Iphone Configuration Utility
Iphone Configuration Utility
Iphone Configuration Utility
Introduction
Read this document to learn how to use iPhone Configuration Utility to create configuration profiles. Configuration
profiles define how iOS devices work with your enterprise systems.
You can install configuration profiles on devices connected to a computer via USB using iPhone Configuration
Utility, or you can distribute configuration profiles by email or on a webpage. When users open the email attachment
or download the profile using Safari on their device, they’re prompted to begin the installation process. If you’re
using a Mobile Device Management server, you can distribute an initial profile that contains just the server
configuration information, then have the device obtain all other profiles wirelessly.
Configuration profiles can be encrypted and signed, which lets you restrict their use to a specific device and
prevents anyone from changing the settings that a profile contains. You can also mark a profile as being locked to
the device, so once installed, it can be removed only by wiping the device of all data, or optionally, by entering a
passcode.
With the exception of passwords, users cannot change the settings provided in a configuration profile. Accounts that
are configured by a profile, such as Exchange accounts, can only be removed by deleting the profile.
Windows Vista Service Pack 1 with .NET Framework 3.5 Service Pack 1
You can download the .Net Framework 3.5 Service Pack 1 installer at: www.microsoft.com/downloads/details.aspx?
FamilyID=d0e5dea7-ac26-4ad7-b68c-fe5076bba986&displaylang=en
The iPhone Configuration Utility lets you create an Outlook message with a configuration profile as an attachment.
You can also assign users’ names and email addresses from your desktop address book to devices that you’ve
configured by connecting them to your computer. Both of these features require Outlook, and aren’t compatible with
Outlook Express. On Windows XP computers, you may need to install 2007 Microsoft Office System Update:
Redistributable Primary Interop Assemblies. This is necessary if Outlook was installed before .NET Framework 3.5
Service Pack 1.
When you run the iPhone Configuration Utility installer, the utility is installed in Programs\iPhone Configuration
Utility.
Note: Configuration profiles created with iPhone Configuration Utility 3.6.2 fully support iOS 6.1 devices. You can
use these profiles with earlier iOS releases, but payloads and settings that aren’t supported by a release are
ignored.
In iPhone Configuration Utility, the sidebar shows the Library, which contains the following categories:
Devices shows a list of iOS devices that have been connected to your computer.
Applications lists your apps that are available to install on devices attached to your computer. A provisioning profile
might be needed for an app to run on a device.
Provisioning Profiles lists profiles that permit the use of the device for iOS development, as authorized by Apple
Developer Connection. Provisioning profiles also allow devices to run enterprise apps that aren’t distributed
through the App Store.
Configuration Profiles lists the configuration profiles you previously created, and lets you edit the information you
entered, or create a new configuration that you can send to a user or install on a connected device.
The sidebar also shows information about iOS devices currently connected to your computer via USB. Information
about a connected device is automatically added to the Devices list, so you can view it again without having to
reconnect the device. After a device has been connected, you can also encrypt profiles for use on only that device.
When a device is connected, you can use iPhone Configuration Utility to install configuration profiles and apps on
the device. You can also view the console log, which is the same log that’s available in the Xcode development
environment.
Although you can create a single configuration profile that contains all of the payloads you need for your
organization, consider creating separate profiles that allow you to enforce policies while granting access, as well as
provide updates to any settings that may change.
Many of the payloads let you specify user names and passwords. If you omit this information, the user is asked to
enter the missing information when the profile is installed. If you include passwords, you should distribute the
profile in encrypted format to protect its contents. For more information see About installing configuration profiles.
To create a new configuration profile, click the New button in the iPhone Configuration Utility toolbar. You add
payloads to the profile using the payloads list. Then you edit the payloads by entering and selecting options that
appear in the editing pane. Required fields are marked with a red arrow. For some settings such as Wi-Fi, you can
click the Add button (+) to add a configuration. To remove a configuration, click the Delete button (–) in the editing
pane.
To edit a payload, select the appropriate item in the payloads list, click the Configure button, and then fill in the
information as described in this document.
General settings
This is where you provide the name and identifier of the profile, and specify whether users can remove the profile
after it’s installed.
Setting Description
Name The name you specify appears in the profiles list and is
displayed on the device after the configuration profile is
installed. The name doesn’t have to be unique, but you should
use a descriptive name that identifies the profile.
Identifier The profile identifier must uniquely identify this profile and must
use the reverse DNS format com.companyname.identifier, where
identifier describes the profile—for example,
com.mycompany.homeoffice.
Organization Enter the name of your organization, to help users identify the
source of this profile.
Consent Message Enter a brief message that will be displayed, and the user will be
asked to acknowledge, when the profile is installed.
Automatically Remove Profile The profile is automatically deleted from the device after the
interval (in days, following installation) or a specific date has
expired. Profile expirations are evaluated by the device once per
day.
Passcode settings
Use this payload to set device policies if you aren’t using Exchange passcode policies. You can specify whether a
passcode is required in order to use the device, and specify characteristics of the passcode and how often it must
be changed. When the configuration profile is loaded, the user is immediately required to enter a passcode that
meets the policies you select. Otherwise, the profile won’t be installed.
If you use device policies and Exchange passcode policies, the two sets of policies are merged and the strictest
settings are enforced. For information about supported Exchange ActiveSync policies, see the article “Exchange
ActiveSync and iOS Devices.”
Setting Description
Allow simple value Permits users to use sequential or repeated characters in their
passcodes. (For example, this would allow the passcodes “3333”
or “DEFG.”)
Require alphanumeric value Requires that the passcode contain at least one letter or number.
Minimum passcode length Specifies the minimum number of characters a passcode can
contain.
Minimum number of complex characters The minimum number of non-alphanumeric characters (such as
$, &, and !) that the passcode must contain.
Maximum passcode age Requires users to change their passcode at the interval (in days)
you specify.
Maximum Auto-Lock If the device isn’t used for number of minutes you specify, it
automatically locks. Entering the passcode unlocks it. This
setting specifies the maximum value the user is allowed to
configure.
Maximum Grace period for device lock Specifies how soon the device can be unlocked again after use,
without prompting again for the passcode. This setting specifies
the maximum value the user is allowed to configure. Setting this
to None allows the user to choose any of the intervals available.
Setting this to Immediately requires a passcode every time the
device is unlocked.
Maximum number of failed attempts Determines how many failed passcode attempts can be made
before the device is wiped. After six failed passcode attempts,
the device imposes a time delay before a passcode can be
entered again. The time delay increases with each failed
attempt. After the final failed attempt, all data and settings are
securely erased from the device. The passcode time delay
begins after the sixth attempt, so if you set this value to 6 or
lower, no time delay is imposed and the device is erased when
the attempt limit is exceeded.
Device functionality
Setting Description
Allow installing apps When this option is off, the App Store is disabled and its icon is
removed from the Home screen. Users are unable to install or
update apps using the App Store or iTunes.
Allow use of camera When this option is off, cameras are completely disabled and the
Camera icon is removed from the Home screen. Users can’t take
photographs or videos, or use FaceTime.
Allow FaceTime When this option is off, users can’t place or receive FaceTime
video calls.
Allow screen capture When this option is off, users can’t save a screenshot of the
display.
Allow automatic sync while roaming When this option is off, devices that are roaming will sync only
when an account is accessed by the user.
Allow Siri When this option is off, users can’t use Siri, voice commands, or
dictation.
Allow Siri while device locked When this option is off, users must unlock the device with their
passcode before using Siri.
Allow voice dialing When this option is off, users can’t dial their phone using voice
commands.
Allow Passbook while device is locked When this option is off, the device doesn’t display Passbook
notifications while locked.
Allow In-App purchase When this option is off, users can’t make in-app purchases.
Force user to enter store password for all purchases Requires users to enter their Apple ID password before making
any purchase. Normally, there’s a brief grace period after a
purchase is made before users have to authenticate for
subsequent purchases.
Allow multiplayer gaming When this option is off, users can’t play multiplayer games in
Game Center.
Allow adding Game Center friends When this option is off, users can’t add friends in Game Center.
Applications
Setting Description
Allow use of YouTube When this option is off, the YouTube app is disabled and its icon
is removed from the Home screen. (The YouTube app is
included with iOS 5 and earlier.)
Allow use of the iTunes Store When this option is off, the iTunes Store is disabled and its icon
is removed from the Home screen. Users can’t preview, purchase,
or download content.
Allow use of Safari When this option is off, the Safari web browser app is disabled
and its icon removed from the Home screen. This also prevents
users from opening web clips.
Enable autofill When this option is off, Safari doesn’t remember what users enter
in web forms.
Force Fraud warning When this option is off, Safari doesn’t attempt to prevent the user
from visiting websites identified as being fraudulent or
compromised.
Enable JavaScript When this option is off, Safari ignores all javascript on websites.
Block pop-ups When this option is off, Safari’s pop-up blocking feature is
disabled.
Accept cookies Choose to accept all cookies, accept no cookies, or reject cookies
from sites not directly accessed.
iCloud
Setting Description
Allow backup When this option is on, users can back up their device to iCloud.
Allow document sync When this option is on, users can store documents in iCloud.
Allow Photo Stream When this option is on, users can enable Photo Stream.
Allow shared photo streams When this option is on, users can invite others to view their photo
streams and can view photo streams shared by others.
iPhone Configuration Utility ► Creating configuration profiles ► Restrictions settings
Setting Description
Allow diagnostic data to be sent to Apple When this option is off, iOS diagnostic information isn’t sent to
Apple.
Allow user to accept untrusted TLS certificates When this option is off, users will not be asked if they want to
trust certifications that cannot be verified. This setting applies to
Safari and to Mail, Contacts, and Calendar accounts.
Force encrypted backups When this option is off, users can choose whether or not device
backups performed in iTunes are stored in encrypted format on
their computer. If any profile is encrypted and this option isn’t
turned off, encryption of backups is required and enforced by
iTunes. Profiles installed on the device by iPhone Configuration
Utility are always encrypted. For more information about iTunes
backups, see the article Deploying iTunes for iOS Devices.
Content ratings
Select a ratings region, then select maximum allowed ratings for movies, TV shows, and apps.
Setting Description
Allow explicit music, podcasts, and iTunes U When this option is off, explicit music or video content in the
iTunes Store is hidden. Explicit content is flagged by content
providers.
Allow iBookstore erotica When this option is off, erotica in the iBookstore is hidden.
Explicit content is flagged by content providers.
Enterprise settings
In this section, you specify settings for connecting to enterprise networks. These settings appear when you choose
an Enterprise setting in the Security Type pop-up menu.
In the Protocols tab, you specify which EAP methods to use for authentication, and configure the EAP-FAST
Protected Access Credential settings.
In the Authentication tab, you specify sign-in settings, such as user name and authentication protocols. If you’ve
installed an identity using the Credentials section, you can choose it using the Identity Certificate pop-up menu.
In the Trust tab, you specify which certificates should be trusted for the purpose of validating the authentication
server for the Wi-Fi connection. The Trusted Certificates list shows certificates that have been added using the
Credentials tab, and lets you select which certificates are trusted. Add the names of the authentication servers to be
trusted to the Trusted Server Certificates Names list. You can specify a particular server, such as
server.mycompany.com, or a partial name such as *.mycompany.com.
For information about supported VPN protocols and authentication methods, see the the article VPN Servier
Configuration for iOS Devices. The options available vary by the protocol and authentication method you select.
To configure F5 SSL, Juniper SSL, SonicWALL Mobile Conntect, Aruba Networks VIA, Check Point Mobile,
OpenVPN, or Cisco AnyConnect, choose the appropriate item from the Connection Type pop-up menu. Make sure
that the Realm and Role (Juniper), Group (Cisco), or Login Group or Domain (SonicWALL) values match those
specified on the VPN server. Users must install both the configuration profile and the appropriate authentication
app from the App Store.
For other SSL VPN solutions, contact your vendor to see if they have an app in the App Store that can be configured
with iPhone Configuration Utility. Enter the configuration information you get from the vendor by choosing Custom
SSL from the Connection Type pop-up menu. Make sure the Identifier field matches the identifier specified by your
vendor’s VPN app and is in reverse DNS format (for example, com.example.myvpn). Your users must install both
the vendor’s app and the configuration profile to connect to your network.
Note: Shared secrets that contain quotation marks are not supported.
VPN On Demand
For certificate-based and SSL configurations, you can turn on VPN On Demand so that a VPN connection is
automatically established when accessing certain domains.
Setting Description
Always Initiates a VPN connection for any address that matches the
specified domain.
Never Doesn’t initiate a VPN connection for addresses that match the
specified domain, but if VPN is already active, it can be used.
Establish if needed Initiates a VPN connection for addresses that match the specified
domain, after a failed DNS look-up has occurred.
The action applies to all matching addresses. Use an asterisk (*) as a wildcard character. For example, * matches
all addresses, and *.example.com matches only those that end with example.com.
LDAP connections don’t initiate a VPN connection; if the VPN hasn’t already been established by another app, such
as Safari, the LDAP lookup fails.
The device closes a VPN session initiated by VPN On Demand after two minutes of inactivity. If the connection was
initiated manually using the Settings app, the VPN server’s timeout applies.
VPN proxy
iPhone supports manual VPN proxy, and automatic proxy configuration using PAC or WPAD. To specify a VPN proxy,
select an option from the Proxy Setup pop-up menu.
For PAC-based auto-proxy configurations, select Automatic from the pop-up menu and enter the URL of a PAC file.
For Web Proxy Autodiscovery (WPAD) configurations, select Automatic from the pop-up menu. If you leave the Proxy
Server URL field empty, iPhone will request the WPAD file using DHCP and DNS.
Mail settings
Use this payload to configure POP or IMAP mail accounts for the user. iOS supports industry-standard IMAP4 and
POP3 mail solutions on a range of server platforms, including OS X, Windows, UNIX, and Linux.
Users can change some of the mail settings you provide in a profile, such as the account name, password, and
alternative SMTP servers. If you omit any of this information from the profile, users are asked to enter it when they
access the account.
You can add multiple mail accounts by clicking the Add button (+).
Setting Description
Allow Move When this option is off, the user cannot move messages sent or
received by this account to a different mail account. Also
prevents using another account to reply to or forward a message
from this account.
Allow Recent Address Syncing When this option is off, recently used addresses aren’t synced
with other devices using iCloud.
Use only in Mail This is an outgoing mail setting. This account can only be used
to send messages from Mail. It cannot be selected as a sending
account for messages created by other apps, such as Photos or
Safari.
Use S/MIME This is an outgoing mail setting. To select the signing and
encryption certificates to use with this account, you must first add
them using the Credentials pane. The identities must be
enabled for Key Encipherment, and their Common Name must
match the email address specified in this payload.
You can configure multiple Exchange accounts by clicking the Add button (+).
Setting Description
Allow Move When this option is off, the user cannot move messages sent or
received by this account to a different mail account. Also
prevents using another account to reply to or forward a message
from this account.
Allow Recent Address Syncing When this option is off, recently used addresses aren’t synced
with other devices using iCloud.
Use only in Mail This account can only be used to send messages from Mail. It
cannot be selected as a sending account for messages created
by other apps, such as Photos or Safari.
Use S/MIME This is an outgoing mail setting. To select the signing and
encryption certificates to use with this account, you must first add
them using the Credentials pane. The identities must be
enabled for Key Encipherment and their Common Name must
match the email address specified in this payload.
Identity Certificate Select the identity certificate used to authenticate with the
Exchange ActiveSync Server. The certificate must first be added
using the Credentials pane. See Credentials settings.
If some of your users have devices with iOS 4, after selecting the
certificate, turn on “Make Identity Certificate Compatible with
iOS 4.” This embeds the certificate in the Exchange payload, in
addition to referencing it from the Credentials payload.
Configuration profiles that use this older method are also
compatible with iOS 5.
If you select the Use SSL option, use the Credentials pane to add any root or intermediate certificates that are
necessary to validate the server’s SSL certificate.
For information about requirements and supported features, see the article Exchange ActiveSync and iOS Devices.
givenName First
sn Last
mail Email
facsimileTelephoneNumber Fax
o Company
title Title
buildingName Building
street Street
l City
postalCode Zip
c Country
jpegPhoto Photo
homePhone Home
postalAddress Address
Calendar settings
iPhone, iPod touch, and iPad synchronize calendar data with your company’s Calendar server. Changes to the
calendar are periodically updated between the device and server.
Use this payload to provide account settings for connecting to a CalDAV-compliant calendar server. These accounts
will be added to the device. As with Exchange accounts, users need to manually enter information you omit from the
profile, such as their account password, when the profile is installed.
Creating and responding to new calendar invitations from a device is supported for CalDAV servers that support the
“calendar-auto-schedule” specification.
If you select the Use SSL option, use the Credentials pane to add any root or intermediate certificates that are
necessary to validate the server’s SSL certificate.
If you select the Use SSL option, use the Credentials pane to add any root or intermediate certificates that are
necessary to validate the server’s SSL certificate.
Contacts settings
iOS devices retrieve contact information from your company’s contact list. You can access directories when
searching in Contacts, and those directories are automatically used to complete email addresses as you enter
them.
Use this payload to provide account settings for connecting to a CardDAV-compliant contact server. If you omit the
account information, users need to manually enter it when the profile is installed.
If you select the Use SSL option, use the Credentials pane to add any root or intermediate certificates that are
necessary to validate the server’s SSL certificate.
If you choose to prevent the user from removing the web clip, it cannot be deleted from the device unless the user
removes the configuration profile that installed it.
To add a custom icon, select a graphic file in GIF, JPEG, or PNG format. For best results, provide a square image
that’s no larger than 400 x 400 pixels and less than 1 MB in size when uncompressed. The graphic will be
automatically scaled and cropped to fit, if necessary, and converted to PNG format. Web clip icons are 104 x 104
pixels for devices with a Retina display, and 57 x 57 pixels for all other devices. To prevent the device from adding a
shine to the image, choose Precomposed Icon.
Credentials settings
iOS devices can use X.509 certificates with RSA keys. The file extensions .cer, .crt, and .der are recognized.
Use the Credentials settings payload to add certificates and identities to the device. When an identity is installed,
the user is prompted for the passphrase that protects it, unless you include the passphrase in the payload.
When you install credentials, you should also install the intermediate certificates that are necessary to establish a
chain to a trusted certificate that’s on the device. To view a list of the preinstalled roots, see the Apple Support article
at: http://support.apple.com/kb/HT4415
If the credential isn’t available in your personal certificate store, you must add it.
Adding credentials: Select the certificate you want from the Windows certificate store. The private key must be
marked as exportable, which is one of the options offered by the Certificate Import Wizard. Adding root
certificates requires administrator access to the computer, and the certificate must be added to the personal
certificate store.
If you include the certificate passphrase in the payload, you should encrypt the configuration profile when you export
it. If you omit the passphrase, the user will be asked to enter it when the profile is installed.
Instead of installing certificates using a configuration profile, you can let users use Safari to download the
certificates to their device from a webpage. Or, you can email certificates to users. You can also use the SCEP
Settings, described below, to specify how the device obtains certificates over the air when the profile is installed.
To add an identity for use with Microsoft Exchange, use the Exchange payload instead. See Exchange ActiveSync
settings.
SCEP settings
The SCEP payload lets you specify settings that allow the device to obtain certificates from a CA using Simple
Certificate Enrollment Protocol (SCEP).
Setting Description
Subject Alternative Name Specify the type and value of an alternative name for the SCEP
server. Valid values are an email address (RFC-822), the DNS
name of the server, or the server’s fully qualified URL.
Challenge A pre-shared secret the SCEP server can use to identify the
request or user.
Key Size and Usage Select a key size, and—using the checkboxes below this field—
the acceptable uses of the key.
Fingerprint If your Certificate Authority uses HTTP, use this field to provide
the fingerprint of the CA’s certificate, which the device will use to
confirm authenticity of the CA’s response during the enrollment
process. You can enter a SHA1 or MD5 fingerprint, or select a
certificate to import its signature.
Retries The number of times the device should try again if the server
sends a pending response.
The Mobile Device Management server can install configuration profiles, but can only remove configuration profiles
that it installed. To make sure that you can update or remove configurations, once a device has been configured to
use the server, you should distribute all your configuration profiles wirelessly.
Setting Description
Server URL The fully-qualified, publicly accessible URL of the MDM server. It
must begin with https://, and can specify a port number.
Example: https://mdm.example.org:nnnn
Check In URL An optional, fully-qualified URL that the device contacts after
being notified there’s a profile available for installation. It must
begin with https:// and can specify a port number. Example:
https://mdm.example.org:nnnn
Identity Select the certificate that the device uses to identify itself to the
MDM server. Add the certificate to the device using the
Credentials pane, or use SCEP Settings to provide instructions
for the device to obtain the certificate using SCEP.
Sign Messages Instructs the device to add a signature header to every http
response to the MDM server. See your MDM server
documentation for information about using this option with your
server.
Check out when removed Instructs the device to notify the MDM server if this payload is
removed by the user.
Access Rights Use the Access Rights checkboxes to specify the rights granted to
the MDM server.
The options you select here work together with your MDM server.
See its documentation for information.
Apple Push Notification Service If you enable Use Development APNS Server, the device listens
for all push notifications from the Apple Push Notification Server
development server. This should be used only during
development of MDM server software.
In order to communicate with an MDM server, the device must be able to contact the Apple Push Notification Server.
If your devices connect to your internal network, be sure to allow connections to 17.*.*.* addresses.
APN settings
The APN Settings payload lets you change the device’s Access Point Name (APN) and cell network proxy settings.
These settings define how the device connects to the carrier’s network. Change these settings only if instructed to
do so by a carrier network expert. If these settings are incorrect, the device can’t access data using the cellular
network. To undo a change to these settings, remove the profile from the device.
The Identifier field in the General payload is used by devices to determine whether a profile is new or an update to
an existing profile. If you want the updated profile to replace one that users have already installed, don’t change the
Identifier.
You can also distribute profiles using a Mobile Device Management server.
After a moment, the device appears in the Devices list in iPhone Configuration Utility.
2. Select the device, and then click the Configuration Profiles tab.
3. Select a configuration profile from the list, and then click Install.
When you install a configuration profile directly on a device using USB, the configuration profile is automatically
signed and encrypted before being transferred to the device. iPhone Configuration Utility automatically installs a
certificate on the device for this purpose; you can see the certificate in the Summary pane. The message “This
certificate was signed by an untrusted issuer” is normal and expected, because it’s self-signed. Any updates to this
profile must be signed by the same copy of iPhone Configuration Utility. For this reason, you should use one copy of
the utility to install and export configuration profiles.
None: A plain text .mobileconfig file is created. It can be installed on any device. Some content in the file is
obfuscated to prevent casual snooping if the file is examined.
Sign Configuration Profile: The .mobileconfig file is signed and can be installed by any device, as long as
the profile hasn’t been altered. Once installed, the profile can be updated only by a profile that has the same
identifier and is signed by the same copy of iPhone Configuration Utility.
Create and Sign Encrypted Configuration Profile For Each Selected Device: This option signs the profile so
it cannot be altered, and encrypts all of the content so the profile cannot be examined and can be installed
only on a specific device. Use this option if the profile contains passwords. Separate .mobileconfig files are
created for each of the devices you select from the Devices list. If a device doesn’t appear in the list, either it
hasn’t been previously connected to the computer so that the encryption key can be obtained, or it hasn’t
been upgraded to iOS 3.0 or later.
2. Click Share, and a new Outlook message opens with the profiles added as uncompressed attachments. The
files must remain uncompressed, so that the device can recognize and install the profile.
None: A plain text .mobileconfig file is created. It can be installed on any device. Some content in the file is
obfuscated to prevent casual snooping if the file is examined, but you should make sure that, when you put
the file on your website, it’s accessible only by authorized users.
Sign Configuration Profile: The .mobileconfig file is signed and won’t be installed by a device if it’s altered.
Once installed, the profile can be updated only by a profile that has the same identifier and is signed by the
same copy of iPhone Configuration Utility. You should make sure that, when you put the file on your website,
it’s accessible only by authorized users.
Sign and Encrypt Profile: This option signs the profile so it cannot be altered, and encrypts all of the contents
so the profile cannot be examined and can only be installed on a specific device. Separate .mobileconfig
files are created for each of the devices you select from the Devices list.
2. Click Export, and then select a location to save the .mobileconfig files.
The files are ready for posting on your website. Don’t compress the .mobileconfig file or change its extension, or the
device won’t recognize and install the profile.
During installation, the user is asked to enter any necessary information, such as passwords that weren’t specified
in the profile, and any other information that’s required by the settings you specified.
The device also retrieves the Exchange ActiveSync policies from the server, and refreshes the policies, if they
change, with every subsequent connection. If the device or Exchange ActiveSync policies enforce a passcode
setting, the user must enter a passcode that complies with the policy in order to complete the installation.
The user is also asked to enter any passwords necessary for using certificates included in the profile.
If the installation isn’t successful—perhaps because the Exchange server was unreachable or the user cancelled
the process—none of the information entered by the user is kept.
Settings enforced by a configuration profile cannot be changed on the device. To change a setting, you must install
an updated profile. If the profile was signed, it can be replaced only by a profile signed by the same copy of iPhone
Configuration Utility. The identifier in both profiles must match. For more information about the identifier, see
General settings.
Important: Removing a configuration profile removes all policies and information (including mail accounts)
associated with the profile.
If the General Settings payload of the profile specifies that it cannot be removed by the user, the Remove button
doesn’t appear. If the settings permit removal using an authorization password, the user is asked to enter the
password after tapping Remove. For more information about profile security settings, see General settings.
Apple, the Apple logo, FaceTime, iCloud, iPad, iPhone, iPod, iPod touch, iTunes, Mac, Mac OS, Safari, and Xcode are trademarks of Apple Inc., registered in the U.S. and other countries.
Retina is a trademark of Apple Inc. iTunes Store is a service mark of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.
IOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license.
Other company and product names mentioned herein may be trademarks of their respective companies.
Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the
performance or use of these products. All understandings, agreements, or warranties, if any, take place directly between the vendors and the prospective users. Every effort has been made to
ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors.