Groups = $Request.Body.GroupMemberships.value
+ Action = if ($Request.Body.AdminRoles.value -and $Request.Body.GroupMemberships.value) {
+ 'AddRolesAndGroups'
+ } elseif ($Request.Body.GroupMemberships.value) {
+ 'AddGroups'
+ } else {
+ 'AddRoles'
+ }
Reason = $Request.Body.Reason
Expiration = $Expiration
StartDate = $Start
@@ -238,6 +245,7 @@ function Invoke-ExecJITAdmin {
'UserPrincipalName' = $Username
}
Roles = $Request.Body.AdminRoles.value
+ Groups = $Request.Body.GroupMemberships.value
Reason = $Request.Body.Reason
Action = $Request.Body.ExpireAction.value
}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListJITAdmin.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListJITAdmin.ps1
index 713f40769a01..e46123a300af 100644
--- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListJITAdmin.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListJITAdmin.ps1
@@ -32,7 +32,7 @@
$BulkRequests.Add(@{
id = $User.id
method = 'GET'
- url = "users/$($User.id)/memberOf/microsoft.graph.directoryRole/?`$select=id,displayName"
+ url = "users/$($User.id)/memberOf?`$select=id,displayName"
})
}
$RoleResults = New-GraphBulkRequest -tenantid $TenantFilter -Requests @($BulkRequests)
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1
index e0a91cfe8dbb..dc4c5cb27860 100644
--- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1
@@ -9,11 +9,25 @@ function Invoke-ExecIncidentsList {
param($Request, $TriggerMetadata)
# Interact with query parameters or the body of the request.
$TenantFilter = $Request.Query.tenantFilter
+ $StartDate = $Request.Query.StartDate # YYYYMMDD or null
+ $EndDate = $Request.Query.EndDate # YYYYMMDD or null
+
+ # Build OData $filter parts for Graph API (single-tenant path)
+ $GraphFilterParts = [System.Collections.Generic.List[string]]::new()
+ if ($StartDate) {
+ $GraphFilterParts.Add("createdDateTime ge $([datetime]::ParseExact($StartDate,'yyyyMMdd',$null).ToString('yyyy-MM-ddT00:00:00Z'))")
+ }
+ if ($EndDate) {
+ $GraphFilterParts.Add("createdDateTime le $([datetime]::ParseExact($EndDate,'yyyyMMdd',$null).ToString('yyyy-MM-ddT23:59:59Z'))")
+ }
+ $GraphODataFilter = if ($GraphFilterParts.Count -gt 0) { '$filter=' + ($GraphFilterParts -join ' and ') } else { $null }
try {
$GraphRequest = if ($TenantFilter -ne 'AllTenants') {
# Single tenant functionality
- $Incidents = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/incidents' -tenantid $TenantFilter -AsApp $true
+ $IncidentsUri = 'https://graph.microsoft.com/beta/security/incidents'
+ if ($GraphODataFilter) { $IncidentsUri = "$IncidentsUri`?$GraphODataFilter" }
+ $Incidents = New-GraphGetRequest -uri $IncidentsUri -tenantid $TenantFilter -AsApp $true
foreach ($incident in $Incidents) {
[PSCustomObject]@{
@@ -29,7 +43,7 @@ function Invoke-ExecIncidentsList {
Classification = $incident.classification
Determination = $incident.determination
Severity = $incident.severity
- Tags = ($IncidentObj.tags -join ', ')
+ Tags = ($incident.tags -join ', ')
Comments = $incident.comments
}
}
@@ -75,6 +89,10 @@ function Invoke-ExecIncidentsList {
$Incidents = $Rows
foreach ($incident in $Incidents) {
$IncidentObj = $incident.Incident | ConvertFrom-Json
+ # In-memory date filter for cached AllTenants data
+ $created = [datetime]::Parse($IncidentObj.createdDateTime)
+ if ($StartDate -and $created -lt [datetime]::ParseExact($StartDate, 'yyyyMMdd', $null)) { continue }
+ if ($EndDate -and $created -ge [datetime]::ParseExact($EndDate, 'yyyyMMdd', $null).AddDays(1)) { continue }
[PSCustomObject]@{
Tenant = $incident.Tenant
Id = $IncidentObj.id
diff --git a/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-CIPPOrchestrator.ps1 b/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-CIPPOrchestrator.ps1
index bbc88f160553..ef944134eef3 100644
--- a/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-CIPPOrchestrator.ps1
+++ b/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-CIPPOrchestrator.ps1
@@ -38,7 +38,7 @@ function Start-CIPPOrchestrator {
# If already running in processor context (e.g., timer trigger) and we have an InputObject,
# start orchestration directly without queuing
- $OrchestratorTriggerDisabled = $env:AzureWebJobs_CIPPOrchestrator_Disabled -eq 'true' -or $env:AzureWebJobs_CIPPOrchestrator_Disabled -eq '1'
+ $OrchestratorTriggerDisabled = $env:AzureWebJobs_CIPPOrchestrator_Disabled -in @('true', '1') -or [System.Environment]::GetEnvironmentVariable('AzureWebJobs.CIPPOrchestrator.Disabled') -in @('true', '1')
if ($InputObject -and -not $OrchestratorTriggerDisabled) {
Write-Information 'Running in processor context - starting orchestration directly'
diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1
index be328974d1e2..d0264d501bff 100644
--- a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1
+++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1
@@ -110,6 +110,7 @@ function New-GraphGetRequest {
StatusCode = $Data.StatusCode
StatusDescription = $Data.StatusDescription
Content = $Content
+ Headers = $Data.Headers
}
$nextURL = $null
} elseif ($CountOnly) {
diff --git a/Modules/CIPPCore/Public/GraphHelper/Set-CIPPOffloadFunctionTriggers.ps1 b/Modules/CIPPCore/Public/GraphHelper/Set-CIPPOffloadFunctionTriggers.ps1
index 48d155353998..ad9995541c28 100644
--- a/Modules/CIPPCore/Public/GraphHelper/Set-CIPPOffloadFunctionTriggers.ps1
+++ b/Modules/CIPPCore/Public/GraphHelper/Set-CIPPOffloadFunctionTriggers.ps1
@@ -65,7 +65,7 @@ function Set-CIPPOffloadFunctionTriggers {
$SettingKey = "AzureWebJobs.$Trigger.Disabled"
# Convert setting key to environment variable format (dots become underscores)
$EnvVarName = $SettingKey -replace '\.', '_'
- $CurrentValue = [System.Environment]::GetEnvironmentVariable($EnvVarName)
+ $CurrentValue = [System.Environment]::GetEnvironmentVariable($SettingKey) ?? [System.Environment]::GetEnvironmentVariable($EnvVarName)
if ($CurrentValue -eq '1') {
Write-Verbose "Skipping $SettingKey - already set to 1"
@@ -96,7 +96,7 @@ function Set-CIPPOffloadFunctionTriggers {
$SettingKey = "AzureWebJobs.$Trigger.Disabled"
# Convert setting key to environment variable format (dots become underscores)
$EnvVarName = $SettingKey -replace '\.', '_'
- $CurrentValue = [System.Environment]::GetEnvironmentVariable($EnvVarName)
+ $CurrentValue = [System.Environment]::GetEnvironmentVariable($SettingKey) ?? [System.Environment]::GetEnvironmentVariable($EnvVarName)
if ([string]::IsNullOrEmpty($CurrentValue) -or $CurrentValue -ne '1') {
Write-Verbose "Skipping $SettingKey - already enabled or not set"
diff --git a/Modules/CIPPCore/Public/Invoke-CIPPDBCacheCollection.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPDBCacheCollection.ps1
new file mode 100644
index 000000000000..0cfeb492af04
--- /dev/null
+++ b/Modules/CIPPCore/Public/Invoke-CIPPDBCacheCollection.ps1
@@ -0,0 +1,185 @@
+function Invoke-CIPPDBCacheCollection {
+ <#
+ .SYNOPSIS
+ Execute a grouped collection of DB cache functions for a tenant
+
+ .DESCRIPTION
+ Runs all Set-CIPPDBCache* functions belonging to a collection type sequentially
+ within a single invocation. This reduces orchestrator activity count by ~10x
+ compared to individual per-type activities, eliminating replay overhead.
+
+ Collection types map to license categories:
+ - Graph: Core tenant data (no special license needed)
+ - ExchangeConfig: Exchange Online policy/config data
+ - ExchangeData: Mailboxes, CAS mailboxes, usage reports
+ - ConditionalAccess: CA policies and registration details
+ - IdentityProtection: Risky users/SPs, risk detections, PIM
+ - Intune: Managed devices, policies, app protection
+
+ .PARAMETER CollectionType
+ The group of cache functions to execute
+
+ .PARAMETER TenantFilter
+ The tenant domain to collect data for
+
+ .PARAMETER QueueId
+ Optional queue ID for progress tracking
+
+ .FUNCTIONALITY
+ Internal
+ #>
+ [CmdletBinding()]
+ param(
+ [Parameter(Mandatory = $true)]
+ [ValidateSet('Graph', 'ExchangeConfig', 'ExchangeData', 'ConditionalAccess', 'IdentityProtection', 'Intune')]
+ [string]$CollectionType,
+
+ [Parameter(Mandatory = $true)]
+ [string]$TenantFilter,
+
+ [string]$QueueId
+ )
+
+ # Canonical collection definitions — single source of truth for grouping
+ $Collections = @{
+ Graph = @(
+ 'Users'
+ 'Groups'
+ 'Guests'
+ 'ServicePrincipals'
+ 'Apps'
+ 'Devices'
+ 'Organization'
+ 'Roles'
+ 'AdminConsentRequestPolicy'
+ 'AuthorizationPolicy'
+ 'AuthenticationMethodsPolicy'
+ 'DeviceSettings'
+ 'DirectoryRecommendations'
+ 'CrossTenantAccessPolicy'
+ 'DefaultAppManagementPolicy'
+ 'Settings'
+ 'SecureScore'
+ 'PIMSettings'
+ 'Domains'
+ 'B2BManagementPolicy'
+ 'DeviceRegistrationPolicy'
+ 'OAuth2PermissionGrants'
+ 'AppRoleAssignments'
+ 'LicenseOverview'
+ 'BitlockerKeys'
+ )
+ ExchangeConfig = @(
+ 'ExoAntiPhishPolicies'
+ 'ExoMalwareFilterPolicies'
+ 'ExoSafeLinksPolicies'
+ 'ExoSafeAttachmentPolicies'
+ 'ExoTransportRules'
+ 'ExoDkimSigningConfig'
+ 'ExoOrganizationConfig'
+ 'ExoAcceptedDomains'
+ 'ExoHostedContentFilterPolicy'
+ 'ExoHostedOutboundSpamFilterPolicy'
+ 'ExoAntiPhishPolicy'
+ 'ExoSafeLinksPolicy'
+ 'ExoSafeAttachmentPolicy'
+ 'ExoMalwareFilterPolicy'
+ 'ExoAtpPolicyForO365'
+ 'ExoQuarantinePolicy'
+ 'ExoRemoteDomain'
+ 'ExoSharingPolicy'
+ 'ExoAdminAuditLogConfig'
+ 'ExoPresetSecurityPolicy'
+ 'ExoTenantAllowBlockList'
+ )
+ ExchangeData = @(
+ 'CASMailboxes'
+ 'MailboxUsage'
+ 'OneDriveUsage'
+ )
+ ConditionalAccess = @(
+ 'ConditionalAccessPolicies'
+ 'CredentialUserRegistrationDetails'
+ 'UserRegistrationDetails'
+ )
+ IdentityProtection = @(
+ 'RiskyUsers'
+ 'RiskyServicePrincipals'
+ 'ServicePrincipalRiskDetections'
+ 'RiskDetections'
+ 'RoleEligibilitySchedules'
+ 'RoleAssignmentScheduleInstances'
+ 'RoleManagementPolicies'
+ )
+ Intune = @(
+ 'ManagedDevices'
+ 'IntunePolicies'
+ 'ManagedDeviceEncryptionStates'
+ 'IntuneAppProtectionPolicies'
+ 'DetectedApps'
+ )
+ }
+
+ $CacheTypes = $Collections[$CollectionType]
+ if (-not $CacheTypes -or $CacheTypes.Count -eq 0) {
+ throw "Unknown or empty collection type: $CollectionType"
+ }
+
+ Write-Information "Starting $CollectionType collection for $TenantFilter ($($CacheTypes.Count) cache types)"
+
+ $CollectionStopwatch = [System.Diagnostics.Stopwatch]::StartNew()
+ $SuccessCount = 0
+ $FailedCount = 0
+ $Errors = [System.Collections.Generic.List[string]]::new()
+ $Timings = [System.Collections.Generic.List[string]]::new()
+
+ foreach ($CacheType in $CacheTypes) {
+ $FullFunctionName = "Set-CIPPDBCache$CacheType"
+ $ItemStopwatch = [System.Diagnostics.Stopwatch]::StartNew()
+ try {
+ $Function = Get-Command -Name $FullFunctionName -ErrorAction SilentlyContinue
+ if (-not $Function) {
+ throw "Function $FullFunctionName not found"
+ }
+
+ $Params = @{ TenantFilter = $TenantFilter }
+ if ($QueueId) { $Params.QueueId = $QueueId }
+
+ Write-Information " [$CollectionType] Collecting $CacheType for $TenantFilter"
+ & $FullFunctionName @Params
+ $ItemStopwatch.Stop()
+ $ElapsedSeconds = [math]::Round($ItemStopwatch.Elapsed.TotalSeconds, 3)
+ $Timings.Add("$CacheType : ${ElapsedSeconds}s")
+ Write-Information " [$CollectionType] Completed $CacheType for $TenantFilter - Took ${ElapsedSeconds} seconds"
+ $SuccessCount++
+ } catch {
+ $ItemStopwatch.Stop()
+ $ElapsedSeconds = [math]::Round($ItemStopwatch.Elapsed.TotalSeconds, 3)
+ $FailedCount++
+ $Errors.Add("$CacheType : $($_.Exception.Message)")
+ $Timings.Add("$CacheType : ${ElapsedSeconds}s (FAILED)")
+ Write-Warning " [$CollectionType] Failed $CacheType for $TenantFilter after ${ElapsedSeconds} seconds: $($_.Exception.Message)"
+ }
+ }
+
+ $CollectionStopwatch.Stop()
+ $TotalElapsed = [math]::Round($CollectionStopwatch.Elapsed.TotalSeconds, 3)
+ $Summary = "$CollectionType collection for $TenantFilter completed in ${TotalElapsed} seconds - $SuccessCount succeeded, $FailedCount failed out of $($CacheTypes.Count)"
+ Write-Information $Summary
+ Write-Information " Timings: $($Timings -join ' | ')"
+
+ if ($FailedCount -gt 0) {
+ Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "$Summary. Errors: $($Errors -join '; ')" -sev Warning
+ }
+
+ return @{
+ CollectionType = $CollectionType
+ TenantFilter = $TenantFilter
+ Success = $SuccessCount
+ Failed = $FailedCount
+ Total = $CacheTypes.Count
+ TotalSeconds = $TotalElapsed
+ Timings = @($Timings)
+ Errors = @($Errors)
+ }
+}
diff --git a/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 b/Modules/CIPPCore/Public/Send-CIPPAlert.ps1
index c26f0f2254e8..5965003d9ec5 100644
--- a/Modules/CIPPCore/Public/Send-CIPPAlert.ps1
+++ b/Modules/CIPPCore/Public/Send-CIPPAlert.ps1
@@ -73,7 +73,7 @@ function Send-CIPPAlert {
} catch {
$ErrorMessage = Get-CippException -Exception $_
Write-Information "Could not send webhook alert to email: $($ErrorMessage.NormalizedError)"
- Write-LogMessage -API 'Webhook Alerts' -message "Could not send webhook alerts to email. $($ErrorMessage.NormalizedError)" -tenant $TenantFilter -sev Error -LogData $ErrorMessage
+ Write-LogMessage -API 'Webhook Alerts' -message "Could not send webhook alerts to email. $($_.Exception.Message)" -tenant $TenantFilter -sev Error -LogData $ErrorMessage
return "Could not send webhook alert to email: $($ErrorMessage.NormalizedError)"
}
}
@@ -122,13 +122,13 @@ function Send-CIPPAlert {
$TeamsBody = [PSCustomObject]@{
text = "You've setup your alert policies to be alerted whenever specific events happen. We've found some of these events in the log.
$ReplacedContent"
} | ConvertTo-Json -Compress
- Invoke-RestMethod -Uri $webhook -Method POST -ContentType 'Application/json' -Body $TeamsBody
+ $WebhookResponse = Invoke-RestMethod -Uri $webhook -Method POST -ContentType 'Application/json' -Body $TeamsBody -StatusCodeVariable WebhookStatusCode -SkipHttpErrorCheck
}
'*discord.com*' {
$DiscordBody = [PSCustomObject]@{
content = "You've setup your alert policies to be alerted whenever specific events happen. We've found some of these events in the log. ``````$ReplacedContent``````"
} | ConvertTo-Json -Compress
- Invoke-RestMethod -Uri $webhook -Method POST -ContentType 'Application/json' -Body $DiscordBody
+ $WebhookResponse = Invoke-RestMethod -Uri $webhook -Method POST -ContentType 'Application/json' -Body $DiscordBody -StatusCodeVariable WebhookStatusCode -SkipHttpErrorCheck
}
'*slack.com*' {
$SlackBlocks = Get-SlackAlertBlocks -JSONBody $JSONContent
@@ -139,32 +139,46 @@ function Send-CIPPAlert {
text = "You've setup your alert policies to be alerted whenever specific events happen. We've found some of these events in the log. ``````$ReplacedContent``````"
} | ConvertTo-Json -Compress
}
- Invoke-RestMethod -Uri $webhook -Method POST -ContentType 'Application/json' -Body $SlackBody
+ $WebhookResponse = Invoke-RestMethod -Uri $webhook -Method POST -ContentType 'Application/json' -Body $SlackBody -StatusCodeVariable WebhookStatusCode -SkipHttpErrorCheck
}
default {
$RestMethod = @{
- Uri = $webhook
- Method = 'POST'
- ContentType = 'application/json'
- Body = $ReplacedContent
+ Uri = $webhook
+ Method = 'POST'
+ ContentType = 'application/json'
+ Body = $ReplacedContent
+ StatusCodeVariable = 'WebhookStatusCode'
+ SkipHttpErrorCheck = $true
}
if ($Headers) {
$RestMethod['Headers'] = $Headers
}
- Invoke-RestMethod @RestMethod
+ $WebhookResponse = Invoke-RestMethod @RestMethod
}
}
}
- Write-LogMessage -API 'Webhook Alerts' -message "Sent Webhook alert $title to External webhook" -tenant $TenantFilter -sev info
+ $LogData = @{
+ WebhookUrl = $webhook
+ StatusCode = $WebhookStatusCode
+ Response = $WebhookResponse
+ }
+ if ($WebhookStatusCode -ge 200 -and $WebhookStatusCode -lt 300) {
+ Write-LogMessage -API 'Webhook Alerts' -message "Sent Webhook alert $title to External webhook. Status code: $WebhookStatusCode" -tenant $TenantFilter -sev info -LogData $LogData
+ return "Sent webhook to $webhook with status code: $WebhookStatusCode"
+ } else {
+ Write-LogMessage -API 'Webhook Alerts' -message "Webhook alert $title failed. $WebhookResponse" -tenant $TenantFilter -sev error -LogData $LogData
+ return "Error: Webhook returned status code $WebhookStatusCode for $webhook - Response: $WebhookResponse"
+ }
} else {
Write-LogMessage -API 'Webhook Alerts' -message 'No webhook URL configured' -sev warning
}
} catch {
- $ErrorMessage = Get-CippException -Exception $_
- Write-Information "Could not send alerts to webhook: $($ErrorMessage.NormalizedError)"
- Write-LogMessage -API 'Webhook Alerts' -message "Could not send alerts to webhook: $($ErrorMessage.NormalizedError)" -tenant $TenantFilter -sev error -LogData $ErrorMessage
- return "Could not send alerts to webhook: $($ErrorMessage.NormalizedError)"
+ $ErrorObject = Get-CippException -Exception $_
+ $ErrorObject | Add-Member -NotePropertyName WebhookUrl -NotePropertyValue ($Config.webhook ?? $AltWebhook) -Force
+ Write-Information "Could not send alerts to webhook: $($_.Exception.Message)"
+ Write-LogMessage -API 'Webhook Alerts' -message "Could not send alerts to webhook: $($_.Exception.Message)" -tenant $TenantFilter -sev error -LogData $ErrorObject
+ return "Error: Could not send alerts to webhook $($_.Exception.Message)"
}
}
diff --git a/Modules/CIPPCore/Public/Set-CIPPDBCacheMailboxes.ps1 b/Modules/CIPPCore/Public/Set-CIPPDBCacheMailboxes.ps1
index d8a10e8e703b..c6b5579b6390 100644
--- a/Modules/CIPPCore/Public/Set-CIPPDBCacheMailboxes.ps1
+++ b/Modules/CIPPCore/Public/Set-CIPPDBCacheMailboxes.ps1
@@ -73,54 +73,66 @@ function Set-CIPPDBCacheMailboxes {
Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "Starting batch caching for types: $($Types -join ', ')" -sev Debug
Write-Information "Starting batch caching for types: $($Types -join ', ')"
- # Create batches based on selected types
- $BatchSize = 10
- $TotalBatches = [Math]::Ceiling($Mailboxes.Count / $BatchSize)
+ # Batch sizes per type:
+ # - Permissions & Rules use New-ExoBulkRequest (single POST), scales well → 50
+ # - Calendar makes 2 serial Exchange calls per mailbox, needs smaller batches → 25
+ $PermissionBatchSize = 50
+ $CalendarBatchSize = 25
+ $RulesBatchSize = 50
# Separate batches for permissions and rules
$PermissionBatches = [System.Collections.Generic.List[object]]::new()
$RuleBatches = [System.Collections.Generic.List[object]]::new()
$AllMailboxData = @($Mailboxes | Select-Object id, UPN, GrantSendOnBehalfTo)
-
- for ($i = 0; $i -lt $Mailboxes.Count; $i += $BatchSize) {
- $BatchMailboxes = $Mailboxes[$i..[Math]::Min($i + $BatchSize - 1, $Mailboxes.Count - 1)]
- $BatchMailboxUPNs = $BatchMailboxes | Select-Object -ExpandProperty UPN
- $BatchNumber = [Math]::Floor($i / $BatchSize) + 1
-
- # Add mailbox permissions batch if requested
- if ($Types -contains 'Permissions') {
+ $AllMailboxUPNs = @($Mailboxes | Select-Object -ExpandProperty UPN)
+
+ # Build permission batches (mailbox + calendar in their respective sizes)
+ if ($Types -contains 'Permissions') {
+ $TotalPermBatches = [Math]::Ceiling($Mailboxes.Count / $PermissionBatchSize)
+ for ($i = 0; $i -lt $Mailboxes.Count; $i += $PermissionBatchSize) {
+ $BatchMailboxUPNs = $AllMailboxUPNs[$i..[Math]::Min($i + $PermissionBatchSize - 1, $Mailboxes.Count - 1)]
+ $BatchNumber = [Math]::Floor($i / $PermissionBatchSize) + 1
$PermissionBatches.Add([PSCustomObject]@{
FunctionName = 'GetMailboxPermissionsBatch'
- QueueName = "Mailbox Permissions Batch $BatchNumber/$TotalBatches - $TenantFilter"
+ QueueName = "Mailbox Permissions Batch $BatchNumber/$TotalPermBatches - $TenantFilter"
TenantFilter = $TenantFilter
Mailboxes = $BatchMailboxUPNs
MailboxData = $AllMailboxData
BatchNumber = $BatchNumber
- TotalBatches = $TotalBatches
+ TotalBatches = $TotalPermBatches
})
}
+ }
- # Add calendar permissions batch if requested
- if ($Types -contains 'CalendarPermissions') {
+ if ($Types -contains 'CalendarPermissions') {
+ $TotalCalBatches = [Math]::Ceiling($Mailboxes.Count / $CalendarBatchSize)
+ for ($i = 0; $i -lt $Mailboxes.Count; $i += $CalendarBatchSize) {
+ $BatchMailboxUPNs = $AllMailboxUPNs[$i..[Math]::Min($i + $CalendarBatchSize - 1, $Mailboxes.Count - 1)]
+ $BatchNumber = [Math]::Floor($i / $CalendarBatchSize) + 1
$PermissionBatches.Add([PSCustomObject]@{
FunctionName = 'GetCalendarPermissionsBatch'
- QueueName = "Calendar Permissions Batch $BatchNumber/$TotalBatches - $TenantFilter"
+ QueueName = "Calendar Permissions Batch $BatchNumber/$TotalCalBatches - $TenantFilter"
TenantFilter = $TenantFilter
Mailboxes = $BatchMailboxUPNs
BatchNumber = $BatchNumber
- TotalBatches = $TotalBatches
+ TotalBatches = $TotalCalBatches
})
}
+ }
- # Add mailbox rules batch if requested
- if ($Types -contains 'Rules') {
+ # Build rules batches
+ if ($Types -contains 'Rules') {
+ $TotalRuleBatches = [Math]::Ceiling($Mailboxes.Count / $RulesBatchSize)
+ for ($i = 0; $i -lt $Mailboxes.Count; $i += $RulesBatchSize) {
+ $BatchMailboxUPNs = $AllMailboxUPNs[$i..[Math]::Min($i + $RulesBatchSize - 1, $Mailboxes.Count - 1)]
+ $BatchNumber = [Math]::Floor($i / $RulesBatchSize) + 1
$RuleBatches.Add([PSCustomObject]@{
FunctionName = 'GetMailboxRulesBatch'
- QueueName = "Mailbox Rules Batch $BatchNumber/$TotalBatches - $TenantFilter"
+ QueueName = "Mailbox Rules Batch $BatchNumber/$TotalRuleBatches - $TenantFilter"
TenantFilter = $TenantFilter
Mailboxes = $BatchMailboxUPNs
BatchNumber = $BatchNumber
- TotalBatches = $TotalBatches
+ TotalBatches = $TotalRuleBatches
})
}
}
diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1
index 70bd44d5ddd7..3848a446457c 100644
--- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1
+++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1
@@ -20,7 +20,20 @@ function Set-CIPPDefaultAPDeploymentProfile {
)
try {
- if ($Language -eq 'user-select') { $Language = '' }
+ if ($Language -in @('user-select', 'os-default')) { $Language = '' }
+
+ # userType in outOfBoxExperienceSetting is only valid for user-driven (singleUser) mode.
+ # The Intune API rejects it for self-deploying (shared) mode.
+ $OutOfBoxSetting = [ordered]@{
+ 'deviceUsageType' = "$DeploymentMode"
+ 'escapeLinkHidden' = $([bool]($true))
+ 'privacySettingsHidden' = $([bool]($HidePrivacy))
+ 'eulaHidden' = $([bool]($HideTerms))
+ 'keyboardSelectionPageSkipped' = $([bool]($AutoKeyboard))
+ }
+ if ($DeploymentMode -ne 'shared') {
+ $OutOfBoxSetting['userType'] = "$UserType"
+ }
$ObjBody = [pscustomobject]@{
'@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile'
@@ -32,14 +45,7 @@ function Set-CIPPDefaultAPDeploymentProfile {
'deviceType' = 'windowsPc'
'hardwareHashExtractionEnabled' = $([bool]($CollectHash))
'roleScopeTagIds' = @()
- 'outOfBoxExperienceSetting' = @{
- 'deviceUsageType' = "$DeploymentMode"
- 'escapeLinkHidden' = $([bool]($true))
- 'privacySettingsHidden' = $([bool]($HidePrivacy))
- 'eulaHidden' = $([bool]($HideTerms))
- 'userType' = "$UserType"
- 'keyboardSelectionPageSkipped' = $([bool]($AutoKeyboard))
- }
+ 'outOfBoxExperienceSetting' = $OutOfBoxSetting
}
$Body = ConvertTo-Json -InputObject $ObjBody -Depth 10
diff --git a/Modules/CIPPCore/Public/Set-CIPPMailboxRule.ps1 b/Modules/CIPPCore/Public/Set-CIPPMailboxRule.ps1
index 06dc1d126e59..1899220f7677 100644
--- a/Modules/CIPPCore/Public/Set-CIPPMailboxRule.ps1
+++ b/Modules/CIPPCore/Public/Set-CIPPMailboxRule.ps1
@@ -22,7 +22,7 @@
}
try {
- $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "$State-InboxRule" -Anchor $Username -cmdParams @{Identity = $RuleId; Mailbox = $UserId }
+ $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "$State-InboxRule" -Anchor $Username -cmdParams @{Identity = $RuleId}
Write-LogMessage -headers $Headers -API $APIName -message "Successfully set mailbox rule $($RuleName) for $($Username) to $($State)d" -Sev 'Info' -tenant $TenantFilter
# Update the cached rule if it exists (without calling Exchange again)
diff --git a/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1 b/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1
index 2fdcb5864535..4adcd4831f7e 100644
--- a/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1
+++ b/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1
@@ -15,6 +15,9 @@ function Set-CIPPUserJITAdmin {
.PARAMETER Roles
List of Role GUIDs to add or remove
+ .PARAMETER Groups
+ List of Group GUIDs to add or remove
+
.PARAMETER Action
Action to perform: Create, AddRoles, RemoveRoles, DeleteUser, DisableUser
@@ -38,8 +41,9 @@ function Set-CIPPUserJITAdmin {
[Parameter(Mandatory = $true)]
[hashtable]$User,
[string[]]$Roles,
+ [string[]]$Groups,
[Parameter(Mandatory = $true)]
- [ValidateSet('Create', 'AddRoles', 'RemoveRoles', 'DeleteUser', 'DisableUser')]
+ [ValidateSet('Create', 'AddRoles', 'AddGroups', 'AddRolesAndGroups', 'RemoveRoles', 'RemoveGroups', 'RemoveRolesAndGroups', 'DeleteUser', 'DisableUser')]
[string]$Action,
[datetime]$Expiration,
[datetime]$StartDate,
@@ -108,14 +112,22 @@ function Set-CIPPUserJITAdmin {
}
}
'AddRoles' {
- $Roles = $Roles | ForEach-Object {
- try {
- $Body = @{
- '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($UserObj.id)"
+ if ($Roles) {
+ $Roles | ForEach-Object {
+ try {
+ # Activate the directory role if not already active
+ try {
+ $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/directoryRoles" -tenantid $TenantFilter -body (@{ roleTemplateId = $_ } | ConvertTo-Json) -ErrorAction SilentlyContinue
+ } catch {}
+ $Body = @{
+ '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($UserObj.id)"
+ }
+ $Json = ConvertTo-Json -Depth 5 -InputObject $Body
+ $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/directoryRoles(roleTemplateId='$($_)')/members/`$ref" -tenantid $TenantFilter -body $Json -ErrorAction SilentlyContinue
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to add role $($_) to user $($UserObj.userPrincipalName): $($_.Exception.Message)" -Sev 'Error'
}
- $Json = ConvertTo-Json -Depth 5 -InputObject $Body
- $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/directoryRoles(roleTemplateId='$($_)')/members/`$ref" -tenantid $TenantFilter -body $Json -ErrorAction SilentlyContinue
- } catch {}
+ }
}
$UserEnabled = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)?`$select=accountEnabled" -tenantid $TenantFilter).accountEnabled
if (-not $UserEnabled) {
@@ -125,7 +137,9 @@ function Set-CIPPUserJITAdmin {
$Json = ConvertTo-Json -Depth 5 -InputObject $Body
try {
New-GraphPOSTRequest -type PATCH -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $TenantFilter -body $Json | Out-Null
- } catch {}
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to enable user $($UserObj.userPrincipalName): $($_.Exception.Message)" -Sev 'Error'
+ }
}
$CreatedBy = if ($Headers) {
([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails
@@ -148,17 +162,131 @@ function Set-CIPPUserJITAdmin {
Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' -LogData $LogData
return "Added admin roles to user $($UserObj.displayName) ($($UserObj.userPrincipalName))"
}
- 'RemoveRoles' {
- $Roles = $Roles | ForEach-Object {
+ 'AddGroups' {
+ if ($Groups) {
+ foreach ($GroupId in $Groups) {
+ try {
+ $Body = @{
+ '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($UserObj.id)"
+ }
+ $Json = ConvertTo-Json -Depth 5 -InputObject $Body
+ $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/groups/$GroupId/members/`$ref" -tenantid $TenantFilter -body $Json -ErrorAction SilentlyContinue
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to add user $($UserObj.userPrincipalName) to group $GroupId`: $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
+ }
+ $CreatedBy = if ($Headers) { ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails } else { 'Unknown' }
+ Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Enabled -Expiration $Expiration -StartDate $StartDate -Reason $Reason -CreatedBy $CreatedBy | Out-Null
+ $Message = "Added group memberships for user $($UserObj.displayName) ($($UserObj.userPrincipalName)). Reason: $Reason"
+ Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
+ return $Message
+ }
+ 'AddRolesAndGroups' {
+ # Add roles
+ if ($Roles) {
+ $Roles | ForEach-Object {
+ try {
+ # Activate the directory role if not already active
+ try {
+ $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/directoryRoles" -tenantid $TenantFilter -body (@{ roleTemplateId = $_ } | ConvertTo-Json) -ErrorAction SilentlyContinue
+ } catch {}
+ $Body = @{
+ '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($UserObj.id)"
+ }
+ $Json = ConvertTo-Json -Depth 5 -InputObject $Body
+ $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/directoryRoles(roleTemplateId='$($_)')/members/`$ref" -tenantid $TenantFilter -body $Json -ErrorAction SilentlyContinue
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to add role $($_) to user $($UserObj.userPrincipalName): $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
+ }
+ # Add groups
+ if ($Groups) {
+ foreach ($GroupId in $Groups) {
+ try {
+ $Body = @{
+ '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/$($UserObj.id)"
+ }
+ $Json = ConvertTo-Json -Depth 5 -InputObject $Body
+ $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/groups/$GroupId/members/`$ref" -tenantid $TenantFilter -body $Json -ErrorAction SilentlyContinue
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to add group $GroupId to user $($UserObj.userPrincipalName): $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
+ }
+ $UserEnabled = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)?`$select=accountEnabled" -tenantid $TenantFilter).accountEnabled
+ if (-not $UserEnabled) {
+ $Body = @{ accountEnabled = $true }
+ $Json = ConvertTo-Json -Depth 5 -InputObject $Body
try {
- $null = New-GraphPOSTRequest -type DELETE -uri "https://graph.microsoft.com/beta/directoryRoles(roleTemplateId='$($_)')/members/$($UserObj.id)/`$ref" -tenantid $TenantFilter
- } catch {}
+ New-GraphPOSTRequest -type PATCH -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $TenantFilter -body $Json | Out-Null
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to enable user $($UserObj.userPrincipalName): $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
+ $CreatedBy = if ($Headers) { ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails } else { 'Unknown' }
+ Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Enabled -Expiration $Expiration -StartDate $StartDate -Reason $Reason -CreatedBy $CreatedBy | Out-Null
+ $Message = "Added admin roles and group memberships for user $($UserObj.displayName) ($($UserObj.userPrincipalName)). Reason: $Reason"
+ Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
+ return $Message
+ }
+ 'RemoveRoles' {
+ if ($Roles) {
+ $Roles | ForEach-Object {
+ try {
+ $null = New-GraphPOSTRequest -type DELETE -uri "https://graph.microsoft.com/beta/directoryRoles(roleTemplateId='$($_)')/members/$($UserObj.id)/`$ref" -tenantid $TenantFilter
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to remove role $($_) from user $($UserObj.userPrincipalName): $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
}
Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Clear | Out-Null
$Message = "Removed admin roles from user $($UserObj.displayName) ($($UserObj.userPrincipalName))"
Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
return "Removed admin roles from user $($UserObj.displayName)"
}
+ 'RemoveGroups' {
+ if ($Groups) {
+ foreach ($GroupId in $Groups) {
+ try {
+ $null = New-GraphPOSTRequest -type DELETE -uri "https://graph.microsoft.com/beta/groups/$GroupId/members/$($UserObj.id)/`$ref" -tenantid $TenantFilter
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to remove user $($UserObj.userPrincipalName) from group $GroupId`: $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
+ }
+ Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Clear | Out-Null
+ $Message = "Removed group memberships from user $($UserObj.displayName) ($($UserObj.userPrincipalName))"
+ Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
+ return $Message
+ }
+ 'RemoveRolesAndGroups' {
+ # Remove roles
+ if ($Roles) {
+ $Roles | ForEach-Object {
+ try {
+ $null = New-GraphPOSTRequest -type DELETE -uri "https://graph.microsoft.com/beta/directoryRoles(roleTemplateId='$($_)')/members/$($UserObj.id)/`$ref" -tenantid $TenantFilter
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to remove role $($_) from user $($UserObj.userPrincipalName): $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
+ }
+ # Remove groups
+ if ($Groups) {
+ foreach ($GroupId in $Groups) {
+ try {
+ $null = New-GraphPOSTRequest -type DELETE -uri "https://graph.microsoft.com/beta/groups/$GroupId/members/$($UserObj.id)/`$ref" -tenantid $TenantFilter
+ } catch {
+ Write-LogMessage -API $APIName -tenant $TenantFilter -message "Failed to remove user $($UserObj.userPrincipalName) from group $GroupId`: $($_.Exception.Message)" -Sev 'Error'
+ }
+ }
+ }
+ Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Clear | Out-Null
+ $Message = "Removed admin roles and group memberships from user $($UserObj.displayName) ($($UserObj.userPrincipalName))"
+ Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
+ return $Message
+ }
'DeleteUser' {
try {
$null = New-GraphPOSTRequest -type DELETE -uri "https://graph.microsoft.com/beta/users/$($UserObj.userPrincipalName)" -tenantid $TenantFilter
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1
index 63fa43bc6ece..73e319cc92b3 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1
@@ -47,19 +47,24 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
# Get all fallback domains (onmicrosoft.com domains) and check if the DMARC record is set correctly
try {
- $Domains = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri 'https://admin.microsoft.com/admin/api/Domains/List' | Where-Object -Property Name -Like '*.onmicrosoft.com'
+ $DomainsResponse = New-GraphGetRequest -TenantID $Tenant -Uri 'https://graph.microsoft.com/beta/domains'
+ Write-Warning ($DomainsResponse | ConvertTo-Json -Depth 5)
+ $Domains = @($DomainsResponse | Where-Object { $_.id -like '*.onmicrosoft.com' } | ForEach-Object { $_.id })
+ Write-Information "Detected $($Domains.Count) MOERA domains: $($Domains -join ', ')"
$CurrentInfo = foreach ($Domain in $Domains) {
# Get current DNS records that matches _dmarc hostname and TXT type
- $RecordsResponse = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri "https://admin.microsoft.com/admin/api/Domains/Records?domainName=$($Domain.Name)"
- $AllRecords = $RecordsResponse | Select-Object -ExpandProperty DnsRecords
- $CurrentRecords = $AllRecords | Where-Object { $_.HostName -eq '_dmarc' -and $_.Type -eq 'TXT' }
- Write-Information "Found $($CurrentRecords.count) DMARC records for domain $($Domain.Name)"
+ $RecordsResponse = New-GraphGetRequest -TenantID $Tenant -Uri "https://graph.microsoft.com/beta/domains/$($Domain)/serviceConfigurationRecords"
+ $AllRecords = @($RecordsResponse)
+ $CurrentRecords = $AllRecords | Where-Object {
+ $_.recordType -ieq 'Txt' -and ($_.label -ieq '_dmarc' -or $_.label -ieq "_dmarc.$($Domain)")
+ }
+ Write-Information "Found $($CurrentRecords.count) DMARC records for domain $($Domain)"
if ($CurrentRecords.count -eq 0) {
#record not found, return a model with Match set to false
[PSCustomObject]@{
- DomainName = $Domain.Name
+ DomainName = $Domain
Match = $false
CurrentRecord = $null
}
@@ -67,24 +72,34 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
foreach ($CurrentRecord in $CurrentRecords) {
# Create variable matching the RecordModel used for comparison
$CurrentRecordModel = [PSCustomObject]@{
- HostName = $CurrentRecord.HostName
- TtlValue = $CurrentRecord.TtlValue
- Type = $CurrentRecord.Type
- Value = $CurrentRecord.Value
+ HostName = '_dmarc'
+ TtlValue = $CurrentRecord.ttl
+ Type = 'TXT'
+ Value = $CurrentRecord.text
}
# Compare the current record with the expected record model
if (!(Compare-Object -ReferenceObject $RecordModel -DifferenceObject $CurrentRecordModel -Property HostName, TtlValue, Type, Value)) {
[PSCustomObject]@{
- DomainName = $Domain.Name
+ DomainName = $Domain
Match = $true
- CurrentRecord = $CurrentRecord
+ CurrentRecord = [PSCustomObject]@{
+ HostName = '_dmarc'
+ TtlValue = $CurrentRecord.ttl
+ Type = 'TXT'
+ Value = $CurrentRecord.text
+ }
}
} else {
[PSCustomObject]@{
- DomainName = $Domain.Name
+ DomainName = $Domain
Match = $false
- CurrentRecord = $CurrentRecord
+ CurrentRecord = [PSCustomObject]@{
+ HostName = '_dmarc'
+ TtlValue = $CurrentRecord.ttl
+ Type = 'TXT'
+ Value = $CurrentRecord.text
+ }
}
}
}
@@ -106,45 +121,6 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
return $Message
}
- if ($Settings.remediate -eq $true) {
- if ($StateIsCorrect -eq $true) {
- Write-LogMessage -API 'Standards' -tenant $tenant -message 'DMARC record is already set for all MOERA (onmicrosoft.com) domains.' -sev Info
- } else {
- # Loop through each domain and set the DMARC record, existing misconfigured records and duplicates will be deleted
- foreach ($Domain in ($CurrentInfo | Sort-Object -Property DomainName -Unique)) {
- try {
- $DomainRecords = @($CurrentInfo | Where-Object -Property DomainName -EQ $Domain.DomainName)
- $HasMatchingRecord = $false
-
- # First, delete any non-matching records
- foreach ($Record in $DomainRecords) {
- if ($Record.CurrentRecord) {
- if ($Record.Match -eq $false) {
- # Delete incorrect record
- New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body ($Record.CurrentRecord | ConvertTo-Json -Compress) -AddedHeaders @{'x-http-method-override' = 'Delete' }
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Deleted incorrect DMARC record for domain $($Domain.DomainName)" -sev Info
- } else {
- # Record already matches, no need to add
- $HasMatchingRecord = $true
- }
- }
- }
-
- # Only add the record if we don't already have a matching one
- if (-not $HasMatchingRecord) {
- New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -type 'PUT' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body (@{RecordModel = $RecordModel } | ConvertTo-Json -Compress)
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Set DMARC record for domain $($Domain.DomainName)" -sev Info
- } else {
- Write-LogMessage -API 'Standards' -tenant $tenant -message "DMARC record already correctly set for domain $($Domain.DomainName)" -sev Info
- }
- } catch {
- $ErrorMessage = Get-CippException -Exception $_
- Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set DMARC record for domain $($Domain.DomainName): $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
- }
- }
- }
- }
-
if ($Settings.alert -eq $true) {
if ($StateIsCorrect -eq $true) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'DMARC record is already set for all MOERA (onmicrosoft.com) domains.' -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1
index 1c4a92c98977..6c8fa921541d 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1
@@ -69,7 +69,7 @@ function Invoke-CIPPStandardAutopilotProfile {
($CurrentConfig.outOfBoxExperienceSetting.deviceUsageType -eq $DeploymentMode) -and
($CurrentConfig.outOfBoxExperienceSetting.privacySettingsHidden -eq $Settings.HidePrivacy) -and
($CurrentConfig.outOfBoxExperienceSetting.eulaHidden -eq $Settings.HideTerms) -and
- ($CurrentConfig.outOfBoxExperienceSetting.userType -eq $userType) -and
+ ($DeploymentMode -eq 'shared' -or $CurrentConfig.outOfBoxExperienceSetting.userType -eq $userType) -and
($CurrentConfig.outOfBoxExperienceSetting.keyboardSelectionPageSkipped -eq $Settings.AutoKeyboard)
} catch {
$ErrorMessage = Get-CippException -Exception $_
@@ -78,15 +78,27 @@ function Invoke-CIPPStandardAutopilotProfile {
}
$CurrentValue = $CurrentConfig | Select-Object -Property displayName, description, deviceNameTemplate, locale, preprovisioningAllowed, hardwareHashExtractionEnabled, @{Name = 'outOfBoxExperienceSetting'; Expression = {
- [PSCustomObject]@{
+ $oobe = [PSCustomObject]@{
deviceUsageType = $_.outOfBoxExperienceSetting.deviceUsageType
privacySettingsHidden = $_.outOfBoxExperienceSetting.privacySettingsHidden
eulaHidden = $_.outOfBoxExperienceSetting.eulaHidden
- userType = $_.outOfBoxExperienceSetting.userType
keyboardSelectionPageSkipped = $_.outOfBoxExperienceSetting.keyboardSelectionPageSkipped
}
+ if ($DeploymentMode -ne 'shared') {
+ $oobe | Add-Member -NotePropertyName 'userType' -NotePropertyValue $_.outOfBoxExperienceSetting.userType
+ }
+ $oobe
}
}
+ $ExpectedOobe = [PSCustomObject]@{
+ deviceUsageType = $DeploymentMode
+ privacySettingsHidden = $Settings.HidePrivacy
+ eulaHidden = $Settings.HideTerms
+ keyboardSelectionPageSkipped = $Settings.AutoKeyboard
+ }
+ if ($DeploymentMode -ne 'shared') {
+ $ExpectedOobe | Add-Member -NotePropertyName 'userType' -NotePropertyValue $userType
+ }
$ExpectedValue = [PSCustomObject]@{
displayName = $Settings.DisplayName
description = $Settings.Description
@@ -94,13 +106,7 @@ function Invoke-CIPPStandardAutopilotProfile {
locale = $Settings.Languages.value
preprovisioningAllowed = $Settings.AllowWhiteGlove
hardwareHashExtractionEnabled = $Settings.CollectHash
- outOfBoxExperienceSetting = [PSCustomObject]@{
- deviceUsageType = $DeploymentMode
- privacySettingsHidden = $Settings.HidePrivacy
- eulaHidden = $Settings.HideTerms
- userType = $userType
- keyboardSelectionPageSkipped = $Settings.AutoKeyboard
- }
+ outOfBoxExperienceSetting = $ExpectedOobe
}
# Remediate if the state is not correct
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeployMailContact.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeployMailContact.ps1
index e264f723eb36..7fdd7dfb055d 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeployMailContact.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeployMailContact.ps1
@@ -54,20 +54,13 @@ function Invoke-CIPPStandardDeployMailContact {
return
}
- # Prepare contact data for reuse
- $ContactData = @{
- DisplayName = $Settings.DisplayName
- ExternalEmailAddress = $Settings.ExternalEmailAddress
- FirstName = $Settings.FirstName
- LastName = $Settings.LastName
- }
-
# Check if contact already exists
try {
$ExistingContact = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailContact' -cmdParams @{
Identity = $Settings.ExternalEmailAddress
ErrorAction = 'Stop'
}
+ $ExistingContactLookup = New-GraphGetRequest -tenantid $Tenant -uri "https://graph.microsoft.com/beta/contacts/$($ExistingContact.ExternalDirectoryObjectId)" -ErrorAction 'Stop'
} catch {
if ($_.Exception.Message -like "*couldn't be found*") {
$ExistingContact = $null
@@ -80,13 +73,33 @@ function Invoke-CIPPStandardDeployMailContact {
# Remediation
if ($Settings.remediate -eq $true -and -not $ExistingContact) {
try {
- $NewContactParams = $ContactData.Clone()
+ $NewContactParams = @{
+ Name = $Settings.DisplayName
+ ExternalEmailAddress = $Settings.ExternalEmailAddress
+ FirstName = $Settings.FirstName
+ LastName = $Settings.LastName
+ }
$NewContactParams.Name = $Settings.DisplayName
$null = New-ExoRequest -tenantid $Tenant -cmdlet 'New-MailContact' -cmdParams $NewContactParams
+ # I would like to update the contact object here but exchange replication delays make it unreliable, so instead it will alert on the discrepancy until the next run - Zac
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully created mail contact $($Settings.DisplayName) with email $($Settings.ExternalEmailAddress)" -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not create mail contact. $(Get-CippException -Exception $_).NormalizedError" -sev Error
}
+ } elseif ($Settings.remediate -eq $true -and $ExistingContact -and ($ExistingContactLookup.givenName -ne $Settings.FirstName -or $ExistingContactLookup.surname -ne $Settings.LastName -or $ExistingContactLookup.displayName -ne $Settings.DisplayName)) {
+ try {
+ $ContactParams = @{
+ Identity = $ExistingContact.Guid
+ DisplayName = $Settings.DisplayName
+ FirstName = $Settings.FirstName
+ LastName = $Settings.LastName
+ }
+ $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Contact' -cmdParams $ContactParams
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully updated contact properties for $($Settings.DisplayName)" -sev Info
+ # I would like to update the contact object here but exchange replication delays make it unreliable, so instead it will alert on the discrepancy until the next run - Zac
+ } catch {
+ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not update mail contact. $(Get-CippException -Exception $_).NormalizedError" -sev Error
+ }
}
# Alert
@@ -101,21 +114,19 @@ function Invoke-CIPPStandardDeployMailContact {
# Report
if ($Settings.report -eq $true) {
- $ReportData = $ContactData.Clone()
$ContactData = @{
DisplayName = $Settings.DisplayName
ExternalEmailAddress = $Settings.ExternalEmailAddress
FirstName = $Settings.FirstName ?? ''
LastName = $Settings.LastName ?? ''
}
- $CurrentValue = $ExistingContact | Select-Object DisplayName, ExternalEmailAddress, FirstName, LastName
$currentValue = @{
- DisplayName = $ExistingContact.displayName
+ DisplayName = $ExistingContactLookup.displayName
ExternalEmailAddress = ($ExistingContact.ExternalEmailAddress -replace 'SMTP:', '')
- FirstName = $ExistingContact.firstName ?? ''
- LastName = $ExistingContact.lastName ?? ''
+ FirstName = $ExistingContactLookup.givenName ?? ''
+ LastName = $ExistingContactLookup.surname ?? ''
}
- Add-CIPPBPAField -FieldName 'DeployMailContact' -FieldValue $ReportData -StoreAs json -Tenant $Tenant
- Set-CIPPStandardsCompareField -FieldName 'standards.DeployMailContact' -CurrentValue $CurrentValue -ExpectedValue $ReportData -Tenant $Tenant
+ Add-CIPPBPAField -FieldName 'DeployMailContact' -FieldValue $ContactData -StoreAs json -Tenant $Tenant
+ Set-CIPPStandardsCompareField -FieldName 'standards.DeployMailContact' -CurrentValue $CurrentValue -ExpectedValue $ContactData -Tenant $Tenant
}
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1
index f7c72a9f8675..fec27a83f821 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1
@@ -201,7 +201,23 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
}
if ($Settings.report -eq $true) {
- $CurrentValue = $CurrentState | Select-Object Name, EnableFileFilter, FileTypeAction, FileTypes, ZapEnabled, QuarantineTag, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress, EnableExternalSenderAdminNotifications, ExternalSenderAdminAddress
+ $CurrentValue = @{
+ Name = $CurrentState.Name
+ EnableFileFilter = $CurrentState.EnableFileFilter
+ FileTypeAction = $CurrentState.FileTypeAction
+ FileTypes = $CurrentState.FileTypes
+ ZapEnabled = $CurrentState.ZapEnabled
+ QuarantineTag = $CurrentState.QuarantineTag
+ EnableInternalSenderAdminNotifications = $CurrentState.EnableInternalSenderAdminNotifications
+ EnableExternalSenderAdminNotifications = $CurrentState.EnableExternalSenderAdminNotifications
+ }
+
+ if ($CurrentState.EnableInternalSenderAdminNotifications) {
+ $CurrentValue['InternalSenderAdminAddress'] = $CurrentState.InternalSenderAdminAddress
+ }
+ if ($CurrentState.EnableExternalSenderAdminNotifications) {
+ $CurrentValue['ExternalSenderAdminAddress'] = $CurrentState.ExternalSenderAdminAddress
+ }
$ExpectedValue = @{
Name = $PolicyName
@@ -211,10 +227,16 @@ function Invoke-CIPPStandardMalwareFilterPolicy {
ZapEnabled = $true
QuarantineTag = $Settings.QuarantineTag
EnableInternalSenderAdminNotifications = $Settings.EnableInternalSenderAdminNotifications
- InternalSenderAdminAddress = $Settings.InternalSenderAdminAddress
EnableExternalSenderAdminNotifications = $Settings.EnableExternalSenderAdminNotifications
- ExternalSenderAdminAddress = $Settings.ExternalSenderAdminAddress
}
+
+ if ($Settings.EnableInternalSenderAdminNotifications) {
+ $ExpectedValue['InternalSenderAdminAddress'] = $Settings.InternalSenderAdminAddress
+ }
+ if ($Settings.EnableExternalSenderAdminNotifications) {
+ $ExpectedValue['ExternalSenderAdminAddress'] = $Settings.ExternalSenderAdminAddress
+ }
+
Set-CIPPStandardsCompareField -FieldName 'standards.MalwareFilterPolicy' -CurrentValue $CurrentValue -ExpectedValue $ExpectedValue -TenantFilter $Tenant
Add-CIPPBPAField -FieldName 'MalwareFilterPolicy' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
}
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1
index 4a9d73a371d4..5d2c54ca3cfc 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1
@@ -195,7 +195,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy {
redirectAddress = $CurrentState.RedirectAddress
}
- $ExpectedValue = [pscustomobject]@{
+ $ExpectedValue = @{
name = $PolicyName
enable = $true
action = $Settings.SafeAttachmentAction
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1
index 37dd46c5c4a4..02654a3efd08 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1
@@ -281,7 +281,7 @@ function Invoke-CIPPStandardSpamFilterPolicy {
RegionBlockList = $CurrentState.RegionBlockList
AllowedSenderDomains = $CurrentState.AllowedSenderDomains
}
- $ExpectedValue = [pscustomobject]@{
+ $ExpectedValue = @{
Name = $PolicyName
SpamAction = $SpamAction
SpamQuarantineTag = $SpamQuarantineTag
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1
index 73b41f0eb62c..eeaf65b614e3 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1
@@ -24,7 +24,9 @@ function Invoke-CIPPStandardTeamsGlobalMeetingPolicy {
ADDEDCOMPONENT
{"type":"autoComplete","required":true,"multiple":false,"creatable":false,"name":"standards.TeamsGlobalMeetingPolicy.DesignatedPresenterRoleMode","label":"Default value of the `Who can present?`","options":[{"label":"Everyone","value":"EveryoneUserOverride"},{"label":"People in my organization","value":"EveryoneInCompanyUserOverride"},{"label":"People in my organization and trusted organizations","value":"EveryoneInSameAndFederatedCompanyUserOverride"},{"label":"Only organizer","value":"OrganizerOnlyUserOverride"}]}
{"type":"switch","name":"standards.TeamsGlobalMeetingPolicy.AllowAnonymousUsersToJoinMeeting","label":"Allow anonymous users to join meeting"}
+ {"type":"switch","name":"standards.TeamsGlobalMeetingPolicy.AllowAnonymousUsersToStartMeeting","label":"Allow anonymous users to start meeting"}
{"type":"autoComplete","required":false,"multiple":false,"creatable":false,"name":"standards.TeamsGlobalMeetingPolicy.AutoAdmittedUsers","label":"Who can bypass the lobby?","helperText":"If left blank, the current value will not be changed.","options":[{"label":"Only organizers and co-organizers","value":"OrganizerOnly"},{"label":"People in organization excluding guests","value":"EveryoneInCompanyExcludingGuests"},{"label":"People who were invited","value":"InvitedUsers"}]}
+ {"type":"switch","name":"standards.TeamsGlobalMeetingPolicy.AllowPSTNUsersToBypassLobby","label":"Allow dial-in users to bypass the lobby"}
{"type":"autoComplete","required":true,"multiple":false,"creatable":false,"name":"standards.TeamsGlobalMeetingPolicy.MeetingChatEnabledType","label":"Meeting chat policy","options":[{"label":"On for everyone","value":"Enabled"},{"label":"On for everyone but anonymous users","value":"EnabledExceptAnonymous"},{"label":"Off for everyone","value":"Disabled"}]}
{"type":"switch","name":"standards.TeamsGlobalMeetingPolicy.AllowExternalParticipantGiveRequestControl","label":"External participants can give or request control"}
{"type":"switch","name":"standards.TeamsGlobalMeetingPolicy.AllowParticipantGiveRequestControl","label":"Participants can give or request control"}
@@ -62,9 +64,9 @@ function Invoke-CIPPStandardTeamsGlobalMeetingPolicy {
$AutoAdmittedUsers = $Settings.AutoAdmittedUsers.value ?? $Settings.AutoAdmittedUsers ?? $CurrentState.AutoAdmittedUsers # Default to current state if not set, for backward compatibility pre v8.6.0
$StateIsCorrect = ($CurrentState.AllowAnonymousUsersToJoinMeeting -eq $Settings.AllowAnonymousUsersToJoinMeeting) -and
- ($CurrentState.AllowAnonymousUsersToStartMeeting -eq $false) -and
+ ($CurrentState.AllowAnonymousUsersToStartMeeting -eq $Settings.AllowAnonymousUsersToStartMeeting) -and
($CurrentState.AutoAdmittedUsers -eq $AutoAdmittedUsers) -and
- ($CurrentState.AllowPSTNUsersToBypassLobby -eq $false) -and
+ ($CurrentState.AllowPSTNUsersToBypassLobby -eq $Settings.AllowPSTNUsersToBypassLobby) -and
($CurrentState.MeetingChatEnabledType -eq $MeetingChatEnabledType) -and
($CurrentState.DesignatedPresenterRoleMode -eq $DesignatedPresenterRoleMode) -and
($CurrentState.AllowExternalParticipantGiveRequestControl -eq $Settings.AllowExternalParticipantGiveRequestControl) -and
@@ -78,9 +80,9 @@ function Invoke-CIPPStandardTeamsGlobalMeetingPolicy {
$cmdParams = @{
Identity = 'Global'
AllowAnonymousUsersToJoinMeeting = $Settings.AllowAnonymousUsersToJoinMeeting
- AllowAnonymousUsersToStartMeeting = $false
+ AllowAnonymousUsersToStartMeeting = $Settings.AllowAnonymousUsersToStartMeeting
AutoAdmittedUsers = $AutoAdmittedUsers
- AllowPSTNUsersToBypassLobby = $false
+ AllowPSTNUsersToBypassLobby = $Settings.AllowPSTNUsersToBypassLobby
MeetingChatEnabledType = $MeetingChatEnabledType
DesignatedPresenterRoleMode = $DesignatedPresenterRoleMode
AllowExternalParticipantGiveRequestControl = $Settings.AllowExternalParticipantGiveRequestControl
@@ -120,9 +122,9 @@ function Invoke-CIPPStandardTeamsGlobalMeetingPolicy {
}
$ExpectedValue = @{
AllowAnonymousUsersToJoinMeeting = $Settings.AllowAnonymousUsersToJoinMeeting
- AllowAnonymousUsersToStartMeeting = $false
+ AllowAnonymousUsersToStartMeeting = $Settings.AllowAnonymousUsersToStartMeeting
AutoAdmittedUsers = $AutoAdmittedUsers
- AllowPSTNUsersToBypassLobby = $false
+ AllowPSTNUsersToBypassLobby = $Settings.AllowPSTNUsersToBypassLobby
MeetingChatEnabledType = $MeetingChatEnabledType
DesignatedPresenterRoleMode = $DesignatedPresenterRoleMode
AllowExternalParticipantGiveRequestControl = $Settings.AllowExternalParticipantGiveRequestControl
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1
index 6a949fad057f..2f58454ae3e3 100644
--- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1
+++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1
@@ -252,7 +252,7 @@ function Invoke-CIPPStandardUserSubmissions {
} else {
@{
State = 'Enabled'
- SentTo = @($Email)
+ SentTo = $Email
}
}
}
diff --git a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1
index a9a9cf745444..b078eead2932 100644
--- a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1
+++ b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1
@@ -79,7 +79,7 @@ function Test-CIPPGDAPRelationships {
Issue = "$($ExpectedGroup) is not assigned to the SAM user $me. If you have migrated outside of CIPP this is to be expected. Please perform an access check to make sure you have the correct set of permissions."
Tenant = '*Partner Tenant'
Relationship = 'None'
- Link = 'https://docs.cipp.app/setup/gdap/troubleshooting#groups'
+ Link = 'https://docs.cipp.app/setup/installation/recommended-roles'
}) | Out-Null
$MissingGroups.Add([PSCustomObject]@{
@@ -94,7 +94,7 @@ function Test-CIPPGDAPRelationships {
Issue = "We only found $($CIPPGroupCount) of the 15 required groups. If you have migrated outside of CIPP this is to be expected. Please perform an access check to make sure you have the correct set of permissions."
Tenant = '*Partner Tenant'
Relationship = 'None'
- Link = 'https://docs.cipp.app/setup/gdap/troubleshooting#groups'
+ Link = 'https://docs.cipp.app/setup/installation/recommended-roles'
}) | Out-Null
}
diff --git a/Tools/Update-IntuneCollection.ps1 b/Tools/Update-IntuneCollection.ps1
new file mode 100644
index 000000000000..c2e2b8b53b7f
--- /dev/null
+++ b/Tools/Update-IntuneCollection.ps1
@@ -0,0 +1,107 @@
+<#
+.SYNOPSIS
+ Regenerates the intuneCollection.json lookup file from the Microsoft Graph API.
+
+.DESCRIPTION
+ Queries the Microsoft Graph beta endpoint for all Intune device management
+ configuration setting definitions and writes the result to intuneCollection.json
+ in both the CIPP-API root and CIPP/src/data directories.
+
+ The resulting file is used by Compare-CIPPIntuneObject.ps1 (backend) and
+ CippTemplateFieldRenderer.jsx / CippJSONView.jsx (frontend) to translate
+ raw settingDefinitionIds into human-readable display names.
+
+ Must be run from the "Tools" folder in the CIPP-API project, with
+ Initialize-DevEnvironment.ps1 already dot-sourced (or it will be loaded
+ automatically). Requires a valid CIPP-managed TenantId to obtain a Graph token.
+
+.PARAMETER TenantId
+ A tenant domain or GUID that CIPP manages. Used only to obtain a Graph
+ authentication token — the configurationSettings endpoint returns Microsoft's
+ global catalog, not tenant-specific data.
+
+.EXAMPLE
+ # From the Tools folder, after initialising your dev environment:
+ . .\Initialize-DevEnvironment.ps1
+ .\Update-IntuneCollection.ps1 -TenantId contoso.onmicrosoft.com
+
+.NOTES
+ Permissions required: DeviceManagementConfiguration.Read.All
+#>
+
+[CmdletBinding()]
+param(
+ [Parameter(Mandatory)]
+ [string]$TenantId
+)
+
+Set-StrictMode -Version Latest
+$ErrorActionPreference = 'Stop'
+
+# ---------------------------------------------------------------------------
+# Ensure the CIPP module is loaded
+# ---------------------------------------------------------------------------
+if (-not (Get-Module -Name CIPPCore)) {
+ Write-Host 'CIPPCore not loaded — running Initialize-DevEnvironment.ps1...' -ForegroundColor Yellow
+ . (Join-Path $PSScriptRoot 'Initialize-DevEnvironment.ps1')
+}
+
+# ---------------------------------------------------------------------------
+# Fetch all configurationSettings (New-GraphGetRequest auto-paginates)
+# ---------------------------------------------------------------------------
+Write-Host 'Fetching Intune configuration settings (this may take a while)...' -ForegroundColor Yellow
+
+$allSettings = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationSettings' -tenantid $TenantId -NoAuthCheck $true
+
+Write-Host "Total settings fetched: $($allSettings.Count)" -ForegroundColor Green
+
+# ---------------------------------------------------------------------------
+# Transform to the shape expected by CIPP
+# Shape: [{ id, displayName, options: [{id, displayName, description}] | null }]
+# ---------------------------------------------------------------------------
+Write-Host 'Transforming data...' -ForegroundColor Yellow
+
+$collection = $allSettings | Sort-Object -Property id | ForEach-Object {
+ $rawOptions = $_.PSObject.Properties['options']?.Value
+ $options = if ($rawOptions -and $rawOptions.Count -gt 0) {
+ $rawOptions | ForEach-Object {
+ [PSCustomObject]@{
+ id = $_.PSObject.Properties['itemId']?.Value
+ displayName = $_.PSObject.Properties['displayName']?.Value
+ description = $_.PSObject.Properties['description']?.Value
+ }
+ }
+ } else {
+ $null
+ }
+
+ [PSCustomObject]@{
+ id = $_.id
+ displayName = $_.displayName
+ options = $options
+ }
+}
+
+# ---------------------------------------------------------------------------
+# Write output files
+# ---------------------------------------------------------------------------
+Set-Location $PSScriptRoot
+
+$json = $collection | ConvertTo-Json -Depth 5
+
+# CIPP-API root (used by Compare-CIPPIntuneObject.ps1 at runtime)
+$apiPath = Join-Path $PSScriptRoot '..\intuneCollection.json'
+$json | Set-Content -Path $apiPath -Encoding utf8NoBOM
+Write-Host "Written: $(Resolve-Path $apiPath)" -ForegroundColor Green
+
+# CIPP frontend src/data (used by the React UI)
+$frontendPath = Join-Path $PSScriptRoot '..\..\CIPP\src\data\intuneCollection.json'
+if (Test-Path (Split-Path $frontendPath)) {
+ $json | Set-Content -Path $frontendPath -Encoding utf8NoBOM
+ Write-Host "Written: $(Resolve-Path $frontendPath)" -ForegroundColor Green
+} else {
+ Write-Host "CIPP frontend path not found — skipping: $frontendPath" -ForegroundColor Yellow
+ Write-Host "Copy $(Resolve-Path $apiPath) manually to your CIPP/src/data/ directory." -ForegroundColor Yellow
+}
+
+Write-Host "`nDone. $($collection.Count) settings written to intuneCollection.json." -ForegroundColor Green
diff --git a/host.json b/host.json
index 75920f8e7db8..75d9f008a66d 100644
--- a/host.json
+++ b/host.json
@@ -16,9 +16,9 @@
"distributedTracingEnabled": false,
"version": "None"
},
- "defaultVersion": "10.2.4",
+ "defaultVersion": "10.2.6",
"versionMatchStrategy": "Strict",
"versionFailureStrategy": "Fail"
}
}
-}
\ No newline at end of file
+}
diff --git a/intuneCollection.json b/intuneCollection.json
index 1c6291fefa62..c6d19ca27858 100644
--- a/intuneCollection.json
+++ b/intuneCollection.json
@@ -111,7 +111,7 @@
},
{
"id": "3~policy~microsoft_edge_targetblankimpliesnoopener",
- "displayName": "Do not set window.opener for links targeting _blank (User)",
+ "displayName": "Do not set window.opener for links targeting _blank (obsolete) (User)",
"options": [
{
"id": "3~policy~microsoft_edge_targetblankimpliesnoopener_0",
@@ -170,15 +170,24 @@
{
"id": "ade_authenticationmethod",
"displayName": "Intune authentication method",
+ "options": {
+ "id": "ade_authenticationmethod_2",
+ "displayName": "Setup Assistant with modern authentication",
+ "description": null
+ }
+ },
+ {
+ "id": "ade_awaitconfiguration_basic",
+ "displayName": "Await final configuration",
"options": [
{
- "id": "ade_authenticationmethod_2",
- "displayName": "Setup Assistant with modern authentication",
+ "id": "ade_awaitconfiguration_basic_0",
+ "displayName": "No",
"description": null
},
{
- "id": "ade_authenticationmethod_0",
- "displayName": "Company Portal",
+ "id": "ade_awaitconfiguration_basic_1",
+ "displayName": "Yes",
"description": null
}
]
@@ -267,6 +276,22 @@
}
]
},
+ {
+ "id": "ade_setupassistant_actionbutton",
+ "displayName": "Action Button",
+ "options": [
+ {
+ "id": "ade_setupassistant_actionbutton_0",
+ "displayName": "Hide",
+ "description": null
+ },
+ {
+ "id": "ade_setupassistant_actionbutton_1",
+ "displayName": "Show",
+ "description": null
+ }
+ ]
+ },
{
"id": "ade_setupassistant_androidmigration",
"displayName": "Android migration",
@@ -374,16 +399,16 @@
]
},
{
- "id": "ade_setupassistant_displaytone",
- "displayName": "Display Tone",
+ "id": "ade_setupassistant_enablelockdownmode",
+ "displayName": "Enable Lock down Mode",
"options": [
{
- "id": "ade_setupassistant_displaytone_0",
+ "id": "ade_setupassistant_enablelockdownmode_0",
"displayName": "Hide",
"description": null
},
{
- "id": "ade_setupassistant_displaytone_1",
+ "id": "ade_setupassistant_enablelockdownmode_1",
"displayName": "Show",
"description": null
}
@@ -405,22 +430,6 @@
}
]
},
- {
- "id": "ade_setupassistant_homebutton",
- "displayName": "Home button",
- "options": [
- {
- "id": "ade_setupassistant_homebutton_0",
- "displayName": "Hide",
- "description": null
- },
- {
- "id": "ade_setupassistant_homebutton_1",
- "displayName": "Show",
- "description": null
- }
- ]
- },
{
"id": "ade_setupassistant_imessagefacetime",
"displayName": "iMessage and FaceTime",
@@ -438,32 +447,32 @@
]
},
{
- "id": "ade_setupassistant_locationservices",
- "displayName": "Location services",
+ "id": "ade_setupassistant_intelligence",
+ "displayName": "Intelligence",
"options": [
{
- "id": "ade_setupassistant_locationservices_0",
+ "id": "ade_setupassistant_intelligence_0",
"displayName": "Hide",
"description": null
},
{
- "id": "ade_setupassistant_locationservices_1",
+ "id": "ade_setupassistant_intelligence_1",
"displayName": "Show",
"description": null
}
]
},
{
- "id": "ade_setupassistant_onboarding",
- "displayName": "Onboarding",
+ "id": "ade_setupassistant_locationservices",
+ "displayName": "Location services",
"options": [
{
- "id": "ade_setupassistant_onboarding_0",
+ "id": "ade_setupassistant_locationservices_0",
"displayName": "Hide",
"description": null
},
{
- "id": "ade_setupassistant_onboarding_1",
+ "id": "ade_setupassistant_locationservices_1",
"displayName": "Show",
"description": null
}
@@ -533,6 +542,22 @@
}
]
},
+ {
+ "id": "ade_setupassistant_safety",
+ "displayName": "Emergency SOS",
+ "options": [
+ {
+ "id": "ade_setupassistant_safety_0",
+ "displayName": "Hide",
+ "description": null
+ },
+ {
+ "id": "ade_setupassistant_safety_1",
+ "displayName": "Show",
+ "description": null
+ }
+ ]
+ },
{
"id": "ade_setupassistant_screentime",
"displayName": "Screen Time",
@@ -662,32 +687,32 @@
]
},
{
- "id": "ade_setupassistant_watchmigration",
- "displayName": "Watch migration",
+ "id": "ade_setupassistant_voiceselection",
+ "displayName": "Voice selection",
"options": [
{
- "id": "ade_setupassistant_watchmigration_0",
+ "id": "ade_setupassistant_voiceselection_0",
"displayName": "Hide",
"description": null
},
{
- "id": "ade_setupassistant_watchmigration_1",
+ "id": "ade_setupassistant_voiceselection_1",
"displayName": "Show",
"description": null
}
]
},
{
- "id": "ade_setupassistant_zoom",
- "displayName": "Zoom",
+ "id": "ade_setupassistant_watchmigration",
+ "displayName": "Watch migration",
"options": [
{
- "id": "ade_setupassistant_zoom_0",
+ "id": "ade_setupassistant_watchmigration_0",
"displayName": "Hide",
"description": null
},
{
- "id": "ade_setupassistant_zoom_1",
+ "id": "ade_setupassistant_watchmigration_1",
"displayName": "Show",
"description": null
}
@@ -735,6 +760,1244 @@
}
]
},
+ {
+ "id": "ade_useraffinitybasic",
+ "displayName": "User affinity",
+ "options": {
+ "id": "ade_useraffinitybasic_0",
+ "displayName": "Enroll without user affinity",
+ "description": null
+ }
+ },
+ {
+ "id": "apple_customprofile_profile",
+ "displayName": "Profile",
+ "options": null
+ },
+ {
+ "id": "audioaccessory_audioaccessory",
+ "displayName": "com.apple.configuration.audio-accessory.settings",
+ "options": null
+ },
+ {
+ "id": "audioaccessory_temporarypairing",
+ "displayName": "Temporary Pairing",
+ "options": null
+ },
+ {
+ "id": "audioaccessory_temporarypairing_configuration",
+ "displayName": "Configuration",
+ "options": null
+ },
+ {
+ "id": "audioaccessory_temporarypairing_configuration_unpairingtime",
+ "displayName": "Unpairing Time",
+ "options": null
+ },
+ {
+ "id": "audioaccessory_temporarypairing_configuration_unpairingtime_hour",
+ "displayName": "Hour",
+ "options": null
+ },
+ {
+ "id": "audioaccessory_temporarypairing_configuration_unpairingtime_policy",
+ "displayName": "Policy",
+ "options": [
+ {
+ "id": "audioaccessory_temporarypairing_configuration_unpairingtime_policy_0",
+ "displayName": "None",
+ "description": null
+ },
+ {
+ "id": "audioaccessory_temporarypairing_configuration_unpairingtime_policy_1",
+ "displayName": "Hour",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "audioaccessory_temporarypairing_disabled",
+ "displayName": "Disabled",
+ "options": [
+ {
+ "id": "audioaccessory_temporarypairing_disabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "audioaccessory_temporarypairing_disabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.accountsblockmodification",
+ "displayName": "Block account changes",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.accountsblockmodification_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.accountsblockmodification_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsallowinstallfromunknownsources",
+ "displayName": "Allow installation from unknown sources",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.appsallowinstallfromunknownsources_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsallowinstallfromunknownsources_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsautoupdatepolicy",
+ "displayName": "App auto-updates (work profile-level)",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.appsautoupdatepolicy_notconfigured",
+ "displayName": "Not configured",
+ "description": "Not configured; this value is ignored."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsautoupdatepolicy_userchoice",
+ "displayName": "User choice",
+ "description": "The user can control auto-updates."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsautoupdatepolicy_never",
+ "displayName": "Never",
+ "description": "Apps are never auto-updated."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsautoupdatepolicy_wifionly",
+ "displayName": "Wi-Fi only",
+ "description": "Apps are auto-updated over Wi-Fi only."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsautoupdatepolicy_always",
+ "displayName": "Always",
+ "description": "Apps are auto-updated at any time. Data charges may apply."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsblockinstallfromunknownsourcesaosp",
+ "displayName": "Block user from turning on unknown sources",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.appsblockinstallfromunknownsourcesaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsblockinstallfromunknownsourcesaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsdefaultpermissionpolicy",
+ "displayName": "Default permission policy (work profile-level)",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.appsdefaultpermissionpolicy_devicedefault",
+ "displayName": "Device default",
+ "description": "Device default value, no intent."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsdefaultpermissionpolicy_prompt",
+ "displayName": "Prompt",
+ "description": "Prompt."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsdefaultpermissionpolicy_autogrant",
+ "displayName": "Auto grant",
+ "description": "Auto grant."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsdefaultpermissionpolicy_autodeny",
+ "displayName": "Auto deny",
+ "description": "Auto deny."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsrecommendskippingfirstusehints",
+ "displayName": "Skip first use hints",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.appsrecommendskippingfirstusehints_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.appsrecommendskippingfirstusehints_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.assistcontentpolicy",
+ "displayName": "Block assist content sharing with privileged apps",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.assistcontentpolicy_false",
+ "displayName": "False",
+ "description": "Assist content is allowed to be sent to a privileged app."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.assistcontentpolicy_true",
+ "displayName": "True",
+ "description": "Assist content is blocked from being sent to a privileged app."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockconfiguration",
+ "displayName": "Block Bluetooth configuration",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockconfiguration_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockconfiguration_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockconfigurationaosp",
+ "displayName": "Block Bluetooth configuration",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockconfigurationaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockconfigurationaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockcontactsharing",
+ "displayName": "Block contact sharing via Bluetooth (work profile-level)",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockcontactsharing_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockcontactsharing_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblocked",
+ "displayName": "Block Bluetooth",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblocked_true",
+ "displayName": "True",
+ "description": "True"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblocked_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockedaosp",
+ "displayName": "Block Bluetooth",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockedaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.bluetoothblockedaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.camerablocked",
+ "displayName": "Block access to camera (work profile-level)",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.camerablocked_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.camerablocked_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.camerablockedaosp",
+ "displayName": "Block access to camera",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.camerablockedaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.camerablockedaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.cellularblockwifitethering",
+ "displayName": "Block tethering and access to hotspots",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.cellularblockwifitethering_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.cellularblockwifitethering_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.certificatecredentialconfigurationdisabled",
+ "displayName": "Block users from configuring credentials (work profile-level)",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.certificatecredentialconfigurationdisabled_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.certificatecredentialconfigurationdisabled_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowcopypaste",
+ "displayName": "Allow copy and paste between work and personal profiles ",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowcopypaste_false",
+ "displayName": "False",
+ "description": "false"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowcopypaste_true",
+ "displayName": "True",
+ "description": "true"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowdatasharing",
+ "displayName": "Data sharing between work and personal profile",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowdatasharing_notconfigured",
+ "displayName": "Device default",
+ "description": "Not configured; this value defaults to CROSS_PROFILE_DATA_SHARING_UNSPECIFIED."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowdatasharing_crossprofiledatasharingblocked",
+ "displayName": "Block all sharing between profiles",
+ "description": "Data cannot be shared from both the personal profile to work profile and the work profile to the personal profile."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowdatasharing_datasharingfromworktopersonalblocked",
+ "displayName": "Block sharing from work to personal profile",
+ "description": "Prevents users from sharing data from the work profile to apps in the personal profile. Personal data can be shared with work apps."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesallowdatasharing_crossprofiledatasharingallowed",
+ "displayName": "No restrictions on sharing",
+ "description": "Data from either profile can be shared with the other profile."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesshowworkcontactsinpersonalprofile",
+ "displayName": "Block searching of work contacts and displaying work contact caller-id in personal profile",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesshowworkcontactsinpersonalprofile_false",
+ "displayName": "False",
+ "description": "false"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.crossprofilepoliciesshowworkcontactsinpersonalprofile_true",
+ "displayName": "True",
+ "description": "true"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.dataroamingblocked",
+ "displayName": "Block roaming data services",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.dataroamingblocked_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.dataroamingblocked_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.datetimeconfigurationblocked",
+ "displayName": "Block date and time changes",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.datetimeconfigurationblocked_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.datetimeconfigurationblocked_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.enterprisedisplaynamevisibility",
+ "displayName": "Hide organization name",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.enterprisedisplaynamevisibility_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.enterprisedisplaynamevisibility_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.factoryresetblocked",
+ "displayName": "Block factory reset",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.factoryresetblocked_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.factoryresetblocked_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.factoryresetblockedaosp",
+ "displayName": "Block factory reset",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.factoryresetblockedaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.factoryresetblockedaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.locationmode",
+ "displayName": "Block location",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.locationmode_notconfigured",
+ "displayName": "False",
+ "description": "No restrictions on the location setting and no specific behavior is set or enforced. This is the default."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.locationmode_disabled",
+ "displayName": "True",
+ "description": "Location setting is disabled on the device."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.microphoneforcemute",
+ "displayName": "Block microphone adjustment",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.microphoneforcemute_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.microphoneforcemute_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.networkescapehatchallowed",
+ "displayName": "Allow network escape hatch",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.networkescapehatchallowed_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.networkescapehatchallowed_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.nfcblockoutgoingbeam",
+ "displayName": "Block beaming data from apps using NFC (work profile-level)",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.nfcblockoutgoingbeam_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.nfcblockoutgoingbeam_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordblockkeyguard",
+ "displayName": "Disable lock screen",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordblockkeyguard_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordblockkeyguard_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordexpirationdays",
+ "displayName": "Number of days until password expires",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumlength",
+ "displayName": "Minimum password length",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumlengthaosp",
+ "displayName": "Minimum password length",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumlettercharacters",
+ "displayName": "Number of characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumlowercasecharacters",
+ "displayName": "Number of lowercase characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumnonlettercharacters",
+ "displayName": "Number of non-letter characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumnumericcharacters",
+ "displayName": "Number of numeric characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumsymbolcharacters",
+ "displayName": "Number of symbol characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminimumuppercasecharacters",
+ "displayName": "Number of uppercase characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminutesofinactivitybeforescreentimeoutaosp",
+ "displayName": "Maximum minutes of inactivity until screen locks",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminutesofinactivitybeforescreentimeoutaosp_1minute",
+ "displayName": "1 Minute",
+ "description": "Screen Timeout after 1 Minute of Inactivity"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminutesofinactivitybeforescreentimeoutaosp_5minutes",
+ "displayName": "5 Minutes",
+ "description": "Screen Timeout after 5 Minutes of Inactivity"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminutesofinactivitybeforescreentimeoutaosp_15minutes",
+ "displayName": "15 Minutes",
+ "description": "Screen Timeout after 15 Minutes of Inactivity"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminutesofinactivitybeforescreentimeoutaosp_30minutes",
+ "displayName": "30 Minutes",
+ "description": "Screen Timeout after 30 Minutes of Inactivity"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordminutesofinactivitybeforescreentimeoutaosp_1hour",
+ "displayName": "1 Hour",
+ "description": "Screen Timeout after 1 Hour of Inactivity"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordpreviouspasswordcounttoblock",
+ "displayName": "Number of passwords required before user can reuse a password",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype",
+ "displayName": "Required password type",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_devicedefault",
+ "displayName": "Device default",
+ "description": "Device default value, no intent."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_required",
+ "displayName": "Password required, no restrictions",
+ "description": "There must be a password set, but there are no restrictions on type."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_lowsecuritybiometric",
+ "displayName": "Weak Biometric",
+ "description": "Low security biometrics based password required."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_numeric",
+ "displayName": "Numeric",
+ "description": "At least numeric."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_numericcomplex",
+ "displayName": "Numeric Complex",
+ "description": "At least numeric with no repeating or ordered sequences."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_alphabetic",
+ "displayName": "Alphabetic",
+ "description": "At least alphabetic password."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_alphanumeric",
+ "displayName": "Alphanumeric",
+ "description": "At least alphanumeric password"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtype_alphanumericwithsymbols",
+ "displayName": "Alphanumeric with symbols",
+ "description": "At least alphanumeric with symbols."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp",
+ "displayName": "Required password type",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_devicedefault",
+ "displayName": "Device default",
+ "description": "Device default value, no intent."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_required",
+ "displayName": "Password required, no restrictions",
+ "description": "There must be a password set, but there are no restrictions on type."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_lowsecuritybiometric",
+ "displayName": "Weak Biometric",
+ "description": "Low security biometrics based password required."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_numeric",
+ "displayName": "Numeric",
+ "description": "At least numeric."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_numericcomplex",
+ "displayName": "Numeric Complex",
+ "description": "At least numeric with no repeating or ordered sequences."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_alphabetic",
+ "displayName": "Alphabetic",
+ "description": "At least alphabetic password."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_alphanumeric",
+ "displayName": "Alphanumeric",
+ "description": "At least alphanumeric password"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequiredtypeaosp_alphanumericwithsymbols",
+ "displayName": "Alphanumeric with symbols",
+ "description": "At least alphanumeric with symbols."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequireunlock",
+ "displayName": "Required unlock frequency",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequireunlock_devicedefault",
+ "displayName": "Device default",
+ "description": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordrequireunlock_requiredpasswordunlockdailyoption",
+ "displayName": "24 hours since last PIN, password, or pattern unlock",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordsigninfailurecountbeforefactoryreset",
+ "displayName": "Number of sign-in failures before wiping device",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.passwordsigninfailurecountbeforefactoryresetaosp",
+ "displayName": "Number of sign-in failures before wiping device",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofileappsallowinstallfromunknownsources",
+ "displayName": "Allow users to enable app installation from unknown sources in the personal profile",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofileappsallowinstallfromunknownsources_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofileappsallowinstallfromunknownsources_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofilecamerablocked",
+ "displayName": "Block camera",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofilecamerablocked_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofilecamerablocked_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofilescreencaptureblocked",
+ "displayName": "Block screen capture",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofilescreencaptureblocked_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.personalprofilescreencaptureblocked_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.privatespacepolicy",
+ "displayName": "Block private space",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.privatespacepolicy_allowed",
+ "displayName": "False",
+ "description": "Users can create a private space profile."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.privatespacepolicy_disallowed",
+ "displayName": "True",
+ "description": "Users cannot create a private space profile. Supported only for company-owned devices with a work profile. Caution: Any existing private space will be removed."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.screencaptureblocked",
+ "displayName": "Block screen capture",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.screencaptureblocked_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.screencaptureblocked_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.screencaptureblockedaosp",
+ "displayName": "Block screen capture",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.screencaptureblockedaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.screencaptureblockedaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securityallowdebuggingfeaturesaosp",
+ "displayName": "Allow users to turn on debugging features",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.securityallowdebuggingfeaturesaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securityallowdebuggingfeaturesaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securitycommoncriteriamodeenabled",
+ "displayName": "Require Common Criteria mode",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.securitycommoncriteriamodeenabled_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securitycommoncriteriamodeenabled_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securitydevelopersettingsenabled",
+ "displayName": "Allow access to developer settings",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.securitydevelopersettingsenabled_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securitydevelopersettingsenabled_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securityrequireverifyapps",
+ "displayName": "Require threat scan on apps",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.securityrequireverifyapps_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.securityrequireverifyapps_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.statusbarblocked",
+ "displayName": "Block access to status bar",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.statusbarblocked_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.statusbarblocked_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageallowusb",
+ "displayName": "Allow USB storage",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.storageallowusb_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageallowusb_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockexternalmedia",
+ "displayName": "Block mounting of external media",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockexternalmedia_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockexternalmedia_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockexternalmediaaosp",
+ "displayName": "Block mounting of external media",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockexternalmediaaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockexternalmediaaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockusbfiletransferaosp",
+ "displayName": "Block USB file transfer",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockusbfiletransferaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.storageblockusbfiletransferaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.systemwindowsblocked",
+ "displayName": "Block notification windows",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.systemwindowsblocked_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.systemwindowsblocked_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.usbdataaccess",
+ "displayName": "USB access",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.usbdataaccess_allowusbdatatransfer",
+ "displayName": "Allow USB data transfer",
+ "description": "All types of USB data transfers are allowed. usbFileTransferDisabled is ignored."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.usbdataaccess_disallowusbfiletransfer",
+ "displayName": "Disallow USB file transfer",
+ "description": "Transferring files over USB is disallowed. Other types of USB data connections, such as mouse and keyboard connection, are allowed. usbFileTransferDisabled is ignored."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.usbdataaccess_disallowusbdatatransfer",
+ "displayName": "Disallow USB data transfer",
+ "description": "When set, all types of USB data transfers are prohibited. Supported for devices running Android 12 or above with USB HAL 1.3 or above. If the setting is not supported, DISALLOW_USB_FILE_TRANSFER will be set. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 12. A NonComplianceDetail with DEVICE_INCOMPATIBLE is reported if the device does not have USB HAL 1.3 or above. usbFileTransferDisabled is ignored."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.volumeblockadjustment",
+ "displayName": "Block volume changes",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.volumeblockadjustment_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.volumeblockadjustment_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditconfigurations",
+ "displayName": "Block Wi-Fi access point configuration",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditconfigurations_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditconfigurations_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditconfigurationsaosp",
+ "displayName": "Block Wi-Fi setting changes",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditconfigurationsaosp_false",
+ "displayName": "False",
+ "description": "False"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditconfigurationsaosp_true",
+ "displayName": "True",
+ "description": "True"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditpolicydefinedconfigurations",
+ "displayName": "Block Wi-Fi setting changes",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditpolicydefinedconfigurations_true",
+ "displayName": "True",
+ "description": "true"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifiblockeditpolicydefinedconfigurations_false",
+ "displayName": "False",
+ "description": "false"
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifidirectsettings",
+ "displayName": "Block Wi-Fi Direct",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.wifidirectsettings_allowed",
+ "displayName": "False",
+ "description": "The user is allowed to use Wi-Fi direct."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.wifidirectsettings_disallowed",
+ "displayName": "True",
+ "description": "The user is not allowed to use Wi-Fi direct. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordexpirationdays",
+ "displayName": "Number of days until password expires",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordminimumlength",
+ "displayName": "Minimum password length",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordminimumlettercharacters",
+ "displayName": "Number of characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordminimumlowercasecharacters",
+ "displayName": "Number of lowercase characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordminimumnonlettercharacters",
+ "displayName": "Number of non-letter characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordminimumnumericcharacters",
+ "displayName": "Number of numeric characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordminimumsymbolcharacters",
+ "displayName": "Number of symbol characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordminimumuppercasecharacters",
+ "displayName": "Number of uppercase characters required",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordpreviouspasswordcounttoblock",
+ "displayName": "Number of passwords required before user can reuse a password",
+ "options": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype",
+ "displayName": "Required password type",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_devicedefault",
+ "displayName": "Device default",
+ "description": "Device default value, no intent."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_required",
+ "displayName": "Password required, no restrictions",
+ "description": "There must be a password set, but there are no restrictions on type."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_lowsecuritybiometric",
+ "displayName": "Weak Biometric",
+ "description": "Low security biometrics based password required."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_numeric",
+ "displayName": "Numeric",
+ "description": "At least numeric."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_numericcomplex",
+ "displayName": "Numeric Complex",
+ "description": "At least numeric with no repeating or ordered sequences."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_alphabetic",
+ "displayName": "Alphabetic",
+ "description": "At least alphabetic password."
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_alphanumeric",
+ "displayName": "Alphanumeric",
+ "description": "At least alphanumeric password"
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequiredtype_alphanumericwithsymbols",
+ "displayName": "Alphanumeric with symbols",
+ "description": "At least alphanumeric with symbols."
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequireunlock",
+ "displayName": "Required unlock frequency",
+ "options": [
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequireunlock_devicedefault",
+ "displayName": "Device default",
+ "description": null
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordrequireunlock_requiredpasswordunlockdailyoption",
+ "displayName": "24 hours since last PIN, password, or pattern unlock",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.android.devicerestrictionpolicy.workprofilepasswordsigninfailurecountbeforefactoryreset",
+ "displayName": "Number of sign-in failures before wiping device",
+ "options": null
+ },
{
"id": "com.apple.airplay_allowlist",
"displayName": "Allow List",
@@ -742,7 +2005,12 @@
},
{
"id": "com.apple.airplay_allowlist_item_deviceid",
- "displayName": "Device ID",
+ "displayName": "Device ID (Deprecated)",
+ "options": null
+ },
+ {
+ "id": "com.apple.airplay_allowlist_item_devicename",
+ "displayName": "Device Name",
"options": null
},
{
@@ -811,7 +2079,11 @@
"displayName": "Top Level Setting Group Collection",
"options": null
},
- { "id": "com.apple.app.lock_app", "displayName": "App", "options": null },
+ {
+ "id": "com.apple.app.lock_app",
+ "displayName": "App",
+ "options": null
+ },
{
"id": "com.apple.app.lock_app_identifier",
"displayName": "App Identifier",
@@ -1120,27 +2392,6 @@
"displayName": "Top Level Setting Group Collection",
"options": null
},
- {
- "id": "com.apple.applicationaccess.new_com.apple.applicationaccess.new",
- "displayName": "Top Level Setting Group Collection",
- "options": null
- },
- {
- "id": "com.apple.applicationaccess.new_familycontrolsenabled",
- "displayName": "Family Controls Enabled",
- "options": [
- {
- "id": "com.apple.applicationaccess.new_familycontrolsenabled_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.applicationaccess.new_familycontrolsenabled_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
{
"id": "com.apple.applicationaccess_allowaccountmodification",
"displayName": "Allow Account Modification",
@@ -1211,12 +2462,12 @@
"options": [
{
"id": "com.apple.applicationaccess_allowairplayincomingrequests_false",
- "displayName": "Disabled",
+ "displayName": "False",
"description": null
},
{
"id": "com.apple.applicationaccess_allowairplayincomingrequests_true",
- "displayName": "Enabled",
+ "displayName": "True",
"description": null
}
]
@@ -1317,6 +2568,22 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess_allowappleintelligencereport",
+ "displayName": "Allow Apple Intelligence Report",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowappleintelligencereport_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowappleintelligencereport_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.applicationaccess_allowapplepersonalizedadvertising",
"displayName": "Allow Apple Personalized Advertising",
@@ -1893,6 +3160,38 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess_allowdefaultcallingappmodification",
+ "displayName": "Allow Default Calling App Modification",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowdefaultcallingappmodification_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowdefaultcallingappmodification_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.applicationaccess_allowdefaultmessagingappmodification",
+ "displayName": "Allow Default Messaging App Modification",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowdefaultmessagingappmodification_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowdefaultmessagingappmodification_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.applicationaccess_allowdefinitionlookup",
"displayName": "Allow Definition Lookup",
@@ -1973,6 +3272,16 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess_allowedcamerarestrictionbundleids",
+ "displayName": "Allowed Camera Restriction Bundle IDs",
+ "options": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowedexternalintelligenceworkspaceids",
+ "displayName": "Allowed External Intelligence Workspace IDs",
+ "options": null
+ },
{
"id": "com.apple.applicationaccess_allowenablingrestrictions",
"displayName": "Allow Enabling Restrictions",
@@ -2071,16 +3380,16 @@
},
{
"id": "com.apple.applicationaccess_allowesimoutgoingtransfers",
- "displayName": "allow ESIM Outgoing Transfers",
+ "displayName": "Allow ESIM Outgoing Transfers",
"options": [
{
"id": "com.apple.applicationaccess_allowesimoutgoingtransfers_false",
- "displayName": "Disabled",
+ "displayName": "False",
"description": null
},
{
"id": "com.apple.applicationaccess_allowesimoutgoingtransfers_true",
- "displayName": "Enabled",
+ "displayName": "True",
"description": null
}
]
@@ -2279,7 +3588,7 @@
},
{
"id": "com.apple.applicationaccess_allowgenmoji",
- "displayName": "allow Genmoji",
+ "displayName": "Allow Genmoji",
"options": [
{
"id": "com.apple.applicationaccess_allowgenmoji_false",
@@ -2570,6 +3879,22 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess_allowmailsmartreplies",
+ "displayName": "Allow Mail Smart Replies",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowmailsmartreplies_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowmailsmartreplies_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.applicationaccess_allowmailsummary",
"displayName": "Allow Mail Summary",
@@ -2620,16 +3945,16 @@
},
{
"id": "com.apple.applicationaccess_allowmarketplaceappinstallation",
- "displayName": "allow Marketplace App Installation",
+ "displayName": "Allow Marketplace App Installation",
"options": [
{
"id": "com.apple.applicationaccess_allowmarketplaceappinstallation_false",
- "displayName": "Disabled",
+ "displayName": "False",
"description": null
},
{
"id": "com.apple.applicationaccess_allowmarketplaceappinstallation_true",
- "displayName": "Enabled",
+ "displayName": "True",
"description": null
}
]
@@ -2714,6 +4039,38 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess_allownotestranscription",
+ "displayName": "Allow Notes Transcription",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allownotestranscription_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allownotestranscription_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.applicationaccess_allownotestranscriptionsummary",
+ "displayName": "Allow Notes Transcription Summary",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allownotestranscriptionsummary_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allownotestranscriptionsummary_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.applicationaccess_allownotificationsmodification",
"displayName": "Allow Notifications Modification",
@@ -3004,7 +4361,7 @@
},
{
"id": "com.apple.applicationaccess_allowrapidsecurityresponseinstallation",
- "displayName": "Allow Rapid Security Response Installation",
+ "displayName": "Allow Background Security Improvement Installation (Deprecated)",
"options": [
{
"id": "com.apple.applicationaccess_allowrapidsecurityresponseinstallation_false",
@@ -3020,7 +4377,7 @@
},
{
"id": "com.apple.applicationaccess_allowrapidsecurityresponseremoval",
- "displayName": "Allow Rapid Security Response Removal",
+ "displayName": "Allow Background Security Improvement Removal (Deprecated)",
"options": [
{
"id": "com.apple.applicationaccess_allowrapidsecurityresponseremoval_false",
@@ -3098,6 +4455,70 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess_allowsafarihistoryclearing",
+ "displayName": "Allow Safari History Clearing",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowsafarihistoryclearing_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowsafarihistoryclearing_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.applicationaccess_allowsafariprivatebrowsing",
+ "displayName": "Allow Safari Private Browsing",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowsafariprivatebrowsing_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowsafariprivatebrowsing_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.applicationaccess_allowsafarisummary",
+ "displayName": "Allow Safari Summary",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowsafarisummary_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowsafarisummary_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.applicationaccess_allowsatelliteconnection",
+ "displayName": "Allow Satellite Connection",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowsatelliteconnection_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowsatelliteconnection_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.applicationaccess_allowscreenshot",
"displayName": "Allow Screen Shot",
@@ -3370,6 +4791,22 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess_allowvisualintelligencesummary",
+ "displayName": "Allow Visual Intelligence Summary",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess_allowvisualintelligencesummary_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_allowvisualintelligencesummary_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.applicationaccess_allowvoicedialing",
"displayName": "Allow Voice Dialing (Deprecated)",
@@ -3420,16 +4857,16 @@
},
{
"id": "com.apple.applicationaccess_allowwebdistributionappinstallation",
- "displayName": "allow Web Distribution App Installation",
+ "displayName": "Allow Web Distribution App Installation",
"options": [
{
"id": "com.apple.applicationaccess_allowwebdistributionappinstallation_false",
- "displayName": "Disabled",
+ "displayName": "False",
"description": null
},
{
"id": "com.apple.applicationaccess_allowwebdistributionappinstallation_true",
- "displayName": "Enabled",
+ "displayName": "True",
"description": null
}
]
@@ -3465,6 +4902,16 @@
"displayName": "Top Level Setting Group Collection",
"options": null
},
+ {
+ "id": "com.apple.applicationaccess_deniediccidsforimessagefacetime",
+ "displayName": "Denied ICCIDs For iMessage And FaceTime",
+ "options": null
+ },
+ {
+ "id": "com.apple.applicationaccess_deniediccidsforrcs",
+ "displayName": "Denied ICCIDs For RCS",
+ "options": null
+ },
{
"id": "com.apple.applicationaccess_enforcedfingerprinttimeout",
"displayName": "Enforced Fingerprint Timeout",
@@ -3472,22 +4919,22 @@
},
{
"id": "com.apple.applicationaccess_enforcedsoftwareupdatedelay",
- "displayName": "Enforced Software Update Delay",
+ "displayName": "Enforced Software Update Delay (Deprecated)",
"options": null
},
{
"id": "com.apple.applicationaccess_enforcedsoftwareupdatemajorosdeferredinstalldelay",
- "displayName": "Enforced Software Update Major OS Deferred Install Delay",
+ "displayName": "Enforced Software Update Major OS Deferred Install Delay (Deprecated)",
"options": null
},
{
"id": "com.apple.applicationaccess_enforcedsoftwareupdateminorosdeferredinstalldelay",
- "displayName": "Enforced Software Update Minor OS Deferred Install Delay",
+ "displayName": "Enforced Software Update Minor OS Deferred Install Delay (Deprecated)",
"options": null
},
{
"id": "com.apple.applicationaccess_enforcedsoftwareupdatenonosdeferredinstalldelay",
- "displayName": "Enforced Software Update Non OS Deferred Install Delay",
+ "displayName": "Enforced Software Update Non OS Deferred Install Delay (Deprecated)",
"options": null
},
{
@@ -3668,7 +5115,7 @@
},
{
"id": "com.apple.applicationaccess_forcedelayedappsoftwareupdates",
- "displayName": "Force Delayed App Software Updates",
+ "displayName": "Force Delayed App Software Updates (Deprecated)",
"options": [
{
"id": "com.apple.applicationaccess_forcedelayedappsoftwareupdates_false",
@@ -3684,7 +5131,7 @@
},
{
"id": "com.apple.applicationaccess_forcedelayedmajorsoftwareupdates",
- "displayName": "Force Delayed Major Software Updates",
+ "displayName": "Force Delayed Major Software Updates (Deprecated)",
"options": [
{
"id": "com.apple.applicationaccess_forcedelayedmajorsoftwareupdates_false",
@@ -3700,7 +5147,7 @@
},
{
"id": "com.apple.applicationaccess_forcedelayedsoftwareupdates",
- "displayName": "Force Delayed Software Updates",
+ "displayName": "Force Delayed Software Updates (Deprecated)",
"options": [
{
"id": "com.apple.applicationaccess_forcedelayedsoftwareupdates_false",
@@ -3869,26 +5316,111 @@
},
{
"id": "com.apple.applicationaccess_ratingappsau_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsau_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsau_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsau_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsau_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsau_22",
"displayName": "All",
"description": null
}
@@ -3905,26 +5437,111 @@
},
{
"id": "com.apple.applicationaccess_ratingappsca_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsca_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsca_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsca_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsca_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsca_22",
"displayName": "All",
"description": null
}
@@ -3941,31 +5558,121 @@
},
{
"id": "com.apple.applicationaccess_ratingappsde_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsde_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsde_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsde_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsde_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsde_22",
"displayName": "All",
"description": null
}
]
},
+ {
+ "id": "com.apple.applicationaccess_ratingappsexemptedbundleids",
+ "displayName": "Rating Apps Exempted Bundle IDs",
+ "options": null
+ },
{
"id": "com.apple.applicationaccess_ratingappsfr",
"displayName": "Rating Apps - France",
@@ -3977,26 +5684,111 @@
},
{
"id": "com.apple.applicationaccess_ratingappsfr_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsfr_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsfr_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsfr_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsfr_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsfr_22",
"displayName": "All",
"description": null
}
@@ -4013,26 +5805,111 @@
},
{
"id": "com.apple.applicationaccess_ratingappsgb_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsgb_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsgb_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsgb_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsgb_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsgb_22",
"displayName": "All",
"description": null
}
@@ -4049,26 +5926,111 @@
},
{
"id": "com.apple.applicationaccess_ratingappsie_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsie_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsie_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsie_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsie_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsie_22",
"displayName": "All",
"description": null
}
@@ -4085,26 +6047,111 @@
},
{
"id": "com.apple.applicationaccess_ratingappsjp_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsjp_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsjp_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsjp_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsjp_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsjp_22",
"displayName": "All",
"description": null
}
@@ -4121,26 +6168,111 @@
},
{
"id": "com.apple.applicationaccess_ratingappsnz_1",
- "displayName": "4+",
+ "displayName": "1+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsnz_2",
- "displayName": "9+",
+ "displayName": "2+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsnz_3",
- "displayName": "12+",
+ "displayName": "3+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsnz_4",
- "displayName": "17+",
+ "displayName": "4+",
"description": null
},
{
"id": "com.apple.applicationaccess_ratingappsnz_5",
+ "displayName": "5+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_6",
+ "displayName": "6+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_7",
+ "displayName": "7+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_8",
+ "displayName": "8+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_9",
+ "displayName": "9+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_10",
+ "displayName": "10+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_11",
+ "displayName": "11+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_12",
+ "displayName": "12+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_13",
+ "displayName": "13+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_14",
+ "displayName": "14+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_15",
+ "displayName": "15+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_16",
+ "displayName": "16+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_17",
+ "displayName": "17+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_18",
+ "displayName": "18+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_19",
+ "displayName": "19+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_20",
+ "displayName": "20+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_21",
+ "displayName": "21+",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess_ratingappsnz_22",
"displayName": "All",
"description": null
}
@@ -5067,6 +7199,27 @@
}
]
},
+ {
+ "id": "com.apple.applicationaccess.new_com.apple.applicationaccess.new",
+ "displayName": "Top Level Setting Group Collection",
+ "options": null
+ },
+ {
+ "id": "com.apple.applicationaccess.new_familycontrolsenabled",
+ "displayName": "Family Controls Enabled",
+ "options": [
+ {
+ "id": "com.apple.applicationaccess.new_familycontrolsenabled_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.applicationaccess.new_familycontrolsenabled_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.appstore_com.apple.appstore",
"displayName": "Top Level Setting Group Collection",
@@ -5090,7 +7243,7 @@
},
{
"id": "com.apple.appstore_restrict-store-disable-app-adoption",
- "displayName": "restrict-store-disable-app-adoption",
+ "displayName": "Restrict-store-disable-app-adoption",
"options": [
{
"id": "com.apple.appstore_restrict-store-disable-app-adoption_false",
@@ -5666,7 +7819,11 @@
"displayName": "Top Level Setting Group Collection",
"options": null
},
- { "id": "com.apple.cellular_apns", "displayName": "APNs", "options": null },
+ {
+ "id": "com.apple.cellular_apns",
+ "displayName": "APNs",
+ "options": null
+ },
{
"id": "com.apple.cellular_apns_item_allowedprotocolmask",
"displayName": "Allowed Protocol Mask",
@@ -5849,6 +8006,88 @@
"displayName": "Top Level Setting Group Collection",
"options": null
},
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_cellulardatapreferred",
+ "displayName": "Cellular Data Preferred",
+ "options": [
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_cellulardatapreferred_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_cellulardatapreferred_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_com.apple.cellularprivatenetwork.managed",
+ "displayName": "com.apple.cellularprivatenetwork.managed",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_csgnetworkidentifier",
+ "displayName": "Csg Network Identifier",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_datasetname",
+ "displayName": "Data Set Name",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_enablenrstandalone",
+ "displayName": "Enable NR Standalone",
+ "options": [
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_enablenrstandalone_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_enablenrstandalone_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_geofences",
+ "displayName": "Geofences",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_geofences_item_geofenceid",
+ "displayName": "Geofence Id",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_geofences_item_latitude",
+ "displayName": "Latitude",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_geofences_item_longitude",
+ "displayName": "Longitude",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_geofences_item_radius",
+ "displayName": "Radius",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_networkidentifier",
+ "displayName": "Network Identifier",
+ "options": null
+ },
+ {
+ "id": "com.apple.cellularprivatenetwork.managed_versionnumber",
+ "displayName": "Version Number",
+ "options": null
+ },
{
"id": "com.apple.configurationprofile.identification_com.apple.configurationprofile.identification",
"displayName": "Top Level Setting Group Collection",
@@ -5856,7 +8095,7 @@
},
{
"id": "com.apple.configurationprofile.identification_payloadidentification",
- "displayName": "Payload Identification",
+ "displayName": "Payload Identification (Deprecated)",
"options": null
},
{
@@ -6448,7 +8687,7 @@
},
{
"id": "com.apple.dnssettings.managed_dnssettings_servername",
- "displayName": "Server Name (Deprecated)",
+ "displayName": "Server Name",
"options": null
},
{
@@ -7013,48 +9252,48 @@
]
},
{
- "id": "com.apple.dock_showindicators-immutable",
- "displayName": "Show Indicators Immutable",
+ "id": "com.apple.dock_show-process-indicators",
+ "displayName": "Show Process Indicators",
"options": [
{
- "id": "com.apple.dock_showindicators-immutable_false",
+ "id": "com.apple.dock_show-process-indicators_false",
"displayName": "False",
"description": null
},
{
- "id": "com.apple.dock_showindicators-immutable_true",
+ "id": "com.apple.dock_show-process-indicators_true",
"displayName": "True",
"description": null
}
]
},
{
- "id": "com.apple.dock_show-process-indicators",
- "displayName": "Show Process Indicators",
+ "id": "com.apple.dock_show-recents",
+ "displayName": "Show Recents",
"options": [
{
- "id": "com.apple.dock_show-process-indicators_false",
+ "id": "com.apple.dock_show-recents_false",
"displayName": "False",
"description": null
},
{
- "id": "com.apple.dock_show-process-indicators_true",
+ "id": "com.apple.dock_show-recents_true",
"displayName": "True",
"description": null
}
]
},
{
- "id": "com.apple.dock_show-recents",
- "displayName": "Show Recents",
+ "id": "com.apple.dock_showindicators-immutable",
+ "displayName": "Show Indicators Immutable",
"options": [
{
- "id": "com.apple.dock_show-recents_false",
+ "id": "com.apple.dock_showindicators-immutable_false",
"displayName": "False",
"description": null
},
{
- "id": "com.apple.dock_show-recents_true",
+ "id": "com.apple.dock_showindicators-immutable_true",
"displayName": "True",
"description": null
}
@@ -7279,6 +9518,11 @@
"displayName": "Top Level Setting Group Collection",
"options": null
},
+ {
+ "id": "com.apple.domains_crosssitetrackingpreventionrelaxedapps",
+ "displayName": "Cross Site Tracking Prevention Relaxed Apps",
+ "options": null
+ },
{
"id": "com.apple.domains_crosssitetrackingpreventionrelaxeddomains",
"displayName": "Cross Site Tracking Prevention Relaxed Domains",
@@ -7353,7 +9597,7 @@
},
{
"id": "com.apple.extensiblesso_extensiondata_allowpassword_kerberos",
- "displayName": "allow Password",
+ "displayName": "Allow Password",
"options": [
{
"id": "com.apple.extensiblesso_extensiondata_allowpassword_kerberos_false",
@@ -7383,9 +9627,25 @@
}
]
},
+ {
+ "id": "com.apple.extensiblesso_extensiondata_allowplatformssoauthfallback_kerberos",
+ "displayName": "Allow Platform SSO OAuth Fallback",
+ "options": [
+ {
+ "id": "com.apple.extensiblesso_extensiondata_allowplatformssoauthfallback_kerberos_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.extensiblesso_extensiondata_allowplatformssoauthfallback_kerberos_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.extensiblesso_extensiondata_allowsmartcard_kerberos",
- "displayName": "allow Smart Card",
+ "displayName": "Allow Smart Card",
"options": [
{
"id": "com.apple.extensiblesso_extensiondata_allowsmartcard_kerberos_false",
@@ -7504,7 +9764,7 @@
},
{
"id": "com.apple.extensiblesso_extensiondata_identityissuerautoselectfilter_kerberos",
- "displayName": "identity Issuer Auto Select Filter",
+ "displayName": "Identity Issuer Auto Select Filter",
"options": null
},
{
@@ -7687,7 +9947,7 @@
},
{
"id": "com.apple.extensiblesso_extensiondata_startinsmartcardmode_kerberos",
- "displayName": "start In Smart Card Mode",
+ "displayName": "Start In Smart Card Mode",
"options": [
{
"id": "com.apple.extensiblesso_extensiondata_startinsmartcardmode_kerberos_false",
@@ -7717,6 +9977,22 @@
}
]
},
+ {
+ "id": "com.apple.extensiblesso_extensiondata_useplatformssotgt_kerberos",
+ "displayName": "Use Platform SSOTGT",
+ "options": [
+ {
+ "id": "com.apple.extensiblesso_extensiondata_useplatformssotgt_kerberos_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.extensiblesso_extensiondata_useplatformssotgt_kerberos_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.extensiblesso_extensiondata_usesiteautodiscovery_kerberos",
"displayName": "Use Site Auto Discovery",
@@ -7807,6 +10083,22 @@
"displayName": "Administrator Groups",
"options": null
},
+ {
+ "id": "com.apple.extensiblesso_platformsso_allowdeviceidentifiersinattestation",
+ "displayName": "Allow Device Identifiers In Attestation",
+ "options": [
+ {
+ "id": "com.apple.extensiblesso_platformsso_allowdeviceidentifiersinattestation_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.extensiblesso_platformsso_allowdeviceidentifiersinattestation_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.extensiblesso_platformsso_authenticationgraceperiod",
"displayName": "Authentication Grace Period",
@@ -7923,6 +10215,11 @@
"id": "com.apple.extensiblesso_platformsso_newuserauthorizationmode_2",
"displayName": "Groups",
"description": null
+ },
+ {
+ "id": "com.apple.extensiblesso_platformsso_newuserauthorizationmode_3",
+ "displayName": "Temporary",
+ "description": null
}
]
},
@@ -8068,7 +10365,12 @@
},
{
"id": "com.apple.familycontrols.contentfilter_filterblacklist",
- "displayName": "Filter Blocklist",
+ "displayName": "Filter Blocklist (Deprecated)",
+ "options": null
+ },
+ {
+ "id": "com.apple.familycontrols.contentfilter_filterdenylist",
+ "displayName": "Filter Denylist",
"options": null
},
{
@@ -8394,6 +10696,27 @@
"displayName": "Top Level Setting Group Collection",
"options": null
},
+ {
+ "id": "com.apple.fileproviderd_managementallowsknownfoldersyncing",
+ "displayName": "Management Allows Known Folder Syncing",
+ "options": [
+ {
+ "id": "com.apple.fileproviderd_managementallowsknownfoldersyncing_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.fileproviderd_managementallowsknownfoldersyncing_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.fileproviderd_managementknownfoldersyncingallowlist",
+ "displayName": "Management Known Folder Syncing Allow List",
+ "options": null
+ },
{
"id": "com.apple.finder_com.apple.finder",
"displayName": "Top Level Setting Group Collection",
@@ -8548,8 +10871,16 @@
"displayName": "com.apple.font",
"options": null
},
- { "id": "com.apple.font_font", "displayName": "Font", "options": null },
- { "id": "com.apple.font_name", "displayName": "Name", "options": null },
+ {
+ "id": "com.apple.font_font",
+ "displayName": "Font",
+ "options": null
+ },
+ {
+ "id": "com.apple.font_name",
+ "displayName": "Name",
+ "options": null
+ },
{
"id": "com.apple.gamed_com.apple.gamed",
"displayName": "Top Level Setting Group Collection",
@@ -8874,6 +11205,22 @@
}
]
},
+ {
+ "id": "com.apple.loginwindow_showinputmenu",
+ "displayName": "Show Input Menu",
+ "options": [
+ {
+ "id": "com.apple.loginwindow_showinputmenu_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.loginwindow_showinputmenu_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.loginwindow_showotherusers_managed",
"displayName": "Show Other Users Managed",
@@ -8938,6 +11285,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_accesscontrolallowmethodsincorspreflightspecconformant",
+ "displayName": "Make Access-Control-Allow-Methods matching in CORS preflight spec conformant",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_accesscontrolallowmethodsincorspreflightspecconformant_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_accesscontrolallowmethodsincorspreflightspecconformant_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_accessibilityimagelabelsenabled",
+ "displayName": "Let screen reader users get image descriptions from Microsoft",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_accessibilityimagelabelsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_accessibilityimagelabelsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_acknowledgeddatacollectionpolicy",
"displayName": "Automatically acknowledge data collection policy",
@@ -8954,6 +11333,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_additionalsearchboxenabled",
+ "displayName": "Enable additional search box in browser",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_additionalsearchboxenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_additionalsearchboxenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_addressbarmicrosoftsearchinbingproviderenabled",
"displayName": "Enable Microsoft Search in Bing suggestions in the address bar",
@@ -8986,6 +11381,59 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_adstransparencyenabled",
+ "displayName": "Configure if the ads transparency feature is enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_adstransparencyenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_adstransparencyenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_aigenthemesenabled",
+ "displayName": "Enables DALL-E themes generation",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_aigenthemesenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_aigenthemesenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_allhttpauthschemesallowedfororigins",
+ "displayName": "List of origins that allow all HTTP authentication",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_allowbackforwardcacheforcachecontrolnostorepageenabled",
+ "displayName": "Allow pages with Cache-Control: no-store header to enter back/forward cache",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_allowbackforwardcacheforcachecontrolnostorepageenabled_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_allowbackforwardcacheforcachecontrolnostorepageenabled_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_allowcertswithoutmatchingemailaddress",
"displayName": "Allow S/MIME certificates without a matching email address",
@@ -9034,6 +11482,11 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_alloweddomainsforapps",
+ "displayName": "Define domains allowed to access Google Workspace",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_allowedemaildomains",
"displayName": "Allowed Email Domains",
@@ -9129,6 +11582,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_allowwebauthnwithbrokentlscerts",
+ "displayName": "Allow Web Authentication requests on sites with broken TLS certificates.",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_allowwebauthnwithbrokentlscerts_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_allowwebauthnwithbrokentlscerts_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_alternateerrorpagesenabled",
"displayName": "Suggest similar pages when a webpage can’t be found",
@@ -9892,12 +12361,12 @@
},
{
"id": "com.apple.managedclient.preferences_applicationssystem_applications_microsoft remote desktop.app",
- "displayName": "Microsoft Remote Desktop",
+ "displayName": "Microsoft Remote Desktop (Deprecated)",
"options": null
},
{
"id": "com.apple.managedclient.preferences_applicationssystem_applications_microsoft remote desktop.app_application id",
- "displayName": "Microsoft Remote Desktop Application ID",
+ "displayName": "Microsoft Remote Desktop Application ID (Deprecated)",
"options": null
},
{
@@ -9923,12 +12392,12 @@
},
{
"id": "com.apple.managedclient.preferences_applicationssystem_applications_microsoft remote desktop.app_lcid",
- "displayName": "Microsoft Remote Desktop LCID",
+ "displayName": "Microsoft Remote Desktop LCID (Deprecated)",
"options": null
},
{
"id": "com.apple.managedclient.preferences_applicationssystem_applications_microsoft remote desktop.app_manifestserver",
- "displayName": "Update channel override",
+ "displayName": "Update channel override (Deprecated)",
"options": [
{
"id": "com.apple.managedclient.preferences_applicationssystem_applications_microsoft remote desktop.app_manifestserver_0",
@@ -10282,6 +12751,68 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app",
+ "displayName": "Windows App",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_application id",
+ "displayName": "Application ID",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_channelname",
+ "displayName": "Channel Name",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_channelname_0",
+ "displayName": "Current Channel",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_channelname_1",
+ "displayName": "Current Channel (Preview)",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_channelname_2",
+ "displayName": "Beta Channel",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_lcid",
+ "displayName": "LCID",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_manifestserver",
+ "displayName": "Manifest Server",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_manifestserver_0",
+ "displayName": "Current Channel",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_manifestserver_1",
+ "displayName": "Current Channel (Preview)",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_manifestserver_2",
+ "displayName": "Beta Channel",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_applicationssystem_applications_windows app.app_manifestserver_3",
+ "displayName": "Change Freeze",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_applicationssystem_library_application support_microsoft_mau2.0_microsoft autoupdate.app",
"displayName": "Microsoft Auto Update",
@@ -10344,6 +12875,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_askbeforecloseenabled",
+ "displayName": "Get user confirmation before closing a browser window with multiple tabs",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_askbeforecloseenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_askbeforecloseenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_audiocaptureallowed",
"displayName": "Allow or block audio capture",
@@ -10396,6 +12943,22 @@
"displayName": "Configure list of allowed authentication servers",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_autodiscardsleepingtabsenabled",
+ "displayName": "Configure auto discard sleeping tabs",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_autodiscardsleepingtabsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_autodiscardsleepingtabsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_autofilladdressenabled",
"displayName": "Enable AutoFill for addresses",
@@ -10428,6 +12991,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_autofillmembershipsenabled",
+ "displayName": "Save and fill memberships",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_autofillmembershipsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_autofillmembershipsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_autoimportatfirstrun",
"displayName": "Automatically import another browser's data and settings at first run",
@@ -10464,6 +13043,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_autolaunchprotocolscomponentenabled",
+ "displayName": "AutoLaunch Protocols Component Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_autolaunchprotocolscomponentenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_autolaunchprotocolscomponentenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_automaticallydownloadexternalcontent",
"displayName": "Download embedded images",
@@ -10501,6 +13096,37 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_automaticdownloadsallowedforurls",
+ "displayName": "Allow multiple automatic downloads in quick succession on specific sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_automaticdownloadsblockedforurls",
+ "displayName": "Block multiple automatic downloads in quick succession on specific sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_automatichttpsdefault",
+ "displayName": "Configure Automatic HTTPS",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_automatichttpsdefault_0",
+ "displayName": "Automatic HTTPS functionality is disabled.",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_automatichttpsdefault_1",
+ "displayName": "(Deprecated) Navigations delivered over HTTP are switched to HTTPS, only on domains likely to support HTTPS.",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_automatichttpsdefault_2",
+ "displayName": "All navigations delivered over HTTP are switched to HTTPS. Connection errors might occur more often.",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_automaticsamplesubmission",
"displayName": "Enable / disable automatic sample submissions",
@@ -10517,6 +13143,27 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_automaticsamplesubmissionconsent",
+ "displayName": "Automatic sample submission Consent",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_automaticsamplesubmissionconsent_0",
+ "displayName": "none",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_automaticsamplesubmissionconsent_1",
+ "displayName": "safe",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_automaticsamplesubmissionconsent_2",
+ "displayName": "all",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_automaticuploadbandwidthpercentage",
"displayName": "Automatic upload bandwidth percentage",
@@ -10548,6 +13195,11 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_autoplayallowlist",
+ "displayName": "Allow media autoplay on specific sites",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_autoselectcertificateforurls",
"displayName": "Automatically select client certificates for these sites",
@@ -10585,6 +13237,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_behaviormonitoring",
+ "displayName": "Behavior Monitoring",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_behaviormonitoring_0",
+ "displayName": "enabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_behaviormonitoring_1",
+ "displayName": "disabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_bingadssuppression",
"displayName": "Block all ads on Bing search results",
@@ -10649,6 +13317,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_blocktruncatedcookies",
+ "displayName": "Block truncated cookies",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_blocktruncatedcookies_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_blocktruncatedcookies_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_browseraddprofileenabled",
"displayName": "Enable profile creation from the Identity flyout menu or the Settings page",
@@ -10837,6 +13521,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_checkfordefinitionsupdate",
+ "displayName": "Check for definitions update",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_checkfordefinitionsupdate_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_checkfordefinitionsupdate_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_clearbrowsingdataonexit",
"displayName": "Clear browsing data when Microsoft Edge closes",
@@ -10869,6 +13569,16 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_clipboardallowedforurls",
+ "displayName": "Allow clipboard use on specific sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_clipboardblockedforurls",
+ "displayName": "Block clipboard use on specific sites",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_cloudblocklevel",
"displayName": "Cloud Block Level",
@@ -10937,6 +13647,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_composeinlineenabled",
+ "displayName": "Compose is enabled for writing on the web",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_composeinlineenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_composeinlineenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_compressiondictionarytransportenabled",
+ "displayName": "Enable compression dictionary transport support",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_compressiondictionarytransportenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_compressiondictionarytransportenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_configuredonottrack",
"displayName": "Configure Do Not Track",
@@ -10990,6 +13732,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_configureshare",
+ "displayName": "Configure the Share experience",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_configureshare_0",
+ "displayName": "Allow using the Share experience",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_configureshare_1",
+ "displayName": "Don't allow using the Share experience",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_consumerexperience",
"displayName": "Control sign-in to consumer version",
@@ -11006,6 +13764,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_controldefaultstateofallowextensionfromotherstoressettingenabled",
+ "displayName": "Configure default state of Allow extensions from other stores setting",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_controldefaultstateofallowextensionfromotherstoressettingenabled_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_controldefaultstateofallowextensionfromotherstoressettingenabled_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_cookiesallowedforurls",
"displayName": "Allow cookies on specific sites",
@@ -11021,11 +13795,74 @@
"displayName": "Limit cookies from specific websites to the current session",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_copilotpagecontext",
+ "displayName": "Control Copilot access to page context for Microsoft Entra ID profiles",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_copilotpagecontext_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_copilotpagecontext_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_corsnonwildcardrequestheaderssupport",
+ "displayName": "CORS non-wildcard request header support enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_corsnonwildcardrequestheaderssupport_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_corsnonwildcardrequestheaderssupport_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_csscustomstatedeprecatedsyntaxenabled",
+ "displayName": "Controls whether the deprecated :--foo syntax for CSS custom state is enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_csscustomstatedeprecatedsyntaxenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_csscustomstatedeprecatedsyntaxenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_customhelplink",
"displayName": "Specify custom help link",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_dailyconfiguration",
+ "displayName": "Daily and Hourly quick scan configuration",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_dailyconfiguration_interval",
+ "displayName": "Start time",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_dailyconfiguration_timeofday",
+ "displayName": "Time of day",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_datalossprevention",
"displayName": "Use Data Loss Prevention",
@@ -11042,6 +13879,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_dataurlinsvguseenabled",
+ "displayName": "Data URL support for SVGUseElement",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_dataurlinsvguseenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_dataurlinsvguseenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultautomaticdownloadssetting",
+ "displayName": "Default automatic downloads setting",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_defaultautomaticdownloadssetting_0",
+ "displayName": "Allow all websites to perform automatic downloads",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultautomaticdownloadssetting_1",
+ "displayName": "Don't allow any website to perform automatic downloads",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_defaultbrowsersettingenabled",
"displayName": "Set Microsoft Edge as default browser",
@@ -11058,6 +13927,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_defaultclipboardsetting",
+ "displayName": "Default clipboard site permission",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_defaultclipboardsetting_0",
+ "displayName": "Do not allow any site to use the clipboard site permission",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultclipboardsetting_1",
+ "displayName": "Allow sites to ask the user to grant the clipboard site permission",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_defaultcookiessetting",
"displayName": "Configure cookies",
@@ -11169,6 +14054,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_defaultjavascriptjitsetting",
+ "displayName": "Control use of JavaScript JIT",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_defaultjavascriptjitsetting_0",
+ "displayName": "Allow any site to run JavaScript JIT",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultjavascriptjitsetting_1",
+ "displayName": "Do not allow any site to run JavaScript JIT",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_defaultjavascriptsetting",
"displayName": "Default JavaScript setting",
@@ -11342,6 +14243,27 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_defaultshareadditionalosregionsetting",
+ "displayName": "Set the default \"share additional operating system region\" setting",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_defaultshareadditionalosregionsetting_0",
+ "displayName": "Limited",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultshareadditionalosregionsetting_1",
+ "displayName": "Always share the OS Regional format",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultshareadditionalosregionsetting_2",
+ "displayName": "Never share the OS Regional format",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_defaultstolocalopensave",
"displayName": "Default to local files for open/save",
@@ -11358,6 +14280,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_defaultthirdpartystoragepartitioningsetting",
+ "displayName": "Default setting for third-party storage partitioning",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_defaultthirdpartystoragepartitioningsetting_0",
+ "displayName": "Let third-party storage partitioning to be enabled.",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultthirdpartystoragepartitioningsetting_1",
+ "displayName": "Block third-party storage partitioning from being enabled.",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_defaultweatherlocation",
"displayName": "Default weather location",
@@ -11379,6 +14317,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_defaultwebhidguardsetting",
+ "displayName": "Control use of the WebHID API",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_defaultwebhidguardsetting_0",
+ "displayName": "Do not allow any site to request access to HID devices via the WebHID API",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultwebhidguardsetting_1",
+ "displayName": "Allow sites to ask the user to grant access to a HID device",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_defaultwebusbguardsetting",
"displayName": "Control use of the WebUSB API",
@@ -11395,6 +14349,32 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_defaultwindowmanagementsetting",
+ "displayName": "Default Window Management permission setting",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_defaultwindowmanagementsetting_0",
+ "displayName": "Denies the Window Management permission on all sites by default",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_defaultwindowmanagementsetting_1",
+ "displayName": "Ask every time a site wants obtain the Window Management permission",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_definitionupdatedue",
+ "displayName": "Security intelligence update due (in days)",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_definitionupdatesinterval",
+ "displayName": "Security intelligence update interval (in seconds)",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_developertoolsavailability",
"displayName": "Control where developer tools can be used",
@@ -11538,6 +14518,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_disablednsovertcpparsing",
+ "displayName": "Disable DNS over TCP parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disablednsovertcpparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablednsovertcpparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablednsparsing",
+ "displayName": "Disable DNS parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disablednsparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablednsparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_disabledonotforward",
"displayName": "Disable 'Do Not Forward' options",
@@ -11586,6 +14598,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_disableftpparsing",
+ "displayName": "Disable FTP parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disableftpparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disableftpparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablehttpparsing",
+ "displayName": "Disable HTTP parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disablehttpparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablehttpparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_disablehydrationtoast",
"displayName": "Disable download toasts",
@@ -11602,6 +14646,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_disableicmpparsing",
+ "displayName": "Disable ICMP parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disableicmpparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disableicmpparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_disableimport",
"displayName": "Disable import from OLM and PST files",
@@ -11618,6 +14678,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_disableinboundconnectionfiltering",
+ "displayName": "Disable inbound connection filtering",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disableinboundconnectionfiltering_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disableinboundconnectionfiltering_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_disableinsidercheckbox",
"displayName": "Disable Office Insider membership",
@@ -11650,6 +14726,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_disablerdpparsing",
+ "displayName": "Disable RDP parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disablerdpparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablerdpparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_disablerespondtomeetingwithoutresponse",
"displayName": "Disable 'Do not send response'",
@@ -11730,6 +14822,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_disablesmtpparsing",
+ "displayName": "Disable SMTP parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disablesmtpparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablesmtpparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablesshparsing",
+ "displayName": "Disable SSH parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disablesshparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disablesshparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_disableteamsmeeting",
"displayName": "Disable Microsoft Teams meeting support",
@@ -11746,6 +14870,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_disabletlsparsing",
+ "displayName": "Disable TLS parsing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_disabletlsparsing_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_disabletlsparsing_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_disabletutorial",
"displayName": "Disable tutorial",
@@ -11867,6 +15007,22 @@
"displayName": "Specify URI template of desired DNS-over-HTTPS resolver",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_doubleclickclosetabenabled",
+ "displayName": "Double Click feature in Microsoft Edge enabled (only available in China)",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_doubleclickclosetabenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_doubleclickclosetabenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_downloadbandwidthlimited",
"displayName": "Set maximum download throughput",
@@ -11900,6 +15056,11 @@
"id": "com.apple.managedclient.preferences_downloadrestrictions_3",
"displayName": "Block all downloads",
"description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_downloadrestrictions_4",
+ "displayName": "Block malicious downloads",
+ "description": null
}
]
},
@@ -11919,6 +15080,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_edgeassetdeliveryserviceenabled",
+ "displayName": "Allow features to download assets from the Asset Delivery Service",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgeassetdeliveryserviceenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgeassetdeliveryserviceenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_edgecollectionsenabled",
"displayName": "Enable the Collections feature",
@@ -11935,6 +15112,102 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_edgedisabledialprotocolforcastdiscovery",
+ "displayName": "Disable DIAL protocol for cast device discovery",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgedisabledialprotocolforcastdiscovery_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgedisabledialprotocolforcastdiscovery_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgeedropenabled",
+ "displayName": "Enable Drop feature in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgeedropenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgeedropenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgeentracopilotpagecontext",
+ "displayName": "Control access to page content for Entra ID Profiles accessing Microsoft Copilot with Enterprise Data Protection (EDP) from the Microsoft Edge sidebar",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgeentracopilotpagecontext_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgeentracopilotpagecontext_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementextensionsfeedbackenabled",
+ "displayName": "Microsoft Edge management extensions feedback enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementextensionsfeedbackenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementextensionsfeedbackenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementpolicyoverridesplatformpolicy",
+ "displayName": "Microsoft Edge management service policy overrides platform policy.",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementpolicyoverridesplatformpolicy_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementpolicyoverridesplatformpolicy_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementuserpolicyoverridescloudmachinepolicy",
+ "displayName": "Allow cloud-based Microsoft Edge management service user policies to override local user policies.",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementuserpolicyoverridescloudmachinepolicy_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgemanagementuserpolicyoverridescloudmachinepolicy_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_edgeshoppingassistantenabled",
"displayName": "Shopping in Microsoft Edge Enabled",
@@ -11951,6 +15224,64 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_edgesidebarappurlhostallowlist",
+ "displayName": "Allow specific apps to be opened in Microsoft Edge sidebar",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgesidebarappurlhostblocklist",
+ "displayName": "Control which apps cannot be opened in Microsoft Edge sidebar",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgesidebarcustomizeenabled",
+ "displayName": "Enable sidebar customize",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgesidebarcustomizeenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgesidebarcustomizeenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgewalletetreeenabled",
+ "displayName": "Edge Wallet E-Tree Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgewalletetreeenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgewalletetreeenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgeworkspacesenabled",
+ "displayName": "Enable Workspaces",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_edgeworkspacesenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_edgeworkspacesenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_editfavoritesenabled",
"displayName": "Allows users to edit favorites",
@@ -11967,6 +15298,74 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymode",
+ "displayName": "Configure when efficiency mode should become active",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymode_0",
+ "displayName": "Efficiency mode is always active",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymode_1",
+ "displayName": "Efficiency mode is never active",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymode_2",
+ "displayName": "Efficiency mode is active when the device is unplugged",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymode_3",
+ "displayName": "Efficiency mode is active when the device is unplugged and the battery is low",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymode_4",
+ "displayName": "When the device is unplugged, efficiency mode takes moderate steps to save battery. When the device is unplugged and the battery is low, efficiency mode takes additional steps to save battery.",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymode_5",
+ "displayName": "When the device is unplugged or unplugged and the battery is low, efficiency mode takes additional steps to save battery.",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymodeenabled",
+ "displayName": "Efficiency mode enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymodeenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymodeenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymodeonpowerenabled",
+ "displayName": "Enable efficiency mode when the device is connected to a power source",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymodeonpowerenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_efficiencymodeonpowerenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_enableallocsiclients",
"displayName": "Enable simultaneous edits for Office apps",
@@ -12163,6 +15562,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_enablesetwarntoblock",
+ "displayName": "Enable set warn to block",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_enablesetwarntoblock_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enablesetwarntoblock_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_enablesha1forlocalanchors",
"displayName": "Allow certificates signed using SHA-1 when issued by local trust anchors",
@@ -12179,6 +15594,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_encryptedclienthelloenabled",
+ "displayName": "TLS Encrypted ClientHello Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_encryptedclienthelloenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_encryptedclienthelloenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_enforcementlevel",
"displayName": "Enforcement level",
@@ -12242,6 +15673,74 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymode",
+ "displayName": "Enhance the security state in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymode_0",
+ "displayName": "Standard mode",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymode_1",
+ "displayName": "Balanced mode",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymode_2",
+ "displayName": "Strict mode",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymode_3",
+ "displayName": "(Deprecated) Basic mode",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodebypasslistdomains",
+ "displayName": "Configure the list of domains for which enhance security mode will not be enforced",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodeenforcelistdomains",
+ "displayName": "Configure the list of domains for which enhance security mode will always be enforced",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodeindicatoruienabled",
+ "displayName": "Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodeindicatoruienabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodeindicatoruienabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodeoptoutuxenabled",
+ "displayName": "Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge (deprecated)",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodeoptoutuxenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_enhancesecuritymodeoptoutuxenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_enterprisehardwareplatformapienabled",
"displayName": "Allow managed extensions to use the Enterprise Hardware Platform API",
@@ -12382,6 +15881,11 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_explicitlyallowednetworkports",
+ "displayName": "Explicitly allowed network ports",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_extendedlogging",
"displayName": "Enable extended logging",
@@ -12403,6 +15907,27 @@
"displayName": "Configure allowed extension types",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_extensiondevelopermodesettings",
+ "displayName": "Control the availability of developer mode on extensions page",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_extensiondevelopermodesettings_0",
+ "displayName": "Allow the usage of developer mode on extensions page",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensiondevelopermodesettings_1",
+ "displayName": "Do not allow the usage of developer mode on extensions page",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensionextendedbackgroundlifetimeforportconnectionstourls",
+ "displayName": "Configure a list of origins that grant an extended background lifetime to connecting extensions.",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_extensioninstallallowlist",
"displayName": "Allow specific extensions to be installed",
@@ -12423,6 +15948,53 @@
"displayName": "Configure extension and user script install sources",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_extensioninstalltypeblocklist",
+ "displayName": "Blocklist for extension install types",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensionmanifestv2availability",
+ "displayName": "Control Manifest v2 extension availability",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_extensionmanifestv2availability_0",
+ "displayName": "Default browser behavior",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensionmanifestv2availability_1",
+ "displayName": "Manifest v2 is disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensionmanifestv2availability_2",
+ "displayName": "Manifest v2 is enabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensionmanifestv2availability_3",
+ "displayName": "Manifest v2 is enabled for forced extensions only",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensionsperformancedetectorenabled",
+ "displayName": "Extensions Performance Detector enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_extensionsperformancedetectorenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_extensionsperformancedetectorenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_externalprotocoldialogshowalwaysopencheckbox",
"displayName": "Show an \"Always open\" checkbox in external protocol dialog",
@@ -12471,6 +16043,37 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_featureflagoverridescontrol",
+ "displayName": "Configure users ability to override feature flags",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_featureflagoverridescontrol_0",
+ "displayName": "Prevent users from overriding feature flags",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_featureflagoverridescontrol_1",
+ "displayName": "Allow users to override feature flags",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_featureflagoverridescontrol_2",
+ "displayName": "Allow users to override feature flags using command line arguments only",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_fetchkeepalivedurationsecondsonshutdown",
+ "displayName": "Fetch keepalive duration on shutdown",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_fileordirectorypickerwithoutgestureallowedfororigins",
+ "displayName": "Allow file or directory picker APIs to be called without prior user gesture",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_filesondemandenabled",
"displayName": "Enable Files On-Demand",
@@ -12592,6 +16195,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_forcepermissionpolicyunloaddefaultenabled",
+ "displayName": "Controls whether unload event handlers can be disabled.",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_forcepermissionpolicyunloaddefaultenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_forcepermissionpolicyunloaddefaultenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_forcesync",
"displayName": "Force synchronization of browser data and do not show the sync consent prompt",
@@ -12608,6 +16227,11 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_forcesynctypes",
+ "displayName": "Configure the list of types that are included for synchronization",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_forceyoutuberestrict",
"displayName": "Force minimum YouTube Restricted Mode",
@@ -12661,6 +16285,11 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_groupids",
+ "displayName": "Group identifier",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_guardagainstappmodification",
"displayName": "Guard against app modification",
@@ -12677,6 +16306,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_guidedswitchenabled",
+ "displayName": "Guided Switch Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_guidedswitchenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_guidedswitchenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_hardwareaccelerationmodeenabled",
"displayName": "Use hardware acceleration when available",
@@ -12693,6 +16338,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_headlessmodeenabled",
+ "displayName": "Control use of the Headless Mode",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_headlessmodeenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_headlessmodeenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_hidedockicon",
"displayName": "Hide dock icon",
@@ -12804,6 +16465,43 @@
"displayName": "Configure the list of names that will bypass the HSTS policy check",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_httpallowlist",
+ "displayName": "HTTP Allowlist",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_hubssidebarenabled",
+ "displayName": "Show Hubs Sidebar",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_hubssidebarenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_hubssidebarenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_ignoreexclusions",
+ "displayName": "Ignore exclusions",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_ignoreexclusions_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_ignoreexclusions_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_imagesallowedforurls",
"displayName": "Allow images on these sites",
@@ -13006,6 +16704,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_inappsupportenabled",
+ "displayName": "In-app support Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_inappsupportenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_inappsupportenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_inprivatemodeavailability",
"displayName": "Configure InPrivate mode availability",
@@ -13053,6 +16767,27 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_insecureprivatenetworkrequestsallowed",
+ "displayName": "Specifies whether to allow websites to make requests to any network endpoint in an insecure manner.",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_insecureprivatenetworkrequestsallowed_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_insecureprivatenetworkrequestsallowed_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_insecureprivatenetworkrequestsallowedforurls",
+ "displayName": "Allow the listed sites to make requests to more-private network endpoints from in an insecure manner",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_intensivewakeupthrottlingenabled",
"displayName": "Control the IntensiveWakeUpThrottling feature",
@@ -13110,6 +16845,32 @@
"displayName": "Block JavaScript on specific sites",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_javascriptjitallowedforsites",
+ "displayName": "Allow JavaScript to use JIT on these sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_javascriptjitblockedforsites",
+ "displayName": "Block JavaScript from using JIT on these sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_keyboardfocusablescrollersenabled",
+ "displayName": "Enable keyboard focusable scrollers",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_keyboardfocusablescrollersenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_keyboardfocusablescrollersenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_kfmblockoptin",
"displayName": "Prevent users from using the Folder Backup feature (Known Folder Move)",
@@ -13242,6 +17003,22 @@
"displayName": "Revert to legacy SameSite behavior for cookies on specified sites",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_linkedaccountenabled",
+ "displayName": "Enable the linked account feature",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_linkedaccountenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_linkedaccountenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_localprovidersenabled",
"displayName": "Allow suggestions from local providers",
@@ -13258,6 +17035,94 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_lowpriorityscheduledscan",
+ "displayName": "Low priority scheduled scan",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_lowpriorityscheduledscan_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_lowpriorityscheduledscan_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines",
+ "displayName": "Managed Search Engines",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_allow_search_engine_discovery",
+ "displayName": "Allow search engine discovery",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_allow_search_engine_discovery_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_allow_search_engine_discovery_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_encoding",
+ "displayName": "Encoding",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_image_search_post_params",
+ "displayName": "Image search post params",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_image_search_url",
+ "displayName": "Image search URL",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_is_default",
+ "displayName": "Is default",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_is_default_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_is_default_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_keyword",
+ "displayName": "Keyword",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_name",
+ "displayName": "Name",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_search_url",
+ "displayName": "Search URL",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_managedsearchengines_item_suggest_url",
+ "displayName": "Suggest URL",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_manifestserver",
"displayName": "Deferred updates (Deprecated)",
@@ -13491,6 +17356,86 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_microsoftedgeinsiderpromotionenabled",
+ "displayName": "Microsoft Edge Insider Promotion Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_microsoftedgeinsiderpromotionenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_microsoftedgeinsiderpromotionenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_microsofteditorproofingenabled",
+ "displayName": "Spell checking provided by Microsoft Editor",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_microsofteditorproofingenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_microsofteditorproofingenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_microsofteditorsynonymsenabled",
+ "displayName": "Synonyms are provided when using Microsoft Editor spell checker",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_microsofteditorsynonymsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_microsofteditorsynonymsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_msawebsitessousingthisprofileallowed",
+ "displayName": "Allow single sign-on for Microsoft personal sites using this profile",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_msawebsitessousingthisprofileallowed_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_msawebsitessousingthisprofileallowed_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_mutationeventsenabled",
+ "displayName": "Enable deprecated/removed Mutation Events",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_mutationeventsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_mutationeventsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_nativemessagingallowlist",
"displayName": "Control which native messaging hosts users can use",
@@ -13538,6 +17483,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_newpdfreaderenabled",
+ "displayName": "Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_newpdfreaderenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newpdfreaderenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_newtabpageallowedbackgroundtypes",
"displayName": "Configure the background types allowed for the new tab page layout",
@@ -13559,6 +17520,89 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_newtabpageapplauncherenabled",
+ "displayName": "Hide App Launcher on Microsoft Edge new tab page",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_newtabpageapplauncherenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpageapplauncherenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagebingchatenabled",
+ "displayName": "Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagebingchatenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagebingchatenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogo",
+ "displayName": "New Tab Page Company Logo",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogo_default_logo",
+ "displayName": "Default logo",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogo_default_logo_hash",
+ "displayName": "Hash",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogo_default_logo_url",
+ "displayName": "URL",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogo_light_logo",
+ "displayName": "Light logo",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogo_light_logo_hash",
+ "displayName": "Hash",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogo_light_logo_url",
+ "displayName": "URL",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogoenabled",
+ "displayName": "Hide the company logo on the Microsoft Edge new tab page",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogoenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagecompanylogoenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_newtabpagehidedefaulttopsites",
"displayName": "Hide the default top sites from the new tab page",
@@ -13580,6 +17624,37 @@
"displayName": "Configure the new tab page URL",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagemanagedquicklinks",
+ "displayName": "New Tab Page Managed Quick Links",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagemanagedquicklinks_item_pinned",
+ "displayName": "Pinned",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagemanagedquicklinks_item_pinned_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagemanagedquicklinks_item_pinned_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagemanagedquicklinks_item_title",
+ "displayName": "Title",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagemanagedquicklinks_item_url",
+ "displayName": "URL",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_newtabpageprerenderenabled",
"displayName": "Enable preload of the new tab page for faster rendering",
@@ -13596,6 +17671,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagequicklinksenabled",
+ "displayName": "Allow quick links on the new tab page",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagequicklinksenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_newtabpagequicklinksenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_newtabpagesearchbox",
"displayName": "Configure the new tab page search box experience",
@@ -13739,6 +17830,43 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_offlinedefinitionupdate",
+ "displayName": "Enable offline security intelligence updates",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_offlinedefinitionupdate_0",
+ "displayName": "enabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_offlinedefinitionupdate_1",
+ "displayName": "disabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_offlinedefinitionupdateurl",
+ "displayName": "URL for a security intelligence updates mirror server",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_offlinedefinitionupdateverifysig",
+ "displayName": "offline security intelligence updates signature verification",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_offlinedefinitionupdateverifysig_0",
+ "displayName": "enabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_offlinedefinitionupdateverifysig_1",
+ "displayName": "disabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_oldisablejunkoptionsprefkey",
"displayName": "Disable Junk settings",
@@ -13787,6 +17915,54 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_organizationalbrandingonworkprofileuienabled",
+ "displayName": "Allow the use of your organization's branding assets from Microsoft Entra on the profile-related UI of a work profile",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_organizationalbrandingonworkprofileuienabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_organizationalbrandingonworkprofileuienabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_organizationlogooverlayonappiconenabled",
+ "displayName": "Allow your organization's logo from Microsoft Entra to be overlaid on the Microsoft Edge app icon of a work profile",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_organizationlogooverlayonappiconenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_organizationlogooverlayonappiconenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_originagentclusterdefaultenabled",
+ "displayName": "Origin-keyed agent clustering enabled by default",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_originagentclusterdefaultenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_originagentclusterdefaultenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_overridesecurityrestrictionsoninsecureorigin",
"displayName": "Control where security restrictions on insecure origins apply",
@@ -13808,6 +17984,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_passworddeleteonbrowsercloseenabled",
+ "displayName": "Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_passworddeleteonbrowsercloseenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_passworddeleteonbrowsercloseenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_passwordmanagerenabled",
"displayName": "Enable saving passwords to the password manager",
@@ -13824,6 +18016,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_passwordmanagerrestrictlengthenabled",
+ "displayName": "Restrict the length of passwords that can be saved in the Password Manager",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_passwordmanagerrestrictlengthenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_passwordmanagerrestrictlengthenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_passwordmonitorallowed",
"displayName": "Allow Microsoft Edge to monitor user passwords",
@@ -13898,6 +18106,54 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_pdfsecuremode",
+ "displayName": "Secure mode and Certificate-based Digital Signature validation in native PDF reader",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_pdfsecuremode_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_pdfsecuremode_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_pdfxfaenabled",
+ "displayName": "XFA support in native PDF reader enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_pdfxfaenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_pdfxfaenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_performancedetectorenabled",
+ "displayName": "Performance Detector Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_performancedetectorenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_performancedetectorenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_personalizationreportingenabled",
"displayName": "Allow personalization of ads, search and news by sending browsing history to Microsoft",
@@ -13930,6 +18186,43 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_pictureinpictureoverlayenabled",
+ "displayName": "Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_pictureinpictureoverlayenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_pictureinpictureoverlayenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_pinbrowseressentialstoolbarbutton",
+ "displayName": "Pin browser essentials toolbar button",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_pinbrowseressentialstoolbarbutton_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_pinbrowseressentialstoolbarbutton_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_pluginsallowedforurls",
+ "displayName": "Allow the Adobe Flash plug-in on specific sites",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_pluginsblockedforurls",
"displayName": "Block the Adobe Flash plug-in on specific sites",
@@ -13945,6 +18238,22 @@
"displayName": "Block pop-up windows on specific sites",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_postquantumkeyagreementenabled",
+ "displayName": "Enable post-quantum key agreement for TLS",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_postquantumkeyagreementenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_postquantumkeyagreementenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_preventsmartscreenpromptoverride",
"displayName": "Prevent bypassing Microsoft Defender SmartScreen prompts for sites",
@@ -13977,6 +18286,48 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_preventtyposquattingpromptoverride",
+ "displayName": "Prevent bypassing Edge Website Typo Protection prompts for sites",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_preventtyposquattingpromptoverride_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_preventtyposquattingpromptoverride_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_primarypasswordsetting",
+ "displayName": "Configures a setting that asks users to enter their device password while using password autofill",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_primarypasswordsetting_0",
+ "displayName": "Automatically",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_primarypasswordsetting_1",
+ "displayName": "With device password",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_primarypasswordsetting_2",
+ "displayName": "With custom primary password",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_primarypasswordsetting_3",
+ "displayName": "Autofill off",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_printertypedenylist",
"displayName": "Disable printer types on the deny list",
@@ -13998,6 +18349,43 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_printingallowedbackgroundgraphicsmodes",
+ "displayName": "Restrict background graphics printing mode",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_printingallowedbackgroundgraphicsmodes_0",
+ "displayName": "Allow printing with and without background graphics",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printingallowedbackgroundgraphicsmodes_1",
+ "displayName": "Allow printing only without background graphics",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printingallowedbackgroundgraphicsmodes_2",
+ "displayName": "Allow printing only with background graphics",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printingbackgroundgraphicsdefault",
+ "displayName": "Default background graphics printing mode",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_printingbackgroundgraphicsdefault_0",
+ "displayName": "Disable background graphics printing mode by default",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printingbackgroundgraphicsdefault_1",
+ "displayName": "Enable background graphics printing mode by default",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_printingenabled",
"displayName": "Enable printing",
@@ -14014,6 +18402,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_printingwebpagelayout",
+ "displayName": "Sets layout for printing",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_printingwebpagelayout_0",
+ "displayName": "Sets layout option as portrait",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printingwebpagelayout_1",
+ "displayName": "Sets layout option as landscape",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printpdfasimagedefault",
+ "displayName": "Print PDF as Image Default",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_printpdfasimagedefault_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printpdfasimagedefault_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_printpreviewusesystemdefaultprinter",
"displayName": "Set the system default printer as the default printer",
@@ -14030,6 +18450,53 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_printrasterizepdfdpi",
+ "displayName": "Print Rasterize PDF DPI",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printstickysettings",
+ "displayName": "Print preview sticky settings",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_printstickysettings_0",
+ "displayName": "Enable sticky settings for PDF and Webpages",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printstickysettings_1",
+ "displayName": "Disable sticky settings for PDF and Webpages",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printstickysettings_2",
+ "displayName": "Disable sticky settings for PDF",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_printstickysettings_3",
+ "displayName": "Disable sticky settings for Webpages",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_privatenetworkaccessrestrictionsenabled",
+ "displayName": "Specifies whether to apply restrictions to requests to more private network endpoints",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_privatenetworkaccessrestrictionsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_privatenetworkaccessrestrictionsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_proactiveauthenabled",
"displayName": "Enable Proactive Authentication",
@@ -14046,6 +18513,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_proactiveauthworkflowenabled",
+ "displayName": "Enable proactive authentication",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_proactiveauthworkflowenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proactiveauthworkflowenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_promotionaltabsenabled",
"displayName": "Enable full-tab promotional content",
@@ -14078,6 +18561,27 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_promptonmultiplematchingcertificates",
+ "displayName": "Prompt the user to select a certificate when multiple certificates match",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_promptonmultiplematchingcertificates_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_promptonmultiplematchingcertificates_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxy",
+ "displayName": "Set proxy for MDE communication",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_proxybypasslist",
"displayName": "Configure proxy bypass rules",
@@ -14124,6 +18628,73 @@
"displayName": "Configure address or URL of proxy server",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings",
+ "displayName": "Proxy Settings",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxybypasslist",
+ "displayName": "Proxy Bypass List",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxymode",
+ "displayName": "Proxy Mode",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxymode_0",
+ "displayName": "direct",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxymode_1",
+ "displayName": "auto_detect",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxymode_2",
+ "displayName": "pac_script",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxymode_3",
+ "displayName": "fixed_servers",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxymode_4",
+ "displayName": "system",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxypacurl",
+ "displayName": "Proxy PAC URL",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_proxysettings_proxyserver",
+ "displayName": "Proxy Server",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_qrcodegeneratorenabled",
+ "displayName": "Enable QR Code Generator",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_qrcodegeneratorenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_qrcodegeneratorenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_quicallowed",
"displayName": "Allow QUIC protocol",
@@ -14140,6 +18711,122 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_quicksearchshowminimenu",
+ "displayName": "Enables Microsoft Edge mini menu",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_quicksearchshowminimenu_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_quicksearchshowminimenu_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_quickviewofficefilesenabled",
+ "displayName": "Manage QuickView Office files capability in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_quickviewofficefilesenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_quickviewofficefilesenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_randomizescanstarttime",
+ "displayName": "Randomize scheduled scan start time",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_readaloudenabled",
+ "displayName": "Enable Read Aloud feature in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_readaloudenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_readaloudenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_registeredprotocolhandlers",
+ "displayName": "Registered Protocol Handlers",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_registeredprotocolhandlers_item_default",
+ "displayName": "Default",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_registeredprotocolhandlers_item_default_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_registeredprotocolhandlers_item_default_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_registeredprotocolhandlers_item_protocol",
+ "displayName": "Protocol",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_registeredprotocolhandlers_item_url",
+ "displayName": "URL",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_relatedmatchescloudserviceenabled",
+ "displayName": "Configure Related Matches in Find on Page",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_relatedmatchescloudserviceenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_relatedmatchescloudserviceenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_relatedwebsitesetsenabled",
+ "displayName": "Enable Related Website Sets",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_relatedwebsitesetsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_relatedwebsitesetsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_relaunchnotification",
"displayName": "Notify a user that a browser restart is recommended or required for pending updates",
@@ -14161,6 +18848,22 @@
"displayName": "Set the time period for update notifications",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_remotedebuggingallowed",
+ "displayName": "Allow remote debugging",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_remotedebuggingallowed_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_remotedebuggingallowed_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_resolvenavigationerrorsusewebservice",
"displayName": "Enable resolution of navigation errors using a web service",
@@ -14195,6 +18898,11 @@
"id": "com.apple.managedclient.preferences_restoreonstartup_2",
"displayName": "Open a new tab",
"description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_restoreonstartup_3",
+ "displayName": "Open a list of URLs and restore the last session",
+ "description": null
}
]
},
@@ -14203,6 +18911,38 @@
"displayName": "Sites to open when the browser starts",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_restoreonstartupuserurlsenabled",
+ "displayName": "Allow users to add and remove their own sites during startup when the RestoreOnStartupURLs policy is configured",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_restoreonstartupuserurlsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_restoreonstartupuserurlsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_restorepdfview",
+ "displayName": "Restore PDF view",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_restorepdfview_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_restorepdfview_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_restrictsignintopattern",
"displayName": "Restrict which accounts can be used as Microsoft Edge primary accounts",
@@ -14224,6 +18964,43 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_runscanwhenidle",
+ "displayName": "Run scheduled scan when idle",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_runscanwhenidle_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_runscanwhenidle_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_sameorigintabcaptureallowedbyorigins",
+ "displayName": "Allow Same Origin Tab capture by these origins",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_sandboxexternalprotocolblocked",
+ "displayName": "Allow Microsoft Edge to block navigations to external protocols in a sandboxed iframe",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_sandboxexternalprotocolblocked_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_sandboxexternalprotocolblocked_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_savecookiesonexit",
"displayName": "Save cookies when Microsoft Edge closes",
@@ -14287,6 +19064,22 @@
"displayName": "Scan results retention",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_scheduledscan",
+ "displayName": "Scheduled Scan",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_scheduledscan_0",
+ "displayName": "enabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_scheduledscan_1",
+ "displayName": "disabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_screencaptureallowed",
"displayName": "Allow or deny screen capture",
@@ -14303,6 +19096,16 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_screencaptureallowedbyorigins",
+ "displayName": "Allow Desktop, Window, and Tab capture by these origins",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_screencapturewithoutgestureallowedfororigins",
+ "displayName": "Allow screen capture without prior user gesture",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_scrolltotextfragmentenabled",
"displayName": "Enable scrolling to text specified in URL fragments",
@@ -14319,6 +19122,59 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_searchfiltersenabled",
+ "displayName": "Search Filters Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_searchfiltersenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_searchfiltersenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_searchforimageenabled",
+ "displayName": "Search for image enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_searchforimageenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_searchforimageenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_searchinsidebarenabled",
+ "displayName": "Search in Sidebar enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_searchinsidebarenabled_0",
+ "displayName": "Enable search in sidebar",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_searchinsidebarenabled_1",
+ "displayName": "Disable search in sidebar for Kids Mode",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_searchinsidebarenabled_2",
+ "displayName": "Disable search in sidebar",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_searchsuggestenabled",
"displayName": "Enable search suggestions",
@@ -14366,6 +19222,11 @@
"displayName": "Block access to sensors on specific sites",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_serialallowallportsforurls",
+ "displayName": "Automatically grant sites permission to connect all serial ports",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_serialaskforurls",
"displayName": "Allow the Serial API on specific sites",
@@ -14376,6 +19237,38 @@
"displayName": "Block the Serial API on specific sites",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_sharedarraybufferunrestrictedaccessallowed",
+ "displayName": "Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_sharedarraybufferunrestrictedaccessallowed_false",
+ "displayName": "Blocked",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_sharedarraybufferunrestrictedaccessallowed_true",
+ "displayName": "Allowed",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_sharedlinksenabled",
+ "displayName": "Show links shared from Microsoft 365 apps in History",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_sharedlinksenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_sharedlinksenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_sharepointonpremfrontdoorurl",
"displayName": "SharePoint Server Front Door URL",
@@ -14402,6 +19295,22 @@
"displayName": "SharePoint Server Tenant Name",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_showacrobatsubscriptionbutton",
+ "displayName": "Shows button on native PDF viewer in Microsoft Edge that allows users to sign up for Adobe Acrobat subscription",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_showacrobatsubscriptionbutton_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showacrobatsubscriptionbutton_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_showcasticonintoolbar",
"displayName": "Show the cast icon in the toolbar",
@@ -14434,6 +19343,54 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_showdownloadsinsecurewarningsenabled",
+ "displayName": "Enable insecure download warnings",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_showdownloadsinsecurewarningsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showdownloadsinsecurewarningsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showdownloadstoolbarbutton",
+ "displayName": "Show Downloads button on the toolbar",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_showdownloadstoolbarbutton_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showdownloadstoolbarbutton_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showhistorythumbnails",
+ "displayName": "Show thumbnail images for browsing history",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_showhistorythumbnails_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showhistorythumbnails_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_showhomebutton",
"displayName": "Show Home button on toolbar",
@@ -14482,6 +19439,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_showpdfdefaultrecommendationsenabled",
+ "displayName": "Allow notifications to set Microsoft Edge as default PDF reader",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_showpdfdefaultrecommendationsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showpdfdefaultrecommendationsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showrecommendationsenabled",
+ "displayName": "Allow feature recommendations and browser assistance notifications from Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_showrecommendationsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_showrecommendationsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_showwhatsnewonlaunch",
"displayName": "Show Whats New dialog",
@@ -14594,14 +19583,40 @@
"id": "com.apple.managedclient.preferences_sleepingtabstimeout_7",
"displayName": "12 hours of inactivity",
"description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_sleepingtabstimeout_8",
+ "displayName": "12 hours of inactivity",
+ "description": null
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_smartactionsblocklist",
+ "displayName": "Block smart actions for a list of services",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_smartscreenallowlistdomains",
"displayName": "Configure the list of domains for which Microsoft Defender SmartScreen won't trigger warnings",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_smartscreendnsrequestsenabled",
+ "displayName": "Enable Microsoft Defender SmartScreen DNS requests",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_smartscreendnsrequestsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_smartscreendnsrequestsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_smartscreenenabled",
"displayName": "Configure Microsoft Defender SmartScreen",
@@ -14692,6 +19707,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_splitscreenenabled",
+ "displayName": "Enable split screen feature in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_splitscreenenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_splitscreenenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_sslerroroverrideallowed",
"displayName": "Allow users to proceed from the HTTPS warning page",
@@ -14708,6 +19739,11 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_sslerroroverrideallowedfororigins",
+ "displayName": "Allow users to proceed from the HTTPS warning page for specific origins",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_sslversionmin",
"displayName": "Minimum TLS version enabled",
@@ -14793,6 +19829,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_switchintranetsitestoworkprofile",
+ "displayName": "Switch intranet sites to a work profile",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_switchintranetsitestoworkprofile_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_switchintranetsitestoworkprofile_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_syncdisabled",
"displayName": "Disable synchronization of data using Microsoft sync services",
@@ -14830,6 +19882,11 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_tabcaptureallowedbyorigins",
+ "displayName": "Allow Tab capture by these origins",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_tabfreezingenabled",
"displayName": "Allow freezing of background tabs",
@@ -14846,6 +19903,22 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_tabservicesenabled",
+ "displayName": "Enable tab organization suggestions",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_tabservicesenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_tabservicesenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_tags",
"displayName": "Device tags",
@@ -14897,6 +19970,27 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_textpredictionenabled",
+ "displayName": "Text prediction enabled by default",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_textpredictionenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_textpredictionenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_thirdpartystoragepartitioningblockedfororigins",
+ "displayName": "Block third-party storage partitioning for these origins",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_threattypesettings",
"displayName": "Threat type settings",
@@ -15039,6 +20133,43 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_typosquattingallowlistdomains",
+ "displayName": "Configure the list of domains for which Edge Website Typo Protection won't trigger warnings",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_typosquattingcheckerenabled",
+ "displayName": "Configure Edge Website Typo Protection",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_typosquattingcheckerenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_typosquattingcheckerenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_unthrottlednestedtimeoutenabled",
+ "displayName": "JavaScript setTimeout will not be clamped until a higher nesting threshold is set (deprecated)",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_unthrottlednestedtimeoutenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_unthrottlednestedtimeoutenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_updatecache",
"displayName": "Update cache server",
@@ -15059,6 +20190,22 @@
"displayName": "Number of minutes for the final countdown timer",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_updatepolicyoverride",
+ "displayName": "Specifies how Microsoft Edge Update handles available updates from Microsoft Edge",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_updatepolicyoverride_0",
+ "displayName": "silent-only - Updates are applied only when they're found by the periodic update check.",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_updatepolicyoverride_1",
+ "displayName": "only - Updates are applied only when the user runs a manual update check. (Not all apps provide an interface for this option.)",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_updateroptimization",
"displayName": "Updater optimization technique",
@@ -15085,6 +20232,22 @@
"displayName": "Set maximum upload throughput",
"options": null
},
+ {
+ "id": "com.apple.managedclient.preferences_uploadfromphoneenabled",
+ "displayName": "Enable upload files from mobile in Microsoft Edge desktop",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_uploadfromphoneenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_uploadfromphoneenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_urlallowlist",
"displayName": "Define a list of allowed URLs",
@@ -15111,6 +20274,27 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_useragentreduction",
+ "displayName": "Enable or disable the User-Agent Reduction",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_useragentreduction_0",
+ "displayName": "User-Agent reduction will be controllable via Experimentation",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_useragentreduction_1",
+ "displayName": "User-Agent reduction diabled, and not enabled by Experimentation",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_useragentreduction_2",
+ "displayName": "User-Agent reduction will be enabled for all origins",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_userdatadir",
"displayName": "Set the user data directory",
@@ -15306,6 +20490,38 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_visualsearchenabled",
+ "displayName": "Visual search enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_visualsearchenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_visualsearchenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_walletdonationenabled",
+ "displayName": "Wallet Donation Enabled",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_walletdonationenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_walletdonationenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.managedclient.preferences_weather_update_automatically",
"displayName": "Disable automatic updating of weather location",
@@ -15322,6 +20538,48 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist",
+ "displayName": "Web App Install Force List",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist_item_create_desktop_shortcut",
+ "displayName": "Create desktop shortcut",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist_item_create_desktop_shortcut_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist_item_create_desktop_shortcut_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist_item_default_launch_container",
+ "displayName": "Default launch container",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist_item_default_launch_container_0",
+ "displayName": "tab",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist_item_default_launch_container_1",
+ "displayName": "window",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webappinstallforcelist_item_url",
+ "displayName": "URL",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_webcaptureenabled",
"displayName": "Enable web capture feature in Microsoft Edge",
@@ -15338,6 +20596,53 @@
}
]
},
+ {
+ "id": "com.apple.managedclient.preferences_webcomponentsv0enabled",
+ "displayName": "Re-enable Web Components v0 API until M84.",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_webcomponentsv0enabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webcomponentsv0enabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webdriveroverridesincompatiblepolicies",
+ "displayName": "Allow WebDriver to Override Incompatible Policies",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_webdriveroverridesincompatiblepolicies_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webdriveroverridesincompatiblepolicies_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webhidallowalldevicesforurls",
+ "displayName": "Allow listed sites to connect to any HID device",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webhidaskforurls",
+ "displayName": "Allow the WebHID API on these sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_webhidblockedforurls",
+ "displayName": "Block the WebHID API on these sites",
+ "options": null
+ },
{
"id": "com.apple.managedclient.preferences_webrtcallowlegacytlsprotocols",
"displayName": "Allow legacy TLS/DTLS downgrade in WebRTC",
@@ -15401,331 +20706,110 @@
"options": null
},
{
- "id": "com.apple.managedclient.preferences_wpadquickcheckenabled",
- "displayName": "Set WPAD optimization",
+ "id": "com.apple.managedclient.preferences_weeklyconfiguration",
+ "displayName": "Weekly scheduled scan configuration",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_weeklyconfiguration_dayofweek",
+ "displayName": "Day of week",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_weeklyconfiguration_scantype",
+ "displayName": "Scan type",
"options": [
{
- "id": "com.apple.managedclient.preferences_wpadquickcheckenabled_false",
- "displayName": "Disabled",
+ "id": "com.apple.managedclient.preferences_weeklyconfiguration_scantype_0",
+ "displayName": "quick",
"description": null
},
{
- "id": "com.apple.managedclient.preferences_wpadquickcheckenabled_true",
- "displayName": "Enabled",
+ "id": "com.apple.managedclient.preferences_weeklyconfiguration_scantype_1",
+ "displayName": "full",
"description": null
}
]
},
{
- "id": "com.apple.mcx.filevault2_com.apple.mcx.filevault2",
- "displayName": "Top Level Setting Group Collection",
+ "id": "com.apple.managedclient.preferences_weeklyconfiguration_timeofday",
+ "displayName": "Time of day",
"options": null
},
{
- "id": "com.apple.mcx.filevault2_defer",
- "displayName": "Defer",
- "options": {
- "id": "com.apple.mcx.filevault2_defer_true",
- "displayName": "Enabled",
- "description": null
- }
+ "id": "com.apple.managedclient.preferences_windowcaptureallowedbyorigins",
+ "displayName": "Allow Window and Tab capture by these origins",
+ "options": null
},
{
- "id": "com.apple.mcx.filevault2_deferdontaskatuserlogout",
- "displayName": "Defer Dont Ask At User Logout",
+ "id": "com.apple.managedclient.preferences_windowmanagementallowedforurls",
+ "displayName": "Allow Window Management permission on specified sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_windowmanagementblockedforurls",
+ "displayName": "Block Window Management permission on specified sites",
+ "options": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_wpadquickcheckenabled",
+ "displayName": "Set WPAD optimization",
"options": [
{
- "id": "com.apple.mcx.filevault2_deferdontaskatuserlogout_false",
+ "id": "com.apple.managedclient.preferences_wpadquickcheckenabled_false",
"displayName": "Disabled",
"description": null
},
{
- "id": "com.apple.mcx.filevault2_deferdontaskatuserlogout_true",
+ "id": "com.apple.managedclient.preferences_wpadquickcheckenabled_true",
"displayName": "Enabled",
"description": null
}
]
},
{
- "id": "com.apple.mcx.filevault2_deferforceatuserloginmaxbypassattempts",
- "displayName": "Defer Force At User Login Max Bypass Attempts",
- "options": null
+ "id": "com.apple.managedclient.preferences_zstdcontentencodingenabled",
+ "displayName": "Enable zstd content encoding support",
+ "options": [
+ {
+ "id": "com.apple.managedclient.preferences_zstdcontentencodingenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.managedclient.preferences_zstdcontentencodingenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
},
{
- "id": "com.apple.mcx.filevault2_enable",
- "displayName": "Enable",
+ "id": "com.apple.managedclient.preferences_aadwebsitessousingthisprofileenabled",
+ "displayName": "Single sign-on for work or school sites using this profile enabled",
"options": [
{
- "id": "com.apple.mcx.filevault2_enable_0",
- "displayName": "On",
+ "id": "com.apple.managedclient.preferences_aadwebsitessousingthisprofileenabled_false",
+ "displayName": "Disabled",
"description": null
},
{
- "id": "com.apple.mcx.filevault2_enable_1",
- "displayName": "Off",
+ "id": "com.apple.managedclient.preferences_aadwebsitessousingthisprofileenabled_true",
+ "displayName": "Enabled",
"description": null
}
]
},
{
- "id": "com.apple.mcx.filevault2_forceenableinsetupassistant",
- "displayName": "Force Enable In Setup Assistant",
+ "id": "com.apple.mcx_cachedaccounts.askforsecuretokenauthbypass",
+ "displayName": "Ask For Secure Token Auth Bypass",
"options": [
{
- "id": "com.apple.mcx.filevault2_forceenableinsetupassistant_false",
+ "id": "com.apple.mcx_cachedaccounts.askforsecuretokenauthbypass_false",
"displayName": "False",
"description": null
},
{
- "id": "com.apple.mcx.filevault2_forceenableinsetupassistant_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.filevault2_outputpath",
- "displayName": "Output Path",
- "options": null
- },
- {
- "id": "com.apple.mcx.filevault2_password",
- "displayName": "Password",
- "options": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths",
- "displayName": "Recovery Key Rotation In Months",
- "options": [
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_0",
- "displayName": "Not configured",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_1",
- "displayName": "1 month",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_2",
- "displayName": "2 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_3",
- "displayName": "3 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_4",
- "displayName": "4 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_5",
- "displayName": "5 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_6",
- "displayName": "6 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_7",
- "displayName": "7 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_8",
- "displayName": "8 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_9",
- "displayName": "9 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_10",
- "displayName": "10 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_11",
- "displayName": "11 months",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_12",
- "displayName": "12 months",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.filevault2_showrecoverykey",
- "displayName": "Show Recovery Key",
- "options": [
- {
- "id": "com.apple.mcx.filevault2_showrecoverykey_false",
- "displayName": "Disabled",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_showrecoverykey_true",
- "displayName": "Enabled",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.filevault2_usekeychain",
- "displayName": "Use Keychain",
- "options": [
- {
- "id": "com.apple.mcx.filevault2_usekeychain_false",
- "displayName": "Disabled",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_usekeychain_true",
- "displayName": "Enabled",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.filevault2_userecoverykey",
- "displayName": "Use Recovery Key",
- "options": {
- "id": "com.apple.mcx.filevault2_userecoverykey_true",
- "displayName": "Enabled",
- "description": null
- }
- },
- {
- "id": "com.apple.mcx.filevault2_userentersmissinginfo",
- "displayName": "User Enters Missing Info",
- "options": [
- {
- "id": "com.apple.mcx.filevault2_userentersmissinginfo_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.mcx.filevault2_userentersmissinginfo_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.filevault2_username",
- "displayName": "Username",
- "options": null
- },
- {
- "id": "com.apple.mcx.timemachine_autobackup",
- "displayName": "Auto Backup",
- "options": [
- {
- "id": "com.apple.mcx.timemachine_autobackup_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.mcx.timemachine_autobackup_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.timemachine_backupallvolumes",
- "displayName": "Backup All Volumes",
- "options": [
- {
- "id": "com.apple.mcx.timemachine_backupallvolumes_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.mcx.timemachine_backupallvolumes_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.timemachine_backupdesturl",
- "displayName": "Backup Destination URL",
- "options": null
- },
- {
- "id": "com.apple.mcx.timemachine_backupsizemb",
- "displayName": "Backup Size MB",
- "options": null
- },
- {
- "id": "com.apple.mcx.timemachine_backupskipsys",
- "displayName": "Backup Skip System",
- "options": [
- {
- "id": "com.apple.mcx.timemachine_backupskipsys_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.mcx.timemachine_backupskipsys_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.timemachine_basepaths",
- "displayName": "Base Paths",
- "options": null
- },
- {
- "id": "com.apple.mcx.timemachine_com.apple.mcx.timemachine",
- "displayName": "Top Level Setting Group Collection",
- "options": null
- },
- {
- "id": "com.apple.mcx.timemachine_mobilebackups",
- "displayName": "Mobile Backups",
- "options": [
- {
- "id": "com.apple.mcx.timemachine_mobilebackups_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.mcx.timemachine_mobilebackups_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.mcx.timemachine_skippaths",
- "displayName": "Skip Paths",
- "options": null
- },
- {
- "id": "com.apple.mcx_cachedaccounts.askforsecuretokenauthbypass",
- "displayName": "Ask For Secure Token Auth Bypass",
- "options": [
- {
- "id": "com.apple.mcx_cachedaccounts.askforsecuretokenauthbypass_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.mcx_cachedaccounts.askforsecuretokenauthbypass_true",
+ "id": "com.apple.mcx_cachedaccounts.askforsecuretokenauthbypass_true",
"displayName": "True",
"description": null
}
@@ -16394,6 +21478,305 @@
"displayName": "Time Zone",
"options": null
},
+ {
+ "id": "com.apple.mcx.filevault2_com.apple.mcx.filevault2",
+ "displayName": "Top Level Setting Group Collection",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_defer",
+ "displayName": "Defer",
+ "options": {
+ "id": "com.apple.mcx.filevault2_defer_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ },
+ {
+ "id": "com.apple.mcx.filevault2_deferdontaskatuserlogout",
+ "displayName": "Defer Dont Ask At User Logout",
+ "options": [
+ {
+ "id": "com.apple.mcx.filevault2_deferdontaskatuserlogout_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_deferdontaskatuserlogout_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.filevault2_deferforceatuserloginmaxbypassattempts",
+ "displayName": "Defer Force At User Login Max Bypass Attempts",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_enable",
+ "displayName": "Enable",
+ "options": [
+ {
+ "id": "com.apple.mcx.filevault2_enable_0",
+ "displayName": "On",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_enable_1",
+ "displayName": "Off",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.filevault2_forceenableinsetupassistant",
+ "displayName": "Force Enable In Setup Assistant",
+ "options": [
+ {
+ "id": "com.apple.mcx.filevault2_forceenableinsetupassistant_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_forceenableinsetupassistant_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.filevault2_outputpath",
+ "displayName": "Output Path",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_password",
+ "displayName": "Password",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths",
+ "displayName": "Recovery Key Rotation In Months",
+ "options": [
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_0",
+ "displayName": "Not configured",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_1",
+ "displayName": "1 month",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_2",
+ "displayName": "2 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_3",
+ "displayName": "3 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_4",
+ "displayName": "4 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_5",
+ "displayName": "5 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_6",
+ "displayName": "6 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_7",
+ "displayName": "7 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_8",
+ "displayName": "8 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_9",
+ "displayName": "9 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_10",
+ "displayName": "10 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_11",
+ "displayName": "11 months",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_recoverykeyrotationinmonths_12",
+ "displayName": "12 months",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.filevault2_showrecoverykey",
+ "displayName": "Show Recovery Key",
+ "options": [
+ {
+ "id": "com.apple.mcx.filevault2_showrecoverykey_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_showrecoverykey_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.filevault2_usekeychain",
+ "displayName": "Use Keychain",
+ "options": [
+ {
+ "id": "com.apple.mcx.filevault2_usekeychain_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_usekeychain_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.filevault2_userecoverykey",
+ "displayName": "Use Recovery Key",
+ "options": {
+ "id": "com.apple.mcx.filevault2_userecoverykey_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ },
+ {
+ "id": "com.apple.mcx.filevault2_userentersmissinginfo",
+ "displayName": "User Enters Missing Info",
+ "options": [
+ {
+ "id": "com.apple.mcx.filevault2_userentersmissinginfo_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.filevault2_userentersmissinginfo_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.filevault2_username",
+ "displayName": "Username",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_autobackup",
+ "displayName": "Auto Backup",
+ "options": [
+ {
+ "id": "com.apple.mcx.timemachine_autobackup_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_autobackup_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.timemachine_backupallvolumes",
+ "displayName": "Backup All Volumes",
+ "options": [
+ {
+ "id": "com.apple.mcx.timemachine_backupallvolumes_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_backupallvolumes_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.timemachine_backupdesturl",
+ "displayName": "Backup Destination URL",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_backupsizemb",
+ "displayName": "Backup Size MB",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_backupskipsys",
+ "displayName": "Backup Skip System",
+ "options": [
+ {
+ "id": "com.apple.mcx.timemachine_backupskipsys_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_backupskipsys_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.timemachine_basepaths",
+ "displayName": "Base Paths",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_com.apple.mcx.timemachine",
+ "displayName": "Top Level Setting Group Collection",
+ "options": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_mobilebackups",
+ "displayName": "Mobile Backups",
+ "options": [
+ {
+ "id": "com.apple.mcx.timemachine_mobilebackups_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.mcx.timemachine_mobilebackups_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.mcx.timemachine_skippaths",
+ "displayName": "Skip Paths",
+ "options": null
+ },
{
"id": "com.apple.mcxmenuextras_airport.menu",
"displayName": "AirPort",
@@ -17542,7 +22925,7 @@
},
{
"id": "com.apple.proxy.http.global_proxypacurl",
- "displayName": "Proxy PAC URL (Deprecated)",
+ "displayName": "Proxy PAC URL",
"options": null
},
{
@@ -17552,12 +22935,12 @@
},
{
"id": "com.apple.proxy.http.global_proxyserver",
- "displayName": "Proxy Server (Deprecated)",
+ "displayName": "Proxy Server",
"options": null
},
{
"id": "com.apple.proxy.http.global_proxyserverport",
- "displayName": "Proxy Server Port (Deprecated)",
+ "displayName": "Proxy Server Port",
"options": null
},
{
@@ -17581,26 +22964,6 @@
"displayName": "Proxy Username",
"options": null
},
- {
- "id": "com.apple.screensaver.user_com.apple.screensaver.user",
- "displayName": "Top Level Setting Group Collection",
- "options": null
- },
- {
- "id": "com.apple.screensaver.user_idletime",
- "displayName": "Idle Time",
- "options": null
- },
- {
- "id": "com.apple.screensaver.user_modulename",
- "displayName": "Module Name",
- "options": null
- },
- {
- "id": "com.apple.screensaver.user_modulepath",
- "displayName": "Module Path",
- "options": null
- },
{
"id": "com.apple.screensaver_askforpassword",
"displayName": "Ask For Password",
@@ -17642,6 +23005,26 @@
"displayName": "Module Name",
"options": null
},
+ {
+ "id": "com.apple.screensaver.user_com.apple.screensaver.user",
+ "displayName": "Top Level Setting Group Collection",
+ "options": null
+ },
+ {
+ "id": "com.apple.screensaver.user_idletime",
+ "displayName": "Idle Time",
+ "options": null
+ },
+ {
+ "id": "com.apple.screensaver.user_modulename",
+ "displayName": "Module Name",
+ "options": null
+ },
+ {
+ "id": "com.apple.screensaver.user_modulepath",
+ "displayName": "Module Path",
+ "options": null
+ },
{
"id": "com.apple.security.fderecoverykeyescrow_com.apple.security.fderecoverykeyescrow",
"displayName": "Top Level Setting Group Collection",
@@ -17989,7 +23372,7 @@
},
{
"id": "com.apple.softwareupdate_allowprereleaseinstallation",
- "displayName": "Allow Pre Release Installation",
+ "displayName": "Allow Pre Release Installation (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_allowprereleaseinstallation_false",
@@ -18005,7 +23388,7 @@
},
{
"id": "com.apple.softwareupdate_automaticallyinstallappupdates",
- "displayName": "Automatically Install App Updates",
+ "displayName": "Automatically Install App Updates (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_automaticallyinstallappupdates_false",
@@ -18021,7 +23404,7 @@
},
{
"id": "com.apple.softwareupdate_automaticallyinstallmacosupdates",
- "displayName": "Automatically Install Mac OS Updates",
+ "displayName": "Automatically Install Mac OS Updates (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_automaticallyinstallmacosupdates_false",
@@ -18037,7 +23420,7 @@
},
{
"id": "com.apple.softwareupdate_automaticcheckenabled",
- "displayName": "Automatic Check Enabled",
+ "displayName": "Automatic Check Enabled (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_automaticcheckenabled_false",
@@ -18053,7 +23436,7 @@
},
{
"id": "com.apple.softwareupdate_automaticdownload",
- "displayName": "Automatic Download",
+ "displayName": "Automatic Download (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_automaticdownload_false",
@@ -18074,7 +23457,7 @@
},
{
"id": "com.apple.softwareupdate_configdatainstall",
- "displayName": "Config Data Install",
+ "displayName": "Config Data Install (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_configdatainstall_false",
@@ -18090,7 +23473,7 @@
},
{
"id": "com.apple.softwareupdate_criticalupdateinstall",
- "displayName": "Critical Update Install",
+ "displayName": "Critical Update Install (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_criticalupdateinstall_false",
@@ -18106,7 +23489,7 @@
},
{
"id": "com.apple.softwareupdate_restrict-software-update-require-admin-to-install",
- "displayName": "Restrict Software Update Require Admin To Install",
+ "displayName": "Restrict Software Update Require Admin To Install (Deprecated)",
"options": [
{
"id": "com.apple.softwareupdate_restrict-software-update-require-admin-to-install_false",
@@ -18161,6 +23544,107 @@
}
]
},
+ {
+ "id": "com.apple.system-extension-policy_allowedsystemextensions",
+ "displayName": "Allowed System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowedsystemextensions_generickey",
+ "displayName": "Allowed System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowedsystemextensions_generickey_keytobereplaced",
+ "displayName": "Team Identifier",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowedsystemextensiontypes",
+ "displayName": "Allowed System Extension Types",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowedsystemextensiontypes_generickey",
+ "displayName": "Allowed System Extension Types",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowedsystemextensiontypes_generickey_keytobereplaced",
+ "displayName": "Team Identifier",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowedteamidentifiers",
+ "displayName": "Allowed Team Identifiers",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowuseroverrides",
+ "displayName": "Allow User Overrides",
+ "options": [
+ {
+ "id": "com.apple.system-extension-policy_allowuseroverrides_false",
+ "displayName": "False",
+ "description": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_allowuseroverrides_true",
+ "displayName": "True",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.apple.system-extension-policy_com.apple.system-extension-policy",
+ "displayName": "Top Level Setting Group Collection",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_nonremovablefromuisystemextensions",
+ "displayName": "Non Removable From UI System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_nonremovablefromuisystemextensions_generickey",
+ "displayName": "ANY",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_nonremovablefromuisystemextensions_generickey_keytobereplaced",
+ "displayName": "Non Removable From UI System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_nonremovablesystemextensions",
+ "displayName": "Non Removable System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_nonremovablesystemextensions_generickey",
+ "displayName": "ANY",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_nonremovablesystemextensions_generickey_keytobereplaced",
+ "displayName": "Non Removable System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_removablesystemextensions",
+ "displayName": "Removable System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_removablesystemextensions_generickey",
+ "displayName": "Removable System Extensions",
+ "options": null
+ },
+ {
+ "id": "com.apple.system-extension-policy_removablesystemextensions_generickey_keytobereplaced",
+ "displayName": "Team Identifier",
+ "options": null
+ },
{
"id": "com.apple.system.logging_com.apple.system.logging",
"displayName": "Top Level Setting Group Collection",
@@ -18427,107 +23911,6 @@
"displayName": "SOCKS Proxy",
"options": null
},
- {
- "id": "com.apple.system-extension-policy_allowedsystemextensions",
- "displayName": "Allowed System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_allowedsystemextensions_generickey",
- "displayName": "Allowed System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_allowedsystemextensions_generickey_keytobereplaced",
- "displayName": "Team Identifier",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_allowedsystemextensiontypes",
- "displayName": "Allowed System Extension Types",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_allowedsystemextensiontypes_generickey",
- "displayName": "Allowed System Extension Types",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_allowedsystemextensiontypes_generickey_keytobereplaced",
- "displayName": "Team Identifier",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_allowedteamidentifiers",
- "displayName": "Allowed Team Identifiers",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_allowuseroverrides",
- "displayName": "Allow User Overrides",
- "options": [
- {
- "id": "com.apple.system-extension-policy_allowuseroverrides_false",
- "displayName": "False",
- "description": null
- },
- {
- "id": "com.apple.system-extension-policy_allowuseroverrides_true",
- "displayName": "True",
- "description": null
- }
- ]
- },
- {
- "id": "com.apple.system-extension-policy_com.apple.system-extension-policy",
- "displayName": "Top Level Setting Group Collection",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_nonremovablefromuisystemextensions",
- "displayName": "Non Removable From UI System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_nonremovablefromuisystemextensions_generickey",
- "displayName": "ANY",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_nonremovablefromuisystemextensions_generickey_keytobereplaced",
- "displayName": "Non Removable From UI System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_nonremovablesystemextensions",
- "displayName": "Non Removable System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_nonremovablesystemextensions_generickey",
- "displayName": "ANY",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_nonremovablesystemextensions_generickey_keytobereplaced",
- "displayName": "Non Removable System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_removablesystemextensions",
- "displayName": "Removable System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_removablesystemextensions_generickey",
- "displayName": "Removable System Extensions",
- "options": null
- },
- {
- "id": "com.apple.system-extension-policy_removablesystemextensions_generickey_keytobereplaced",
- "displayName": "Team Identifier",
- "options": null
- },
{
"id": "com.apple.systempolicy.control_allowidentifieddevelopers",
"displayName": "Allow Identified Developers",
@@ -21141,6 +26524,22 @@
"displayName": "Plugin Bundle ID",
"options": null
},
+ {
+ "id": "com.apple.webcontent-filter_safarihistoryretentionenabled",
+ "displayName": "Safari History Retention Enabled",
+ "options": [
+ {
+ "id": "com.apple.webcontent-filter_safarihistoryretentionenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.apple.webcontent-filter_safarihistoryretentionenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.apple.webcontent-filter_serveraddress",
"displayName": "Server Address",
@@ -21156,6 +26555,40 @@
"displayName": "User Name",
"options": null
},
+ {
+ "id": "com.apple.xsan_com.apple.xsan",
+ "displayName": "Top Level Setting Group Collection",
+ "options": null
+ },
+ {
+ "id": "com.apple.xsan_fsnameservers",
+ "displayName": "FS Name Servers",
+ "options": null
+ },
+ {
+ "id": "com.apple.xsan_sanauthmethod",
+ "displayName": "San Auth Method",
+ "options": {
+ "id": "com.apple.xsan_sanauthmethod_0",
+ "displayName": "auth_secret",
+ "description": null
+ }
+ },
+ {
+ "id": "com.apple.xsan_sanconfigurls",
+ "displayName": "San Config URLs",
+ "options": null
+ },
+ {
+ "id": "com.apple.xsan_sanname",
+ "displayName": "San Name",
+ "options": null
+ },
+ {
+ "id": "com.apple.xsan_sharedsecret",
+ "displayName": "Shared Secret",
+ "options": null
+ },
{
"id": "com.apple.xsan.preferences_com.apple.xsan.preferences",
"displayName": "Top Level Setting Group Collection",
@@ -21198,38 +26631,20 @@
]
},
{
- "id": "com.apple.xsan_com.apple.xsan",
- "displayName": "Top Level Setting Group Collection",
- "options": null
- },
- {
- "id": "com.apple.xsan_fsnameservers",
- "displayName": "FS Name Servers",
- "options": null
- },
- {
- "id": "com.apple.xsan_sanauthmethod",
- "displayName": "San Auth Method",
- "options": {
- "id": "com.apple.xsan_sanauthmethod_0",
- "displayName": "auth_secret",
- "description": null
- }
- },
- {
- "id": "com.apple.xsan_sanconfigurls",
- "displayName": "San Config URLs",
- "options": null
- },
- {
- "id": "com.apple.xsan_sanname",
- "displayName": "San Name",
- "options": null
- },
- {
- "id": "com.apple.xsan_sharedsecret",
- "displayName": "Shared Secret",
- "options": null
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.accesscontrolallowmethodsincorspreflightspecconformant",
+ "displayName": "Make Access-Control-Allow-Methods matching in CORS preflight spec conformant",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.accesscontrolallowmethodsincorspreflightspecconformant_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.accesscontrolallowmethodsincorspreflightspecconformant_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.accessibilityimagelabelsenabled",
@@ -21247,6 +26662,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.additionalsearchboxenabled",
+ "displayName": "Enable additional search box in browser",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.additionalsearchboxenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.additionalsearchboxenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.addressbareditingenabled",
"displayName": "Configure address bar editing",
@@ -21265,7 +26696,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.addressbarmicrosoftsearchinbingproviderenabled",
- "displayName": "Enable Microsoft Search in Bing suggestions in the address bar",
+ "displayName": "Enable Microsoft Search in Bing suggestions in the address bar (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.addressbarmicrosoftsearchinbingproviderenabled_false",
@@ -21279,6 +26710,38 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.addressbartrendingsuggestenabled",
+ "displayName": "Enable Microsoft Bing trending suggestions in the address bar",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.addressbartrendingsuggestenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.addressbartrendingsuggestenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.addressbarworksearchresultsenabled",
+ "displayName": "Enable Work Search suggestions in the address bar",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.addressbarworksearchresultsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.addressbarworksearchresultsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.adssettingforintrusiveadssites",
"displayName": "Ads setting for sites with intrusive ads",
@@ -21311,6 +26774,38 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.aigenthemesenabled",
+ "displayName": "Enables DALL-E themes generation",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.aigenthemesenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.aigenthemesenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowbackforwardcacheforcachecontrolnostorepageenabled",
+ "displayName": "Allow pages with Cache-Control: no-store header to enter back/forward cache",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowbackforwardcacheforcachecontrolnostorepageenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowbackforwardcacheforcachecontrolnostorepageenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.allowdeletingbrowserhistory",
"displayName": "Enable deleting browser and download history",
@@ -21334,7 +26829,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.allowgamesmenu",
- "displayName": "Allow users to access the games menu",
+ "displayName": "Allow users to access the games menu (Deprecated)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.allowgamesmenu_false",
@@ -21396,11 +26891,43 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowsystemnotifications",
+ "displayName": "Allows system notifications",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowsystemnotifications_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowsystemnotifications_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.allowtrackingforurls",
"displayName": "Configure tracking prevention exceptions for specific sites",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowwebauthnwithbrokentlscerts",
+ "displayName": "Allow Web Authentication requests on sites with broken TLS certificates.",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowwebauthnwithbrokentlscerts_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.allowwebauthnwithbrokentlscerts_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.alternateerrorpagesenabled",
"displayName": "Suggest similar pages when a webpage can't be found",
@@ -21486,6 +27013,38 @@
"displayName": "Sites that can access audio capture devices without requesting permission",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.autodiscardsleepingtabsenabled",
+ "displayName": "Configure auto discard sleeping tabs",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.autodiscardsleepingtabsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.autodiscardsleepingtabsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.autodiscardsleepingtabsenabled_recommended",
+ "displayName": "Configure auto discard sleeping tabs (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.autodiscardsleepingtabsenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.autodiscardsleepingtabsenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.autofilladdressenabled",
"displayName": "Enable AutoFill for addresses",
@@ -21613,9 +27172,19 @@
"displayName": "Block multiple automatic downloads in quick succession on specific sites",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.automaticfullscreenallowedforurls",
+ "displayName": "Allow automatic full screen on specified sites",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.automaticfullscreenblockedforurls",
+ "displayName": "Block automatic full screen on specified sites",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.automatichttpsdefault",
- "displayName": "Configure Automatic HTTPS",
+ "displayName": "Configure Automatic HTTPS (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.automatichttpsdefault_disableautomatichttps",
@@ -21636,7 +27205,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.automatichttpsdefault_recommended",
- "displayName": "Configure Automatic HTTPS (users can override)",
+ "displayName": "Configure Automatic HTTPS (Obsolete) (users can override)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.automatichttpsdefault_recommended_disableautomatichttps",
@@ -21707,6 +27276,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.beforeunloadeventcancelbypreventdefaultenabled",
+ "displayName": "Control the behavior for the cancel dialog produced by the beforeunload event (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.beforeunloadeventcancelbypreventdefaultenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.beforeunloadeventcancelbypreventdefaultenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.blockexternalextensions",
"displayName": "Blocks external extensions from being installed",
@@ -21755,6 +27340,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.blocktruncatedcookies",
+ "displayName": "Block truncated cookies (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.blocktruncatedcookies_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.blocktruncatedcookies_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.browsernetworktimequeriesenabled",
"displayName": "Allow queries to a Browser Network Time service",
@@ -21776,6 +27377,79 @@
"displayName": "Browsing Data Lifetime Settings",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.builtinaiapisenabled",
+ "displayName": "Allow pages to use the built-in AI APIs.",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.builtinaiapisenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.builtinaiapisenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cacertificatemanagementallowed",
+ "displayName": "Allow users to manage installed CA certificates.",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cacertificatemanagementallowed_all",
+ "displayName": "Allow users to manage all certificates",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cacertificatemanagementallowed_useronly",
+ "displayName": "Allow users to manage user certificates",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cacertificatemanagementallowed_none",
+ "displayName": "Disallow users from managing certificates",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cacertificates",
+ "displayName": "TLS server certificates that should be trusted by Microsoft Edge",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cacertificateswithconstraints",
+ "displayName": "TLS certificates that should be trusted by Microsoft Edge for server authentication with constraints",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cadistrustedcertificates",
+ "displayName": "TLS certificates that should be distrusted by Microsoft Edge for server authentication",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.cahintcertificates",
+ "displayName": "TLS certificates that are not trusted or distrusted but can be used in path-building for server authentication",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.caplatformintegrationenabled",
+ "displayName": "Use user-added TLS certificates from platform trust stores for server authentication",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.caplatformintegrationenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.caplatformintegrationenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.certificatetransparencyenforcementdisabledforcas",
"displayName": "Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes",
@@ -21783,7 +27457,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.certificatetransparencyenforcementdisabledforlegacycas",
- "displayName": "Disable Certificate Transparency enforcement for a list of legacy certificate authorities",
+ "displayName": "Disable Certificate Transparency enforcement for a list of legacy certificate authorities (Obsolete)",
"options": null
},
{
@@ -21864,6 +27538,11 @@
"id": "com.microsoft.edge.mamedgeappconfigsettings.collectionsservicesandexportsblocklist",
"displayName": "Block access to a specified list of services and export targets in Collections",
"options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.collectionsservicesandexportsblocklist_pinterest_suggestions",
+ "displayName": "Pinterest suggestions",
+ "description": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.collectionsservicesandexportsblocklist_collections_share",
"displayName": "Sharing of Collections",
@@ -21888,6 +27567,43 @@
"id": "com.microsoft.edge.mamedgeappconfigsettings.collectionsservicesandexportsblocklist_send_onenote",
"displayName": "Send collection to Microsoft OneNote",
"description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.collectionsservicesandexportsblocklist_send_pinterest",
+ "displayName": "Send collection to Pinterest",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.composeinlineenabled",
+ "displayName": "Control access to Microsoft 365 Copilot writing assistance in Microsoft Edge for Business",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.composeinlineenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.composeinlineenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.compressiondictionarytransportenabled",
+ "displayName": "Enable compression dictionary transport support",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.compressiondictionarytransportenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.compressiondictionarytransportenabled_true",
+ "displayName": "Enabled",
+ "description": null
}
]
},
@@ -21986,6 +27702,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.controldefaultstateofallowextensionfromotherstoressettingenabled",
+ "displayName": "Configure default state of Allow extensions from other stores setting",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.controldefaultstateofallowextensionfromotherstoressettingenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.controldefaultstateofallowextensionfromotherstoressettingenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.controldefaultstateofallowextensionfromotherstoressettingenabled_recommended",
"displayName": "Configure default state of Allow extensions from other stores setting (users can override)",
@@ -22017,6 +27749,38 @@
"displayName": "Limit cookies from specific websites to the current session",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.copilotcdppagecontext",
+ "displayName": "Control Copilot with Commercial Data Protection access to page context for Microsoft Entra ID profiles (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.copilotcdppagecontext_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.copilotcdppagecontext_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.copilotpagecontext",
+ "displayName": "Control Copilot access to page context for Microsoft Entra ID profiles",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.copilotpagecontext_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.copilotpagecontext_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.corsnonwildcardrequestheaderssupport",
"displayName": "CORS non-wildcard request header support enabled",
@@ -22033,6 +27797,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.createpasskeysinicloudkeychain",
+ "displayName": "Control whether passkey creation will default to iCloud Keychain.",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.createpasskeysinicloudkeychain_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.createpasskeysinicloudkeychain_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.crossoriginwebassemblymodulesharingenabled",
"displayName": "Specifies whether WebAssembly modules can be sent cross-origin (Obsolete)",
@@ -22051,7 +27831,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.cryptowalletenabled",
- "displayName": "Enable CryptoWallet feature",
+ "displayName": "Enable CryptoWallet feature (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.cryptowalletenabled_false",
@@ -22065,23 +27845,55 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.csscustomstatedeprecatedsyntaxenabled",
+ "displayName": "Controls whether the deprecated :--foo syntax for CSS custom state is enabled (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.csscustomstatedeprecatedsyntaxenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.csscustomstatedeprecatedsyntaxenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.customhelplink",
"displayName": "Specify custom help link",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.dataurlinsvguseenabled",
+ "displayName": "Data URL support for SVGUseElement",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.dataurlinsvguseenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.dataurlinsvguseenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.defaultautomaticdownloadssetting",
"displayName": "Default automatic downloads setting",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.defaultautomaticdownloadssetting_allowautomaticdownloads",
- "displayName": "Allow all websites to perform automatic downloads",
+ "displayName": "Allow all websites to perform multiple downloads without requiring a user gesture between each download.",
"description": null
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.defaultautomaticdownloadssetting_blockautomaticdownloads",
- "displayName": "Don't allow any website to perform automatic downloads",
+ "displayName": "Prevent all websites from performing multiple downloads, even after a user gesture.",
"description": null
}
]
@@ -22224,6 +28036,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultjavascriptoptimizersetting",
+ "displayName": "Control use of JavaScript optimizers",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultjavascriptoptimizersetting_allowjavascriptoptimizer",
+ "displayName": "Enable advanced JavaScript optimizations on all sites",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultjavascriptoptimizersetting_blockjavascriptoptimizer",
+ "displayName": "Disable advanced JavaScript optimizations on all sites",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.defaultjavascriptsetting",
"displayName": "Default JavaScript setting",
@@ -22490,6 +28318,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultthirdpartystoragepartitioningsetting",
+ "displayName": "Default setting for third-party storage partitioning (Deprecated)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultthirdpartystoragepartitioningsetting_allowpartitioning",
+ "displayName": "Allow third-party storage partitioning by default.",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultthirdpartystoragepartitioningsetting_blockpartitioning",
+ "displayName": "Disable third-party storage partitioning.",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.defaultwebbluetoothguardsetting",
"displayName": "Control use of the Web Bluetooth API",
@@ -22538,6 +28382,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultwindowmanagementsetting",
+ "displayName": "Default Window Management permission setting",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultwindowmanagementsetting_blockwindowmanagement",
+ "displayName": "Denies the Window Management permission on all sites by default",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.defaultwindowmanagementsetting_askwindowmanagement",
+ "displayName": "Ask every time a site wants obtain the Window Management permission",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.definepreferredlanguages",
"displayName": "Define an ordered list of preferred languages that websites should display in if the site supports the language",
@@ -22559,6 +28419,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.deletingundecryptablepasswordsenabled",
+ "displayName": "Enable deleting undecryptable passwords",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.deletingundecryptablepasswordsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.deletingundecryptablepasswordsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.developertoolsavailability",
"displayName": "Control where developer tools can be used",
@@ -22596,6 +28472,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.discoverpagecontextenabled",
+ "displayName": "Enable Discover access to page contents for AAD profiles (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.discoverpagecontextenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.discoverpagecontextenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.displaycapturepermissionspolicyenabled",
"displayName": "Specifies whether the display-capture permissions-policy is checked or skipped (Obsolete)",
@@ -22737,6 +28629,38 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeautofillmlenabled",
+ "displayName": "Machine learning powered autofill suggestions",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeautofillmlenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeautofillmlenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeautofillmlenabled_recommended",
+ "displayName": "Machine learning powered autofill suggestions (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeautofillmlenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeautofillmlenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.edgecollectionsenabled",
"displayName": "Enable the Collections feature",
@@ -22803,7 +28727,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.edgeenhanceimagesenabled",
- "displayName": "Enhance images enabled",
+ "displayName": "Enhance images enabled (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.edgeenhanceimagesenabled_false",
@@ -22817,9 +28741,25 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeentracopilotpagecontext",
+ "displayName": "Control Copilot access to Microsoft Edge page content for Entra account user profiles when using Copilot in the Microsoft Edge sidepane",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeentracopilotpagecontext_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgeentracopilotpagecontext_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.edgefollowenabled",
- "displayName": "Enable Follow service in Microsoft Edge",
+ "displayName": "Enable Follow service in Microsoft Edge (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.edgefollowenabled_false",
@@ -22833,6 +28773,38 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgehistoryaisearchenabled",
+ "displayName": "Control access to AI-enhanced search in History",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgehistoryaisearchenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgehistoryaisearchenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgemanagementextensionsfeedbackenabled",
+ "displayName": "Microsoft Edge management extensions feedback enabled",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgemanagementextensionsfeedbackenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgemanagementextensionsfeedbackenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.edgeshoppingassistantenabled",
"displayName": "Shopping in Microsoft Edge Enabled",
@@ -22865,6 +28837,85 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgesidebarappurlhostallowlist",
+ "displayName": "Allow specific apps to be opened in Microsoft Edge sidebar",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgesidebarappurlhostblocklist",
+ "displayName": "Control which apps cannot be opened in Microsoft Edge sidebar",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgesidebarappurlhostforcelist",
+ "displayName": "Control which apps are forced to be shown in Microsoft Edge sidebar",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletcheckoutenabled",
+ "displayName": "Enable Wallet Checkout feature",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletcheckoutenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletcheckoutenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletcheckoutenabled_recommended",
+ "displayName": "Enable Wallet Checkout feature (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletcheckoutenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletcheckoutenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletetreeenabled",
+ "displayName": "Edge Wallet E-Tree Enabled",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletetreeenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletetreeenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletetreeenabled_recommended",
+ "displayName": "Edge Wallet E-Tree Enabled (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletetreeenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.edgewalletetreeenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.edgeworkspacesenabled",
"displayName": "Enable Workspaces",
@@ -22943,7 +28994,23 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymode_basicmode",
- "displayName": "Basic mode",
+ "displayName": "(Deprecated) Basic mode",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeallowuserbypass",
+ "displayName": "Allow users to bypass Enhanced Security Mode",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeallowuserbypass_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeallowuserbypass_true",
+ "displayName": "Enabled",
"description": null
}
]
@@ -22974,6 +29041,38 @@
"displayName": "Configure the list of domains for which enhance security mode will always be enforced",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeindicatoruienabled",
+ "displayName": "Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeindicatoruienabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeindicatoruienabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeoptoutuxenabled",
+ "displayName": "Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeoptoutuxenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.enhancesecuritymodeoptoutuxenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.enterprisehardwareplatformapienabled",
"displayName": "Allow managed extensions to use the Enterprise Hardware Platform API",
@@ -23008,7 +29107,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.eventpathenabled",
- "displayName": "Re-enable the Event.path API until Microsoft Edge version 115",
+ "displayName": "Re-enable the Event.path API until Microsoft Edge version 115 (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.eventpathenabled_false",
@@ -23032,6 +29131,11 @@
"displayName": "Disable download file type extension-based warnings for specified file types on domains",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.exemptsmartscreendownloadwarnings",
+ "displayName": "Disable SmartScreen AppRep based warnings for specified file types on specified domains",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.extensionallowedtypes",
"displayName": "Configure allowed extension types",
@@ -23068,6 +29172,27 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensiondevelopermodesettings",
+ "displayName": "Control the availability of developer mode on extensions page",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensiondevelopermodesettings_allow",
+ "displayName": "Allow the usage of developer mode on extensions page",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensiondevelopermodesettings_disallow",
+ "displayName": "Do not allow the usage of developer mode on extensions page",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionextendedbackgroundlifetimeforportconnectionstourls",
+ "displayName": "Configure a list of origins that grant an extended background lifetime to connecting extensions.",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.extensioninstallallowlist",
"displayName": "Allow specific extensions to be installed",
@@ -23088,11 +29213,78 @@
"displayName": "Configure extension and user script install sources",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensioninstalltypeblocklist",
+ "displayName": "Blocklist for extension install types",
+ "options": {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensioninstalltypeblocklist_command_line",
+ "displayName": "Blocks extensions from being loaded from command line",
+ "description": null
+ }
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionmanifestv2availability",
+ "displayName": "Control Manifest v2 extension availability",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionmanifestv2availability_default",
+ "displayName": "Default browser behavior",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionmanifestv2availability_disable",
+ "displayName": "Manifest v2 is disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionmanifestv2availability_enable",
+ "displayName": "Manifest v2 is enabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionmanifestv2availability_enableforforcedextensions",
+ "displayName": "Manifest v2 is enabled for forced extensions only",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.extensionsettings",
"displayName": "Configure extension management settings",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionsperformancedetectorenabled",
+ "displayName": "Extensions Performance Detector enabled",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionsperformancedetectorenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionsperformancedetectorenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionsperformancedetectorenabled_recommended",
+ "displayName": "Extensions Performance Detector enabled (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionsperformancedetectorenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.extensionsperformancedetectorenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.externalprotocoldialogshowalwaysopencheckbox",
"displayName": "Show an \"Always open\" checkbox in external protocol dialog",
@@ -23162,6 +29354,11 @@
"displayName": "Fetch keepalive duration on shutdown",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.fileordirectorypickerwithoutgestureallowedfororigins",
+ "displayName": "Allow file or directory picker APIs to be called without prior user gesture",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.filesystemreadaskforurls",
"displayName": "Allow read access via the File System API on these sites",
@@ -23237,7 +29434,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.forcemajorversiontominorpositioninuseragent",
- "displayName": "Enable or disable freezing the User-Agent string at major version 99",
+ "displayName": "Enable or disable freezing the User-Agent string at major version 99 (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.forcemajorversiontominorpositioninuseragent_default",
@@ -23314,6 +29511,43 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.gamermodeenabled",
+ "displayName": "Enable Gamer Mode (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.gamermodeenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.gamermodeenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.gamermodeenabled_recommended",
+ "displayName": "Enable Gamer Mode (Obsolete) (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.gamermodeenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.gamermodeenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.geolocationblockedforurls",
+ "displayName": "Block geolocation on these sites",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.globallyscopehttpauthcacheenabled",
"displayName": "Enable globally scoped HTTP auth cache",
@@ -23330,6 +29564,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.guidedswitchenabled",
+ "displayName": "Guided Switch Enabled",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.guidedswitchenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.guidedswitchenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.homepageisnewtabpage",
"displayName": "Set the new tab page as the home page",
@@ -23377,6 +29627,53 @@
"displayName": "Configure the list of names that will bypass the HSTS policy check",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpallowlist",
+ "displayName": "HTTP Allowlist",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsonlymode",
+ "displayName": "Allow HTTPS-Only Mode to be enabled",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsonlymode_allowed",
+ "displayName": "Don't restrict users' HTTPS-Only Mode setting",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsonlymode_disallowed",
+ "displayName": "Don't allow users to enable any HTTPS-Only Mode",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsonlymode_force_enabled",
+ "displayName": "Force enable HTTPS-Only Mode in Strict mode",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsonlymode_force_balanced_enabled",
+ "displayName": "Force enable HTTPS-Only Mode in Balanced Mode",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsupgradesenabled",
+ "displayName": "Enable automatic HTTPS upgrades",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsupgradesenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.httpsupgradesenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.hubssidebarenabled",
"displayName": "Show Hubs Sidebar",
@@ -23409,6 +29706,72 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeout",
+ "displayName": "Delay before running idle actions",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions",
+ "displayName": "Actions to run when the computer is idle",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_close_browsers",
+ "displayName": "Close Browsers",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_clear_browsing_history",
+ "displayName": "Clear Browsing History",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_clear_download_history",
+ "displayName": "Clear Download History",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_clear_cookies_and_other_site_data",
+ "displayName": "Clear Cookies and Other Site Data",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_clear_cached_images_and_files",
+ "displayName": "Clear Cached Images and Files",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_clear_password_signin",
+ "displayName": "Clear Password sign in",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_clear_autofill",
+ "displayName": "Clear Autofill",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_clear_site_settings",
+ "displayName": "Clear Site Settings",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_reload_pages",
+ "displayName": "Reload Pages",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_sign_out",
+ "displayName": "Sign Out",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.idletimeoutactions_close_tabs",
+ "displayName": "Close Tabs",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.imagesallowedforurls",
"displayName": "Allow images on these sites",
@@ -23421,7 +29784,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.immersivereadergrammartoolsenabled",
- "displayName": "Enable Grammar Tools feature within Immersive Reader in Microsoft Edge",
+ "displayName": "Enable Grammar Tools feature within Immersive Reader in Microsoft Edge (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.immersivereadergrammartoolsenabled_false",
@@ -23437,7 +29800,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.immersivereaderpicturedictionaryenabled",
- "displayName": "Enable Picture Dictionary feature within Immersive Reader in Microsoft Edge",
+ "displayName": "Enable Picture Dictionary feature within Immersive Reader in Microsoft Edge (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.immersivereaderpicturedictionaryenabled_false",
@@ -23900,7 +30263,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.insecureformswarningsenabled",
- "displayName": "Enable warnings for insecure forms",
+ "displayName": "Enable warnings for insecure forms (Deprecated)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.insecureformswarningsenabled_false",
@@ -23916,7 +30279,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.insecureprivatenetworkrequestsallowed",
- "displayName": "Specifies whether to allow websites to make requests to more-private network endpoints",
+ "displayName": "Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.insecureprivatenetworkrequestsallowed_false",
@@ -23932,7 +30295,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.insecureprivatenetworkrequestsallowedforurls",
- "displayName": "Allow the listed sites to make requests to more-private network endpoints from in an insecure manner",
+ "displayName": "Allow the listed sites to make requests to more-private network endpoints from in an insecure manner (Obsolete)",
"options": null
},
{
@@ -24187,6 +30550,22 @@
"displayName": "Configure the pixel adjustment between window.open widths sourced from IE mode pages vs. Edge mode pages",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorerintegrationzoneidentifiermhtfileallowed",
+ "displayName": "Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorerintegrationzoneidentifiermhtfileallowed_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorerintegrationzoneidentifiermhtfileallowed_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorermodecleardataonexitenabled",
"displayName": "Clear history for IE and IE mode every time you exit",
@@ -24267,6 +30646,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorersetforegroundwhenactive",
+ "displayName": "Keep the active Microsoft Edge window with an Internet Explorer mode tab always in the foreground.",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorersetforegroundwhenactive_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorersetforegroundwhenactive_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.internetexplorerzoomdisplay",
"displayName": "Display zoom in IE Mode tabs with DPI Scale included like it is in Internet Explorer",
@@ -24319,6 +30714,32 @@
"displayName": "Block JavaScript from using JIT on these sites",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.javascriptoptimizerallowedforsites",
+ "displayName": "Allow JavaScript optimization on these sites",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.javascriptoptimizerblockedforsites",
+ "displayName": "Block JavaScript optimizations on these sites",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.keyboardfocusablescrollersenabled",
+ "displayName": "Enable keyboard focusable scrollers (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.keyboardfocusablescrollersenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.keyboardfocusablescrollersenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.legacysamesitecookiebehaviorenabled",
"displayName": "Enable default legacy SameSite cookie behavior setting (Obsolete)",
@@ -24337,12 +30758,12 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.legacysamesitecookiebehaviorenabledfordomainlist",
- "displayName": "Revert to legacy SameSite behavior for cookies on specified sites",
+ "displayName": "Revert to legacy SameSite behavior for cookies on specified sites (Obsolete)",
"options": null
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.linkedaccountenabled",
- "displayName": "Enable the linked account feature",
+ "displayName": "Enable the linked account feature (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.linkedaccountenabled_false",
@@ -24372,6 +30793,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.livevideotranslationenabled",
+ "displayName": "Allows users to translate videos to different languages.",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.livevideotranslationenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.livevideotranslationenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.localbrowserdatashareenabled",
"displayName": "Enable Windows to search local Microsoft Edge browsing data",
@@ -24404,6 +30841,48 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessallowedforurls",
+ "displayName": "Allow sites to make requests to local network endpoints.",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessblockedforurls",
+ "displayName": "Block sites from making requests to local network endpoints.",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessrestrictionsenabled",
+ "displayName": "Specifies whether to block requests from public websites to devices on a user's local network. (Deprecated)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessrestrictionsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessrestrictionsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessrestrictionstemporaryoptout",
+ "displayName": "Specifies whether to opt out of Local Network Access restrictions",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessrestrictionstemporaryoptout_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.localnetworkaccessrestrictionstemporaryoptout_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.localprovidersenabled",
"displayName": "Allow suggestions from local providers",
@@ -24456,6 +30935,43 @@
"displayName": "Manage Search Engines (users can override)",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.mandatoryextensionsforinprivatenavigation",
+ "displayName": "Specify extensions users must allow in order to navigate using InPrivate mode",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.microsoft365copilotchaticonenabled",
+ "displayName": "Control whether Microsoft 365 Copilot Chat shows in the Microsoft Edge for Business toolbar",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.microsoft365copilotchaticonenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.microsoft365copilotchaticonenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.microsoft365copilotchaticonenabled_recommended",
+ "displayName": "Control whether Microsoft 365 Copilot Chat shows in the Microsoft Edge for Business toolbar (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.microsoft365copilotchaticonenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.microsoft365copilotchaticonenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.microsoftedgeinsiderpromotionenabled",
"displayName": "Microsoft Edge Insider Promotion Enabled",
@@ -24536,6 +31052,38 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.mutationeventsenabled",
+ "displayName": "Enable deprecated/removed Mutation Events (Obsolete)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.mutationeventsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.mutationeventsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.nativehostsexecutableslaunchdirectly",
+ "displayName": "Force Windows executable Native Messaging hosts to launch directly",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.nativehostsexecutableslaunchdirectly_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.nativehostsexecutableslaunchdirectly_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.nativemessagingallowlist",
"displayName": "Control which native messaging hosts users can use",
@@ -24678,14 +31226,51 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagebingchatenabled",
+ "displayName": "Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagebingchatenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagebingchatenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagecompanylogo",
"displayName": "Set new tab page company logo (Obsolete)",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagecompanylogobackplatecolor",
+ "displayName": "Set the company logo backplate color on the new tab page.",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagecompanylogoenabled",
+ "displayName": "Hide the company logo on the Microsoft Edge new tab page",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagecompanylogoenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagecompanylogoenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagecontentenabled",
- "displayName": "Allow Microsoft News content on the new tab page",
+ "displayName": "Allow Microsoft content on the new tab page",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.newtabpagecontentenabled_false",
@@ -24857,6 +31442,58 @@
"displayName": "Block notifications on specific sites",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.onbulkdataentryenterpriseconnector",
+ "displayName": "Configuration policy for bulk data entry for Microsoft Edge for Business Data Loss Prevention Connectors",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.onfileattachedenterpriseconnector",
+ "displayName": "Configuration policy for files attached for Microsoft Edge for Business Data Loss Prevention Connectors",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.onprintenterpriseconnector",
+ "displayName": "Configuration policy for print for Microsoft Edge for Business Data Loss Prevention Connectors",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.onsecurityevententerpriseconnector",
+ "displayName": "Configuration policy for Microsoft Edge for Business Reporting Connectors",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.organizationalbrandingonworkprofileuienabled_recommended",
+ "displayName": "Allow the use of your organization's branding assets from Microsoft Entra on the profile-related UI of a work or school profile (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.organizationalbrandingonworkprofileuienabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.organizationalbrandingonworkprofileuienabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.organizationlogooverlayonappiconenabled_recommended",
+ "displayName": "Allow your organization's logo from Microsoft Entra to be overlaid on the Microsoft Edge app icon of a work or school profile (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.organizationlogooverlayonappiconenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.organizationlogooverlayonappiconenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.originagentclusterdefaultenabled",
"displayName": "Origin-keyed agent clustering enabled by default",
@@ -24905,6 +31542,70 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.partitionedbloburlusage",
+ "displayName": "Manage Blob URL Partitioning During Fetching and Navigation",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.partitionedbloburlusage_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.partitionedbloburlusage_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passworddeleteonbrowsercloseenabled",
+ "displayName": "Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passworddeleteonbrowsercloseenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passworddeleteonbrowsercloseenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passworddeleteonbrowsercloseenabled_recommended",
+ "displayName": "Prevent passwords from being deleted if any Edge settings is enabled to delete browsing data when Microsoft Edge closes (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passworddeleteonbrowsercloseenabled_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passworddeleteonbrowsercloseenabled_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passwordexportenabled",
+ "displayName": "Enable exporting saved passwords from Password Manager",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passwordexportenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passwordexportenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.passwordgeneratorenabled",
"displayName": "Allow users to get a strong password suggestion whenever they are creating an account online",
@@ -25032,6 +31733,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passwordrevealenabled",
+ "displayName": "Enable Password reveal button",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passwordrevealenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.passwordrevealenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.passwordrevealenabled_recommended",
"displayName": "Enable Password reveal button (users can override)",
@@ -25080,6 +31797,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pdfvieweroutofprocessiframeenabled",
+ "displayName": "Use out-of-process iframe PDF Viewer",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pdfvieweroutofprocessiframeenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pdfvieweroutofprocessiframeenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.pdfxfaenabled",
"displayName": "XFA support in native PDF reader enabled",
@@ -25144,6 +31877,70 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.personalizetopsitesincustomizesidebarenabled",
+ "displayName": "Personalize my top sites in Customize Sidebar enabled by default",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.personalizetopsitesincustomizesidebarenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.personalizetopsitesincustomizesidebarenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pictureinpictureoverlayenabled",
+ "displayName": "Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pictureinpictureoverlayenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pictureinpictureoverlayenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pinbrowseressentialstoolbarbutton",
+ "displayName": "Pin browser essentials toolbar button",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pinbrowseressentialstoolbarbutton_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pinbrowseressentialstoolbarbutton_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pinbrowseressentialstoolbarbutton_recommended",
+ "displayName": "Pin browser essentials toolbar button (users can override)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pinbrowseressentialstoolbarbutton_recommended_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.pinbrowseressentialstoolbarbutton_recommended_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.pluginsallowedforurls",
"displayName": "Allow the Adobe Flash plug-in on specific sites (Obsolete)",
@@ -25164,6 +31961,27 @@
"displayName": "Block pop-up windows on specific sites",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.precisegeolocationallowedforurls",
+ "displayName": "Allow precise geolocation on these sites",
+ "options": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.prefetchwithserviceworkerenabled",
+ "displayName": "Allow SpeculationRules prefetch for ServiceWorker-controlled URLs",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.prefetchwithserviceworkerenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.prefetchwithserviceworkerenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.preventsmartscreenpromptoverride",
"displayName": "Prevent bypassing Microsoft Defender SmartScreen prompts for sites",
@@ -25196,6 +32014,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.preventtyposquattingpromptoverride",
+ "displayName": "Prevent bypassing Edge Website Typo Protection prompts for sites",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.preventtyposquattingpromptoverride_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.preventtyposquattingpromptoverride_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.primarypasswordsetting",
"displayName": "Configures a setting that asks users to enter their device password while using password autofill",
@@ -25343,6 +32177,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.printpdfasimagedefault",
+ "displayName": "Print PDF as Image Default",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.printpdfasimagedefault_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.printpdfasimagedefault_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.printpostscriptmode",
"displayName": "Print PostScript Mode",
@@ -25464,6 +32314,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.proactiveauthworkflowenabled",
+ "displayName": "Enable proactive authentication",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.proactiveauthworkflowenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.proactiveauthworkflowenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.promptfordownloadlocation",
"displayName": "Ask where to save downloaded files",
@@ -25611,6 +32477,11 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.registeredprotocolhandlers",
+ "displayName": "Register protocol handlers",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.registeredprotocolhandlers_recommended",
"displayName": "Register protocol handlers (users can override)",
@@ -25618,7 +32489,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.relatedmatchescloudserviceenabled",
- "displayName": "Configure Related Matches in Find on Page",
+ "displayName": "Configure Related Matches in Find on Page (Obsolete)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.relatedmatchescloudserviceenabled_false",
@@ -25632,6 +32503,27 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.relatedwebsitesetsenabled",
+ "displayName": "Enable Related Website Sets (Deprecated)",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.relatedwebsitesetsenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.relatedwebsitesetsenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.relatedwebsitesetsoverrides",
+ "displayName": "Override Related Website Sets. (Deprecated)",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.resolvenavigationerrorsusewebservice",
"displayName": "Enable resolution of navigation errors using a web service",
@@ -25666,7 +32558,7 @@
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup",
- "displayName": "Action to take on startup",
+ "displayName": "Action to take on Microsoft Edge startup",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup_restoreonstartupisnewtabpage",
@@ -25682,12 +32574,17 @@
"id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup_restoreonstartupisurls",
"displayName": "Open a list of URLs",
"description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup_restoreonstartupislastsessionandurls",
+ "displayName": "Open a list of URLs and restore the last session",
+ "description": null
}
]
},
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup_recommended",
- "displayName": "Action to take on startup (users can override)",
+ "displayName": "Action to take on Microsoft Edge startup (users can override)",
"options": [
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup_recommended_restoreonstartupisnewtabpage",
@@ -25703,6 +32600,11 @@
"id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup_recommended_restoreonstartupisurls",
"displayName": "Open a list of URLs",
"description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.restoreonstartup_recommended_restoreonstartupislastsessionandurls",
+ "displayName": "Open a list of URLs and restore the last session",
+ "description": null
}
]
},
@@ -25806,6 +32708,11 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.scarewareblockerallowlistdomains",
+ "displayName": "Configure the list of domains where Microsoft Edge Scareware blockers don't run",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.screencaptureallowed",
"displayName": "Allow or deny screen capture",
@@ -25827,6 +32734,11 @@
"displayName": "Allow Desktop, Window, and Tab capture by these origins",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.screencapturewithoutgestureallowedfororigins",
+ "displayName": "Allow screen capture without prior user gesture",
+ "options": null
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.scrolltotextfragmentenabled",
"displayName": "Enable scrolling to text specified in URL fragments",
@@ -25875,6 +32787,22 @@
}
]
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.searchforimageenabled",
+ "displayName": "Search for image enabled",
+ "options": [
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.searchforimageenabled_false",
+ "displayName": "Disabled",
+ "description": null
+ },
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.searchforimageenabled_true",
+ "displayName": "Enabled",
+ "description": null
+ }
+ ]
+ },
{
"id": "com.microsoft.edge.mamedgeappconfigsettings.searchinsidebarenabled",
"displayName": "Search in Sidebar enabled",
@@ -25933,6 +32861,22 @@
"displayName": "Websites or domains that don't need permission to use direct Security Key attestation",
"options": null
},
+ {
+ "id": "com.microsoft.edge.mamedgeappconfigsettings.selectparserrelaxationenabled",
+ "displayName": "Controls whether the new HTML parser behavior for the