Skip to content

Apple Business Manager profile settings (iOS)

This page lists the available settings for Apple Business Manager profiles for iPhones and iPads.

General settings

Setting Description
Name The name of the profile.
Description An optional description of the profile.
Device group

A device group that will be assigned to devices when they are enrolled with Sophos Mobile.

For information on device groups, see Device groups.

To simplify device management, we recommend that you use a separate device group for Apple Business Manager devices.

Task bundle

A task bundle that will be transferred onto the devices when they are enrolled with Sophos Mobile.

The list includes all task bundles that contain no enrollment task.

For information on task bundles, see Task bundles.

Enrollment

Setting Description
Assign user to device

Select whether users must authenticate during device enrollment.

  • No: Users don’t need to authenticate.
  • Yes - LDAPS authentication: Select this option if you configured Active Directory authentication via LDAPS. See Configure LDAP connection.
  • Yes - Self Service Portal authentication: Users are forwarded to the Sophos Central Self Service Portal sign-in page. This option supports all Sophos Central sign-in options, including federated and multi-factor authentication. See Sophos sign-in settings.
If you select No, Sophos Mobile doesn’t assign a user to the device during enrollment. You can assign a user later if required. See Assign a user to a device.

If you select one of the Yes options, Sophos Mobile assigns the user to the device.

User can remove MDM policy

The user is able to remove the Sophos Mobile enrollment profile through the user interface.

This option can only be deselected for supervised devices.

Install SMC app

Install Sophos Mobile Control on the device.

When you turn this setting on, you must also do one of the following actions:

  • Turn off the Apple ID option on the iOS setup tab so that users must sign in to their Apple Account (formerly Apple ID) during setup.
  • Add Sophos Mobile Control to Apple Business Manager apps and configure Sophos Mobile to automatically assign apps to devices. See Manage Apple Business Manager apps.

Note: If you turn this setting on, users must open the Sophos Mobile Control app and let it sync with Sophos Mobile to complete enrollment.

User can skip MDM policy assignment The user is able to skip the setup step that applies the Sophos Mobile enrollment profile.

iOS setup

On the iOS setup tab, you disable configuration steps of the setup assistant that starts when the device is switched on for the first time.

These settings only affect the setup assistant. If you disable a configuration step, the user is still able to enable the relevant option later. To completely disable a feature, use a Restrictions configuration. See Restrictions configuration (iOS device policy).

Setting Description
Apple ID Skip configuring an Apple Account (formerly Apple ID).
Apple Pay Skip configuring Apple Pay. The user cannot add credit or debit card information for paying in stores or within apps using Apple Pay.
Safety Skip the Safety page.
Passcode Skip creating a passcode to unlock the device.
Accessibility Skip the Accessibility page.
Lockdown Mode Skip the Lockdown Mode page.
Term of Address Skip the Term of Address page. This page is available for some languages and lets users select how they want to be addressed by the device (feminine, masculine, or neutral).
True Tone Skip activating True Tone (the automatic adaptation of display colors based on ambient lighting conditions).
iMessage and FaceTime Skip activating iMessage and FaceTime.
Web Content Filtering Skip the Web Content Filtering page.
Get Started Skip the Get Started page.
Restore from backup Skip restoring data from iCloud or transferring data from an Android device.
Disable “Move Data from Android” The option to transfer data from an Android device is not available.
Touch ID & Face ID Skip configuring Touch ID and Face ID. The user cannot set up biometric authentication in place of a passcode.
Appearance Skip configuring the appearance of the user interface (light or dark).
Action Button Skip the Action Button page.
Siri Skip configuring Siri. Siri is turned off.
Display Zoom Skip configuring Display Zoom, that is a zoomed view providing larger icons, text and buttons.
Privacy Skip the page that explains the Data & Privacy icon.
Screen Time Skip configuring Screen Time (the reporting and limiting of time spent on the device).
iOS update information Skip the page that informs users that iOS updates are installed automatically.
Diagnostics Skip configuring diagnostics. Diagnostic and usage data are not sent to Apple.
Restore Completed Skip the Restore Completed page, which is shown after a restore is performed during the setup.
Location services Skip configuring location services. Location services are turned off.
App Store Skip the App Store page.
Apple Intelligence Skip the Apple Intelligence page.
Terms and Conditions Skip the Terms and Conditions page.
Watch migration Skip restoring Apple Watch data from an iCloud or iTunes backup.
Cellular plan Skip configuring a cellular data plan.
Camera Control Skip the Camera Control page.
Software Update Complete Skip the page that shows the mandatory updates that happened during the setup.

Support information

Setting Description
Department

The department or location name associated with the profile.

This name is included in the information that the user can access by clicking About Configuration during device setup.

Phone number

The support phone number for your company.

This field is pre-populated with the phone number from the technical support contact details. See Configure IT contact.

The phone number is stored internally in the profile but is not available to the device user.

Email

The support email address for your company.

This field is pre-populated with the email address from the technical support contact details. See Configure IT contact.

The email address is stored internally in the profile but is not available to the device user.

USB pairing

On the USB pairing tab, you can restrict the USB pairing of Apple Business Manager iPhones and iPads to selected Macs. USB pairing is required to connect the device to Apple Configurator 2.

Setting Description
Allow USB pairing with all hosts

If you select the check box, you can pair the device with any computer.

If you clear the check box, you can only pair the device with Macs you’ve configured for device supervision. You can’t pair the device with Windows computers.

Upload host certificate

Upload a supervision identity certificate.

All Macs containing the certificate in their keychain can supervise the device.

You can upload several certificates.

Note

If you clear Allow USB pairing with all hosts and don’t upload a certificate, you can’t connect the device to Apple Configurator 2.