Learning Objectives

Question 1

What are declarations?

Answer 1

Declarations are payloads that represent policies the MDM server defines and sends to devices

Question 2

What are the four types of declarations?

Answer 2

Configurations, assets, activations, and management

Question 3

What is a payload name?

Answer 3

This is a human-readable name given to a specific set of configuration instructions (or payload) in an MDM profile. The payload name helps administrators easily identify what the payload does. For example, a payload name could be “WiFi Settings” or “Email Configuration”. It’s used to give a clear understanding of the purpose of each payload.

Question 4

What is a payload identifier?

Answer 4

This is a unique identifier for each payload within an MDM profile. It’s crucial for ensuring that each payload can be individually identified and managed by the MDM system. The payload identifier is typically in a reverse DNS format, like com.companyname.payloadtype. This format helps to avoid conflicts and ensures that each identifier is unique, not only within a single profile but across multiple profiles that might be deployed to the same device.

Question 5

What are the supported enrollment types for iPads and iPhones?

Answer 5

User Enrollment, Device Enrollment, and Automated Device Enrollment.

Question 6

What is the duplicates allowed payload setting for iPads and iPhones?

Answer 6

This setting indicates if multiple payloads (True) or only one payload (False) can be sent to a user or device. For instance, you can include several Subscribed Calendars payloads in one profile, letting a user subscribe to multiple calendars.

Question 7

Can multiple payloads within a configuration profile have the same account description or display name for iPads and iPhones?

True or False?

Answer 7

False.

In iOS and iPadOS, if multiple payloads within a configuration profile have the same account description or display name, they are considered “exclusive.” This implies that these payloads cannot coexist; only one payload with a particular account description or display name will be applied or active at a time. Essentially, payloads with identical names or descriptions are treated as alternatives to each other, rather than being additive.

Question 8

What are the payload settings for AirPlay for iPads and iPhones?

Answer 8

Payload identifier:
com.apple.airplay

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
True

Question 9

What are the payload settings for AirPrint for iPads and iPhones?

Answer 9

Payload identifier:
com.apple.airprint

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
True

Question 10

What are the payload settings for App Lock for iPads and iPhones?

Answer 10

Payload identifier:
com.apple.app.lock

Supported enrollment type:
Automated Device

Duplicates allowed:
False

Question 11

What are the payload settings for App-LayerVPN for iPads and iPhones?

Answer 11

Payload identifier:
com.apple.vpn.managed.applayer

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
False

Question 12

What are the payload settings for Automated Certificate Management Environment (ACME) for iPads and iPhones?

Answer 12

Payload identifier:
com.apple.security.acme

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
True

Question 13

What are the payload settings for Calendar for iPads and iPhones?

Answer 13

Payload identifier:
com.apple.caldav.account

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
True

Question 14

What are the payload settings for Cellular for iPads and iPhones?

Answer 14

**Payload identifier:
com.apple.cellular

Supported enrollment type:
Device and Automated Device

Duplicates allowed:
False

Question 15

What are the payload settings for Cellular Private Network for iPads and iPhones?

Answer 15

Payload identifier:
com.apple.cellularprivatenetwork.managed

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
False

Question 16

What are the payload settings for Certificate Revocation for iPads and iPhones?

Answer 16

Payload identifier:
com.apple.security.certificaterevocation

Supported enrollment type:
User and Device

Duplicates allowed:
True

Question 17

What are the payload settings for Certificate Transparency for iPads and iPhones?

Answer 17

Payload identifier:
com.apple.security.certificatetransparency

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
True

Question 18

What are the payload settings for Certificates for iPads and iPhones?

Answer 18

Payload identifiers:
com.apple.security.pem
com.apple.security.pkcs1
com.apple.security.pkcs12
com.apple.security.root

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
True

Question 19

What are the payload settings for Contacts for iPads and iPhones?

Answer 19

Payload identifier:
com.apple.carddav.account

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
True

Question 20

What are the payload settings for DNS Proxy for iPads and iPhones?

Answer 20

Payload identifier:
com.apple.dnsProxy.managed

Supported enrollment type:
Automated Device

Duplicates allowed:
False

Question 21

What are the payload settings for DNS Settings for iPads and iPhones?

Answer 21

Payload identifier:
com.apple.dnsSettings.managed

Supported enrollment type:
Device, Automated Device

Duplicates allowed:
True

Question 22

What are the payload settings for Domains for iPads and iPhones?

Answer 22

Payload identifier:
com.apple.domains

Supported enrollment type:
Device, Automated Device

Duplicates allowed:
False

Question 23

What are the payload settings for Ethernet for iPads and iPhones?

Answer 23

Payload identifiers:
com.apple.globalethernet.managed
com.apple.firstactiveethernet.managed com.apple.firstethernet.managed com.apple.secondactiveethernet.managed com.apple.secondethernet.managed com.apple.thirdactiveethernet.managed com.apple.thirdethernet.managed

Supported enrollment type:
User, Device, and Automated Device

Duplicates allowed:
False

Question 24

What are the payload settings for Exchange ActiveSync (EAS) for iPads and iPhones?

Answer 24

Payload identifier:
com.apple.eas.account

Supported enrollment type:
User, Device, Automated Device

Duplicates allowed:
True

Question 25

What are the payload settings for **Extensible Single Sign-On** for **iPads** and **iPhones?**

Answer 25

**Payload identifier:** com.apple.extensiblesso **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** True

Question 26

What are the payload settings for **Extensible Single Sign-On Kerberos** for **iPads** and **iPhones?**

Answer 26

**Payload identifier:** com.apple.extensiblesso(kerberos) **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** True

Question 27

What are the payload settings for **Fonts** for **iPads** and **iPhones?**

Answer 27

**Payload identifier:** com.apple.font **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** True

Question 28

What are the payload settings for **Global HTTP Proxy** for **iPads** and **iPhones?**

Answer 28

**Payload identifier:** com.apple.proxy.http.global **Supported enrollment type:** Automated Device **Duplicates allowed:** False

Question 29

What are the payload settings for **Google Accounts** for **iPads** and **iPhones?**

Answer 29

**Payload identifier:** com.apple.google-oauth **Supported enrollment type:** User and Device **Duplicates allowed:** True

Question 30

What are the payload settings for **Home Screen Layout** for **iPads** and **iPhones?**

Answer 30

**Payload identifier:** com.apple.homescreenlayout **Supported enrollment type:** Automated Device **Duplicates allowed:** False

Question 31

What are the payload settings for **LDAP** for **iPads** and **iPhones?**

Answer 31

**Payload identifier:** com.apple.ldap.account **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** True

Question 32

What are the payload settings for **Lock Screen Message** for **iPads** and **iPhones?**

Answer 32

**Payload identifier:** com.apple.shareddeviceconfiguration **Supported enrollment type:** Automated Device **Duplicates allowed:** False

Question 33

What are the payload settings for **Mail** for **iPads** and **iPhones?**

Answer 33

Payload identifier: com.apple.mail.managed Supported enrollment type: User, Device, and Automated Device Duplicates allowed: True

Question 34

What are the payload settings for **Network Usage Rules** for **iPads** and **iPhones?**

Answer 34

**Payload identifier:** com.apple.networkusagerules **Supported enrollment type:** Automated Device **Duplicates allowed:** False

Question 35

What are the payload settings for **Notifications** for **iPads** and **iPhones?**

Answer 35

**Payload identifier:** com.apple.notificationsettings **Supported enrollment type:** Device (macOS) and Automated Device **Duplicates allowed:** True

Question 36

What are the payload settings for **Passcode** for **iPads** and **iPhones?**

Answer 36

**Payload identifier:** com.apple.mobiledevice.passwordpolicy **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** False

Question 37

What are the payload settings for **Relay** for **iPads** and **iPhones?*

Answer 37

**Payload identifier:** com.apple.relay.managed **Supported enrollment type:** Device and Automated Device **Duplicates allowed:** True

Question 38

What are the payload settings for **Restrictions** for **iPads** and **iPhones?**

Answer 38

**Payload identifier:** com.apple.applicationaccess **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** True

Question 39

What are the payload settings for **SCEP** for **iPads** and **iPhones?**

Answer 39

**Payload identifier:** com.apple.security.scep **Supported enrollment type:** User, Device, Automated Device **Duplicates allowed:** True

Question 40

What are the payload settings for **Setup Assistant** for **iPads** and **iPhones?**

Answer 40

**Payload identifier:** com.apple.SetupAssistant.managed **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** False

Question 41

What are the payload settings for **Single Sign-On** for **iPads** and **iPhones?**

Answer 41

**Payload identifier:** com.apple.sso **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** False

Question 42

What are the payload settings for **Subscribed Calendars** for **iPads** and **iPhones**?

Answer 42

**Payload identifier:** com.apple.subscribedcalendar.account **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** True

Question 43

What are the payload settings for **TV Remote** for **iPads** and **iPhones**?

Answer 43

**Payload identifier:** com.apple.tvremote **Supported enrollment type:** Automated Device **Duplicates allowed:** False

Question 44

What are the payload settings for **VPN** for **iPads** and **iPhones**?

Answer 44

**Payload identifier:** com.apple.vpn.managed **Supported enrollment type:** User (App-Layer VPN and App-to-App Layer VPN mapping only), Device, and Automated Device **Duplicates allowed:** True

Question 45

What are the payload settings for **Web Clips** for **iPads** and **iPhones**?

Answer 45

**Payload identifier:** com.apple.webClip.managed **Supported enrollment type:** User, Device, Automated Device **Duplicates allowed:** True

Question 46

What are the payload settings for **Web Content Filter** for **iPads** and **iPhones**?

Answer 46

**Payload identifier:** com.apple.webcontent-filter **Supported enrollment type:** Device and Automated Device **Duplicates allowed:** True

Question 47

What are the payload settings for **Wi-Fi** for **iPads** and **iPhones**?

Answer 47

**Payload identifiers:** com.apple.MCX(WiFi) com.apple.builtinwireless.managed com.apple.wifi.managed **Supported enrollment type:** User, Device, and Automated Device **Duplicates allowed:** True

Question 48

What can be managed with **AirPlay** and **AirPrint** settings in **MDM** for **iPhones** and **iPads**?

Answer 48

Managing AirPlay mirroring destinations and configuring AirPrint printers.

Question 49

What are the **app configuration capabilities** in **MDM** for **iPhones** and **iPads**?

Answer 49

Installing and removing apps, setting app usage restrictions, and configuring app settings and data.

Question 50

How are certificates and security managed in MDM for iPhones and iPads?

Answer 50

Installing and managing certificates, configuring VPN and Wi-Fi settings, and implementing security policies like SCEP.

Question 51

What email, contacts, and calendar management options are available in MDM for iPhones and iPads?

Answer 51

Configuring email accounts (Exchange, Gmail, etc.), and setting up contacts and calendar accounts (CardDAV, CalDAV).

Question 52

What are the steps to configure a Global HTTP Proxy in MDM for iPhones and iPads?

Answer 52

Configuring a Global HTTP Proxy in MDM involves specifying the proxy server address, setting port numbers, and optionally adding authentication details such as username and password. This setup directs all network traffic from the iPhones and iPads through the defined proxy server, allowing for centralized control and monitoring of internet access.

Question 53

What capabilities does an MDM offer for enforcing passcode requirements on iPhones and iPads?

Answer 53

An MDM enables the enforcement of comprehensive passcode policies on iPhones and iPads. This includes setting minimum passcode length, defining complexity requirements (like alphanumeric requirements), specifying maximum passcode age, determining auto-lock time, and implementing failed passcode attempt restrictions. Additionally, an MDM can enforce passcode changes under certain conditions and manage other related security settings.

Question 54

What can be restricted using the Restrictions Payload in MDM for iPhones and iPads?

Answer 54

Restricting device features like camera, Siri, screen capture, and managing content and privacy settings.

Question 55

What options are available in MDM for managing VPN and network configurations on iPhones and iPads?

Answer 55

Setting up VPNIn MDM, VPN and network configurations for iPhones and iPads include setting up various VPN protocols, configuring VPN server details, managing authentication methods, and specifying VPN on-demand rules. Additionally, MDM allows for the configuration of network-related settings such as DNS settings, Ethernet configurations, and setting up Wi-Fi networks with specific security protocols and access credentials. configurations and managing network settings, including DNS and Ethernet

Question 56

How can web content filtering be configured on iPhones and iPads using MDM?

Answer 56

MDM allows setting up web content filters by defining allowed and denied URLs, restricting devices to specific websites only, and using third-party plugins for advanced filtering. It includes options to automatically filter adult content, permit access to certain websites regardless of their content classification, and block specific URLs. Additionally, for customized filtering needs, connection and authentication details for third-party content filtering services can be configured, along with associated certificates for secure connections.

Question 57

What options are available for managing Wi-Fi settings in MDM for iPhones and iPads?

Answer 57

Managing Wi-Fi includes configuring specific network details, setting up network profiles, and controlling aspects such as SSID, security type, and automatic connection preferences.

Question 58

What are the device supervision-specific actions available in MDM for supervised iPhones and iPads?

Answer 58

Enabling Single App Mode, restricting functionalities like AirDrop, and applying additional security and management controls not available on unsupervised devices.

Question 59

What device information and management actions are available in MDM for iPhones and iPads?

Answer 59

Retrieving device information (model, serial number, etc.), and performing remote actions like device lock and wipe.

Question 60

What are the education payload capabilities in an MDM for managed educational devices like iPhones and iPads?

Answer 60

Configuring Classroom settings and shared device configurations.

Question 61

What capabilities does an MDM provide for managing educational settings on iPhones and iPads in educational environments?

Answer 61

An MDM allows for the configuration of various educational settings on iPhones and iPads, including but not limited to Classroom app settings and shared device configurations. This encompasses setting up student devices for guided access in educational apps, managing teacher and student interactions through the Classroom app, and configuring devices for shared use among multiple students, with features like Managed Apple IDs and personalized learning environments.