Category Filter
iOS Policies
The password dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| allow_simple | Boolean | Optional | true |
| require_alphanumeric | Boolean | Optional | false |
| min_length | Integer | Optional. Values can be from 1 to 16 | |
| min_complex_char | Integer | Optional. Values can be from 1 to 4 | |
| max_pinage_in_days | Integer | Optional. Specifies the number of days for which the passcode can remain unchanged | |
| max_inactivity | Integer | Optional. This dictionary contains email configurations | |
| pin_history | Dictionary | Optional. When the user changes the passcode, it has to be unique within the last N entries in the history. The minimum value is 1, and the maximum value is 50 | |
| max_grace_period | Integer | Optional. The maximum grace period (in minutes) to unlock the phone without entering a passcode. Supported values are 1, 5, 15, 60 and 240 |
|
| max_failed_attempts | Integer | Optional. Specifies the number of allowed failed attempts to enter the passcode on the device’s lock screen. Supported values are 4, 5, 6, 7, 8, 9 and 10 |
The restrictions dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| allow_app_installation | Boolean | Optional | true |
| allow_airdrop_managemendapps | Boolean | Optional | false |
| allow_camera | Boolean | Optional | true |
| allow_video_conferencing | Boolean | Optional | true |
| allow_screen_shot | Boolean | Optional | false |
| allow_global_background_fetch_when_roaming | Boolean | Optional | true |
| allow_touchId | Boolean | Optional | true |
| allow_assistant | Boolean | Optional | true |
| allow_assistant_while_locked | Boolean | Optional | true |
| allow_voice_dialing | Boolean | Optional | true |
| allow_passbook_while_locked | Boolean | Optional | false |
| allow_inapp_purchases | Boolean | Optional | true |
| force_itunes_store_password_entry | Boolean | Optional | true |
| allow_multiplayer_gaming | Boolean | Optional | true |
| allow_adding_game_center_friends | Boolean | Optional | true |
| allow_enterprise_app_trust | Boolean | Optional | true |
| allow_enterprise_app_trust_modification | Boolean | Optional | true |
| allow_enterprise_book_backup | Boolean | Optional | true |
| allow_managed_app_sync | Boolean | Optional | true |
| allow_youtube | Boolean | Optional | true |
| allow_itunes | Boolean | Optional | true |
| allow_safari | Boolean | Optional | true |
| safari_allow_auto_fill | Boolean | Optional | true |
| safari_force_fraud_warning | Boolean | Optional | false |
| safari_allow_java_script | Boolean | Optional | true |
| safari_allow_popups | Boolean | Optional | true |
| safari_accept_cookies | String | Optional. Values can be always, visited or never | |
| allow_cloud_backup | Boolean | Optional | true |
| allow_cloud_document_sync | Boolean | Optional | true |
| allow_photo_stream | Boolean | Optional | true |
| allow_shared_stream | Boolean | Optional | true |
| allow_icloud_photo | Boolean | Optional | true |
| allow_lockscreen_notify | Boolean | Optional | true |
| allow_lockscreen_todayView | Boolean | Optional | true |
| allow_lockscreen_control | Boolean | Optional | true |
| allow_ota_pki_update | Boolean | Optional | true |
| limit_ad_tracking | Boolean | Optional | false |
| allow_diagnostic_submission | Boolean | Optional | true |
| allow_untrusted_tls_prompt | Boolean | Optional | true |
| force_encrypted_backup | Boolean | Optional | false |
| force_applewatch_Detection | Boolean | Optional | false |
| allow_explicit_content | Boolean | Optional | true |
| allow_bookstore_erotica | Boolean | Optional | false |
| rating_region | String | Optional. Values can be us, au, ca, de, fr, ie, jp, nz or gb | |
| rating_movies | String | Optional. Values can be allow, nc-17, r, pg-13, pg, g or never | |
| rating_tv_shows | String | Optional. Values can be allow, tv-ma, tv-14, tv-pg, tv-g, tv-y7, tv-y or never | |
| rating_apps | String | Values can be allow, 17+, 12+, 9+, 4+, never |
The advanced_restrictions dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| allow_airdrop | Boolean | Optional | true |
| allow_app_cellular_data_modification | Boolean | Optional | true |
| allow_app_removal | Boolean | Optional | true |
| allow_bookstore | Boolean | Optional | true |
| allow_touchId_modify | Boolean | Optional | false |
| allow_chat | Boolean | Optional | true |
| allow_game_center | Boolean | Optional | true |
| allow_host_pairing | Boolean | Optional | true |
| allow_ui_configuration_profile_installation | Boolean | Optional | true |
| allow_podcasts | Boolean | Optional | true |
| allow_definition_lookup | Boolean | Optional | true |
| allow_predictive_keyboard | Boolean | Optional | true |
| allow_auto_correction | Boolean | Optional | true |
| allow_spell_check | Boolean | Optional | true |
| allow_music_service | Boolean | Optional | true |
| allow_radio_service | Boolean | Optional | true |
| allow_news | Boolean | Optional | true |
| allow_ui_app_installation | Boolean | Optional | true |
| allow_keyboard_shortcuts | Boolean | Optional | true |
| allow_paired_watch | Boolean | Optional | true |
| allow_account_modification | Boolean | Optional | true |
| allow_erase_content_and_settings | Boolean | Optional | true |
| allow_assistant_user_generated_content | Boolean | Optional | true |
| allow_find_my_friends_modification | Boolean | Optional | true |
| force_assistant_profanity_filter | Boolean | Optional | false |
| allow_spotlight_internet_results | Boolean | Optional | true |
| allow_enabling_restrictions | Boolean | Optional | true |
| allow_passcode_modification | Boolean | Optional | true |
| allow_device_name_modification | Boolean | Optional | true |
| allow_wallpaper_modification | Boolean | Optional | true |
| allow_notifications_modification | Boolean | Optional | true |
| Allow_automatic_app_downloads | Boolean | Optional | true |
| autonomous_single_apps | Integer array | Optional. Can contain IDs of the iOS apps | An empty list |
The web_content_filter dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| filter_type | String | Required. Values can be white_list or black_list | |
| auto_filter_enabled | Boolean | Optional. Use only when filter_type is black_list | false |
| permitted_urls | String array | Optional. Used only when auto_filter_enabled is true. Otherwise, this field is ignored | |
| blacklisted_urls | String array | Optional. Array of URLs. Use only when filter_type is black_list. Otherwise, this field is ignored | |
| whitelist_urls | String array | Optional. Array of URLs. Use only when filter_type is white_list. Otherwise, this field is ignored |
The wifi list payload can contain the following keys:
| Argument | Type | Key |
|---|---|---|
| service_set_identifier | String | Required |
| autojoin | Boolean | Optional |
| hidden_network | Boolean | Optional |
| security_type | String | Required. The possible values are None, wep, wpa, any, WEP_Enterprise, WPA_Enterprise, Any_Enterprise, eap |
| proxy_type | String | Optional. Valid values are None, Manual and Auto |
If the security_type field is set to wep, wpa, or any, the following fields must also be provided:
| Argument | Type | Key |
|---|---|---|
| password | String | Required |
If the security_type field is set to WEP_Enterprise, WPA_Enterprise, Any_Enterprise or eap, the following fields may also be provided:
| Argument | Type | Description | Default value |
|---|---|---|---|
| user_name | String | Required | |
| user_password | String | Required if use_per_connection_pwd is set to false | |
| use_per_connection_pwd | Boolean | Optional | false |
| tls | Boolean | Optional | false |
| leap | Boolean | Optional | false |
| ttls | Boolean | Optional | true |
| peap | Boolean | Optional | true |
| eap_fast | Boolean | Optional | false |
| eap_sim | Boolean | Optional | false |
| provision_pac | Boolean | Optional | false |
| provision_pac_anonymously | Boolean | Optional | false |
| use_pac | Boolean | Optional | false |
| inner_authentication | String | Optional. The possible values are PAP, CHAP, MSCHAP, MSCHAPv2 | PAP |
| outer_identity | String | Optional. | None |
If the proxy_type field is set to Manual, the following fields must also be provided:
| Argument | Type | Description |
|---|---|---|
| proxyserver | String | Required. The proxy server’s network address |
| proxy_server_port | Integer | Required. The proxy server’s port |
| proxy_user_name | String | Required. Username used to authenticate the proxy server |
| proxy_password | String | Required. Password used to authenticate proxyserver |
If the proxy_type field is set to Auto, the following field must also be provided:
| Argument | Type | Description |
|---|---|---|
| proxy_pac_url | String | Required. The URL of the PAC file that defines the proxy configuration |
The email dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_description | String | Required. User visible description of the email account | |
| user_display_name | String | Required. Username of the account. Use %name% for user’s name | |
| account_type | String | Required. The possible values are POP and IMAP | |
| imap_path_prefix | String | Optional. Required if account_type is set to IMAP | |
| email_address | String | Required. The email address for the account. Use %email% for user’s email | |
| allow_move | Boolean | Required. The email address for the account. Use %email% for user’s email | false |
| incoming_server_host_name | String | Required. The email address for the account. Use %email% for user’s email | |
| incoming_server_port | Integer | Required. The email address for the account. Use %email% for user’s email | 143 |
| incoming_server_username | String | Required. Use %username% for username | |
| incoming_server_auth | String | Required. Possible values are None, Password, MD5, NTLM and HTTP | |
| incoming_password | String | Required if incoming_server_auth is not None | |
| incoming_server_use_ssl | Boolean | Optional | true |
| out_server_host_name | String | Required. Outgoing mail server host name | |
| out_server_port | Integer | Required | 587 |
| out_server_username | Integer | Required. Value can be null. Use %username% for username | |
| out_server_auth | String | Required. Possible values are None, Password, MD5, NTLM and HTTP | |
| out_pwd_as_incoming_pwd | Boolean | Required if out_server_auth is not None | |
| out_password | String | Required if out_pwd_as_incoming_pwd is set to false | |
| allow_recent_syncing | Boolean | Optional | false |
| mail_app_only | Boolean | Optional. Use only in mail | |
| out_server_use_ssl | Boolean | Optional | true |
| smime_enabled | Boolean | Optional | false |
The activesync dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required | |
| host_name | Boolean | Required | |
| allow_move | Boolean | Optional | false |
| recent_address_syncing | Boolean | Optional | false |
| mail_app_only | Boolean | Optional | false |
| use_ssl | Boolean | Optional | true |
| smime_enabled | Boolean | Optional | false |
| domain | String | Required. Value can be blank. Use %domain% for user’s domain | false |
| username | String | Required. Use %username% for username and %email% for user’s email address | false |
| email_address | String | Required. Use %email% for user’s email address | false |
| password | String | Optional. Value can be null | false |
| no_past_days_to_sync | Integer | Optional. Possible values are 0, 1, 3, 7, 14, 31 | 3 |
| cert_compatible_ios4 | Boolean | Optional | true |
The ldap dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible description of the LDAP account. Value can be null | |
| host_name | String | Required | |
| username | String | Required. Value can be null | |
| password | String | Required. Value can be null | |
| use_ssl | Boolean | Optional | true |
The caldav dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible description of the LDAP account. Value can be null | |
| hostname | String | Required. Host name of the account | |
| username | String | Required. Username of the account. Value can be null | |
| password | String | Required. Password of the account. Value can be null | |
| use_ssl | Boolean | Optional | true |
| port | Integer | Optional | 80 |
| principal_url | String | Required. Value can be null |
The subscribe_calendar dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible info about the account. Value can be null | |
| url | String | Required | |
| username | String | Required. Value can be null | |
| password | String | Required. Value can be null | |
| use_ssl | Boolean | Optional | true |
The carddav dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| account_name | String | Required. Visible description. Value can be null | |
| host_name | String | Required. | |
| username | String | Required. Username of the account. Value can be null | |
| password | String | Required. Value can be null | |
| use_ssl | Boolean | Optional | true |
| port | Integer | Optional | 8443 |
| principal_url | String | Required. Value can be null |
The webclip list can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| label | String | Required. Name of the webclip | |
| is_removable | Boolean | Optional | true |
| url | Boolean | Optional | |
| precomposed_icon | Boolean | Required | false |
| fullscreen_icon | Boolean | Optional | false |
| icon | String | Required. Base64 encoded image |
The access_point dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| apn_name | String | Required | |
| apn_username | String | Required. Value can be null | |
| apn_password | String | Required. Value can be null | |
| proxy_server | String | Optional. Value can be null | |
| proxy_server_port | Integer | Optional | 0 |
The applock dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| app | Integer | Required. App ID | |
| disable_touch | Boolean | Optional | false |
| disable_device_rotation | Boolean | Optional | false |
| disable_volume_buttons | Boolean | Optional | false |
| disable_ringer_switch | Boolean | Optional | false |
| disable_sleep_wake_button | Boolean | Optional | false |
| disable_auto_lock | Boolean | Optional | false |
| enable_voice_over | Boolean | Optional | false |
| enable_zoom | Boolean | Optional | false |
| enable_invert_colors | Boolean | Optional | false |
| enable_assistive_touch | Boolean | Optional | false |
| enable_speak_selection | Boolean | Optional | false |
| voice_over | Boolean | Optional | false |
| zoom | Boolean | Optional | false |
| invert_colors | Boolean | Optional | false |
| assistive_touch | Boolean | Optional | false |
The wallpaper dictionary can contain the following keys:
| Argument | Type | Description |
|---|---|---|
| home_screen_wallpaper | Integer | Required. Base64 encoded image. |
| lock_screen_wallpaper | Boolean | Required. Base64 encoded image. Value can be null |
The globalproxy dictionary can contain the following keys:
| Argument | Type | Description | Default value |
|---|---|---|---|
| proxy_type | String | Required. Values can be Manual, Auto | |
| proxyserver | String | Required when proxy_type is set to Manual | |
| proxy_server_port | String | Required when proxy_type is set to Manual | |
| proxy_user_name | String | Required when proxy_type is set to Manual. Value can be null | |
| proxy_password | String | Required when proxy_type is set to Manual. Value can be null | |
| proxy_pac_url | String | Required when proxy_type is set to Auto | |
| proxy_pac_fallback_allowed | Boolean | false | |
| proxy_captive_login_allowed | Boolean | false |
The lock_screen_msg dictionary can contain the following keys:
| Argument | Type | Description |
|---|---|---|
| lock_screen_footnote | String | Required. Value can be null |
| asset_tag_information | String | Required. Value can be null |
curl
HTTP Request:
Shell Command:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
POST https://<portal>.hexnodemdm.com/api/v1/policy/ headers:- Authorization: <api key> Content-Type: application/json Sample Post Data:- [{ "name": "Sales Team Policy", "description": "", "ios": { "password": { "allow_simple": true, "require_alphanumeric": false, "max_failed_attempts": 4, "max_grace_period": 5, "max_inactivity": 2, "max_pinage_in_days": 4, "min_complex_chars": 1, "min_length": 1, "pin_history": 4 }, "restrictions": {}, "advanced_restrictions": {}, "web_content_filter": {}, "wifi": [], "vpn": {}, "email": {}, "activesync": {}, "ldap": {}, "caldav": {}, "subscribe_calendar": {}, "carddav": {}, "webclip": [], "access_point": {}, "applock": {}, "wallpaper": {}, "globalproxy": {}, "lock_screen_msg": {}, "app_management": {}, "general_settings": {} } "policy_targets": { "devices": [2,4], "devicegroups": [], "users": [], "usergroups": [] } }] |
Shell Command:
|
1 2 3 4 5 6 7 8 9 |
curl -H "Authorization: <your API key>" -H "Content-Type: application/json" -d '{ "name": "Sales Team Policy","description": "","ios": { "password": { "allow_simple": true,"require_alphanumeric": false, "max_failed_attempts": 4,"max_grace_period": 5, "max_inactivity": 2,"max_pinage_in_days": 4,"min_complex_chars": 1,"min_length": 1,"pin_history": 4 }}, "policy_targets": {"devices": [2,4],"devicegroups": [],"users": [],"usergroups": [] }' https://<portal>.hexnodemdm.com/api/v1/policy/ -X POST |
HTTP Response:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
HTTP/1.1 201 Created { "id": 3, "name": "Sales Team Policy", "description": "", "version": 1, "ios_configured": true, "android_configured": false, "windows_configured": false, "created_time": "2021-05-13T09:11:14.670285Z", "modified_time": "2021-05-13T09:11:14.670040Z", "ios": { "password": { "allow_simple": true, "require_alphanumeric": false, "max_failed_attempts": 4, "max_grace_period": 5, "max_inactivity": 2, "max_pinage_in_days": 4, "min_complex_chars": 1, "min_length": 1, "pin_history": 4 }, "restrictions": null, "advanced_restrictions": null, "web_content_filter": null, "wifi": null, "vpn": null, "email": null, "activesync": null, "ldap": null, "caldav": null, "subscribe_calendar": null, "carddav": null, "webclip": null, "access_point": null, "applock": null, "wallpaper": null, "globalproxy": null, "lock_screen_msg": null }, "android": { "password": null, "restrictions": null, "wifi": [], "email": null, "activesync": null, "applock": null, "wallpaper": null, "android_web_content_filter": null }, "app_management": { "whitelist_apps": { "app": [], "group": [] }, "blacklist_apps": { "app": [], "group": [] }, "mandatory_apps": { "app": [], "group": [] }, "catalogues": [] }, "general_settings": { "location_settings": { "tracking_disabled": false, "interval_minutes": 60, "location_configured": false } }, "policy_targets": { "devices": [2,4], "devicegroups": [], "users": [], "usergroups": [] } } |