Apple Business Manager profile settings (iOS)
This page lists the available settings for Apple Business Manager profiles for iPhones and iPads.
|The name of the profile.
|An optional description of the profile.
A device group that will be assigned to devices when they are enrolled with Sophos Mobile.
For information on device groups, see Device groups.
To simplify device management, we recommend that you use a separate device group for Apple Business Manager devices.
A task bundle that will be transferred onto the devices when they are enrolled with Sophos Mobile.
The list includes all task bundles that contain no enrollment task.
For information on task bundles, see Task bundles.
|Assign user to device
Select whether users must authenticate during device enrollment.
If you select one of the Yes options, Sophos Mobile assigns the user to the device.
|User can remove MDM policy
The user is able to remove the Sophos Mobile enrollment profile through the user interface.
This option can only be deselected for supervised devices.
|Install SMC app
Install Sophos Mobile Control on the device.
When you turn on this option, you must also do one of the following:
|User can skip MDM policy assignment
|The user is able to skip the setup step that applies the Sophos Mobile enrollment profile.
On the iOS setup tab, you disable configuration steps of the setup assistant that starts when the device is switched on for the first time.
These settings only affect the setup assistant. If you disable a configuration step, the user is still able to enable the relevant option later. To completely disable a feature, use a Restrictions configuration. See Restrictions configuration (iOS device policy).
|Skip configuring an Apple ID. The user cannot log in with their Apple ID to access Apple services.
|Skip configuring Apple Pay. The user cannot add credit or debit card information for paying in stores or within apps using Apple Pay.
|Skip the Safety page.
|Skip creating a passcode to unlock the device.
|Skip the Accessibility page.
|Term of Address
|Skip the Term of Address page. This page is available for some languages and lets users select how they want to be addressed by the device (feminine, masculine, or neutral).
|Skip activating True Tone (the automatic adaptation of display colors based on ambient lighting conditions).
|iMessage and FaceTime
|Skip activating iMessage and FaceTime.
|Software Update Complete
|Skip the page that shows the mandatory updates that happened during the setup.
|Restore from backup
|Skip restoring data from iCloud or transferring data from an Android device.
|Disable “Move Data from Android”
|The option to transfer data from an Android device is not available.
|Touch ID & Face ID
|Skip configuring Touch ID and Face ID. The user cannot set up biometric authentication in place of a passcode.
|Skip configuring the appearance of the user interface (light or dark).
|Skip configuring Siri. Siri is turned off.
|Skip configuring Display Zoom, that is a zoomed view providing larger icons, text and buttons.
|Skip the page that explains the Data & Privacy icon.
|Skip configuring Screen Time (the reporting and limiting of time spent on the device).
|Skip the Get Started page.
|Skip configuring diagnostics. Diagnostic and usage data are not sent to Apple.
|Skip the Restore Completed page, which is shown after a restore is performed during the setup.
|Skip configuring location services. Location services are turned off.
|Skip the App Store page.
|Terms and Conditions
|Skip the Terms and Conditions page.
|Skip restoring Apple Watch data from an iCloud or iTunes backup.
|Skip configuring a cellular data plan.
|iOS update information
|Skip the page that informs users that iOS updates are installed automatically.
The department or location name associated with the profile.
This name is included in the information that the user can access by clicking About Configuration during device setup.
The support phone number for your company.
This field is pre-populated with the phone number from the technical support contact details. See Configure IT contact.
The phone number is stored internally in the profile but is not available to the device user.
The support email address for your company.
This field is pre-populated with the email address from the technical support contact details. See Configure IT contact.
The email address is stored internally in the profile but is not available to the device user.
On the USB pairing tab, you can restrict the USB pairing of Apple Business Manager iPhones and iPads to selected Macs. USB pairing is required to connect the device to Apple Configurator 2.
|Allow USB pairing with all hosts
If you select the check box, you can pair the device with any computer.
If you clear the check box, you can only pair the device with Macs you’ve configured for device supervision. You can’t pair the device with Windows computers.
|Upload host certificate
Upload a supervision identity certificate.
All Macs containing the certificate in their keychain can supervise the device.
You can upload several certificates.
If you clear Allow USB pairing with all hosts and don’t upload a certificate, you can’t connect the device to Apple Configurator 2.