diff --git a/.github/workflows/dogfood-gitops.yml b/.github/workflows/dogfood-gitops.yml
index 905f503b0a..68fc00cee1 100644
--- a/.github/workflows/dogfood-gitops.yml
+++ b/.github/workflows/dogfood-gitops.yml
@@ -79,3 +79,4 @@ jobs:
DOGFOOD_EXPLORE_DATA_ENROLL_SECRET: ${{ secrets.DOGFOOD_EXPLORE_DATA_ENROLL_SECRET }}
DOGFOOD_CALENDAR_API_KEY: ${{ secrets.DOGFOOD_CALENDAR_API_KEY }}
DOGFOOD_VIRTUAL_MACHINES_ENROLL_SECRET: ${{ secrets.DOGFOOD_VIRTUAL_MACHINES_ENROLL_SECRET }}
+ DOGFOOD_IPHONES_ENROLL_SECRET: ${{ secrets.DOGFOOD_IPHONES_ENROLL_SECRET }}
diff --git a/it-and-security/lib/configuration-profiles/ios-content-filtering.mobileconfig b/it-and-security/lib/configuration-profiles/ios-content-filtering.mobileconfig
new file mode 100644
index 0000000000..11dfeff2ff
--- /dev/null
+++ b/it-and-security/lib/configuration-profiles/ios-content-filtering.mobileconfig
@@ -0,0 +1,48 @@
+
+
+
+
+ PayloadContent
+
+
+ AutoFilterEnabled
+
+ BlacklistedURLs
+
+ https://example.com
+
+
+ FilterBrowsers
+
+ FilterSockets
+
+ FilterType
+ BuiltIn
+ PayloadDescription
+ Configures content filtering settings
+ PayloadDisplayName
+ Web Content Filter
+ PayloadIdentifier
+ com.apple.webcontent-filter.1B111C68-501E-44C3-A564-296C9D5D01C3
+ PayloadType
+ com.apple.webcontent-filter
+ PayloadUUID
+ 1B111C68-501E-44C3-A564-296C9D5D01C3
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Content filtering
+ PayloadIdentifier
+ Lucass-MacBook-Pro.72E4CE0F-8246-4B81-BC28-AD16C7CD43E0
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ 9555632D-5053-4A89-94D9-EC4510BB8DC6
+ PayloadVersion
+ 1
+
+
diff --git a/it-and-security/lib/configuration-profiles/ios-lock-screen-message.mobileconfig b/it-and-security/lib/configuration-profiles/ios-lock-screen-message.mobileconfig
new file mode 100644
index 0000000000..7190fc86f9
--- /dev/null
+++ b/it-and-security/lib/configuration-profiles/ios-lock-screen-message.mobileconfig
@@ -0,0 +1,39 @@
+
+
+
+
+ PayloadContent
+
+
+ AssetTagInformation
+ This is a Fleet owned device
+ IfLostReturnToMessage
+ Fleet Device Management Inc.
+ PayloadDescription
+ Configures ownership information for a shared device
+ PayloadDisplayName
+ Lock Screen Message
+ PayloadIdentifier
+ com.apple.shareddeviceconfiguration.E6872230-52C6-4443-AE57-4BB6503C6E01
+ PayloadType
+ com.apple.shareddeviceconfiguration
+ PayloadUUID
+ E6872230-52C6-4443-AE57-4BB6503C6E01
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Lock Screen Message
+ PayloadIdentifier
+ Lucass-MacBook-Pro.D0BED3AA-FC16-4276-A8A3-457AA8558C1E
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ 24C286C4-D755-473D-8E09-5E5C0F152BD1
+ PayloadVersion
+ 1
+
+
diff --git a/it-and-security/lib/configuration-profiles/ios-passcode-settings-ddm.json b/it-and-security/lib/configuration-profiles/ios-passcode-settings-ddm.json
new file mode 100644
index 0000000000..9b7d59f166
--- /dev/null
+++ b/it-and-security/lib/configuration-profiles/ios-passcode-settings-ddm.json
@@ -0,0 +1,10 @@
+{
+ "Type": "com.apple.configuration.passcode.settings",
+ "Identifier": "956e0d14-6019-479b-a6f9-a69ef77668c5",
+ "Payload": {
+ "MaximumFailedAttempts": 10,
+ "MaximumInactivityInMinutes": 5,
+ "MinimumLength": 12,
+ "MinimumComplexCharacters": 1
+ }
+}
diff --git a/it-and-security/lib/configuration-profiles/ios-restrictions.mobileconfig b/it-and-security/lib/configuration-profiles/ios-restrictions.mobileconfig
new file mode 100644
index 0000000000..d63e70fbf9
--- /dev/null
+++ b/it-and-security/lib/configuration-profiles/ios-restrictions.mobileconfig
@@ -0,0 +1,271 @@
+
+
+
+
+ HasRemovalPasscode
+
+ PayloadContent
+
+
+ PayloadDescription
+ Configures restrictions
+ PayloadDisplayName
+ Restrictions
+ PayloadIdentifier
+ com.apple.applicationaccess.A001D62E-9217-47F0-9ECF-C5E3F548F9EF
+ PayloadType
+ com.apple.applicationaccess
+ PayloadUUID
+ A001D62E-9217-47F0-9ECF-C5E3F548F9EF
+ PayloadVersion
+ 1
+ allowActivityContinuation
+
+ allowAddingGameCenterFriends
+
+ allowAirPlayIncomingRequests
+
+ allowAirPrint
+
+ allowAirPrintCredentialsStorage
+
+ allowAirPrintiBeaconDiscovery
+
+ allowAppCellularDataModification
+
+ allowAppClips
+
+ allowAppInstallation
+
+ allowAppRemoval
+
+ allowApplePersonalizedAdvertising
+
+ allowAssistant
+
+ allowAssistantWhileLocked
+
+ allowAutoCorrection
+
+ allowAutoUnlock
+
+ allowAutomaticAppDownloads
+
+ allowBluetoothModification
+
+ allowBookstore
+
+ allowBookstoreErotica
+
+ allowCamera
+
+ allowCellularPlanModification
+
+ allowChat
+
+ allowCloudBackup
+
+ allowCloudDocumentSync
+
+ allowCloudPhotoLibrary
+
+ allowContinuousPathKeyboard
+
+ allowDefinitionLookup
+
+ allowDeviceNameModification
+
+ allowDeviceSleep
+
+ allowDictation
+
+ allowESIMModification
+
+ allowEnablingRestrictions
+
+ allowEnterpriseAppTrust
+
+ allowEnterpriseBookBackup
+
+ allowEnterpriseBookMetadataSync
+
+ allowEraseContentAndSettings
+
+ allowExplicitContent
+
+ allowFilesNetworkDriveAccess
+
+ allowFilesUSBDriveAccess
+
+ allowFindMyDevice
+
+ allowFindMyFriends
+
+ allowFingerprintForUnlock
+
+ allowFingerprintModification
+
+ allowGameCenter
+
+ allowGlobalBackgroundFetchWhenRoaming
+
+ allowInAppPurchases
+
+ allowKeyboardShortcuts
+
+ allowManagedAppsCloudSync
+
+ allowMultiplayerGaming
+
+ allowMusicService
+
+ allowNews
+
+ allowNotificationsModification
+
+ allowOpenFromManagedToUnmanaged
+
+ allowOpenFromUnmanagedToManaged
+
+ allowPairedWatch
+
+ allowPassbookWhileLocked
+
+ allowPasscodeModification
+
+ allowPasswordAutoFill
+
+ allowPasswordProximityRequests
+
+ allowPasswordSharing
+
+ allowPersonalHotspotModification
+
+ allowPhotoStream
+
+ allowPredictiveKeyboard
+
+ allowProximitySetupToNewDevice
+
+ allowRadioService
+
+ allowRemoteAppPairing
+
+ allowRemoteScreenObservation
+
+ allowSafari
+
+ allowScreenShot
+
+ allowSharedStream
+
+ allowSpellCheck
+
+ allowSpotlightInternetResults
+
+ allowSystemAppRemoval
+
+ allowUIAppInstallation
+
+ allowUIConfigurationProfileInstallation
+
+ allowUSBRestrictedMode
+
+ allowUnpairedExternalBootToRecovery
+
+ allowUntrustedTLSPrompt
+
+ allowVPNCreation
+
+ allowVideoConferencing
+
+ allowVoiceDialing
+
+ allowWallpaperModification
+
+ allowiTunes
+
+ forceAirDropUnmanaged
+
+ forceAirPrintTrustedTLSRequirement
+
+ forceAssistantProfanityFilter
+
+ forceAuthenticationBeforeAutoFill
+
+ forceAutomaticDateAndTime
+
+ forceClassroomAutomaticallyJoinClasses
+
+ forceClassroomRequestPermissionToLeaveClasses
+
+ forceClassroomUnpromptedAppAndDeviceLock
+
+ forceClassroomUnpromptedScreenObservation
+
+ forceDelayedSoftwareUpdates
+
+ forceEncryptedBackup
+
+ forceITunesStorePasswordEntry
+
+ forceLimitAdTracking
+
+ forceWatchWristDetection
+
+ forceWiFiPowerOn
+
+ forceWiFiWhitelisting
+
+ ratingApps
+ 1000
+ ratingMovies
+ 1000
+ ratingRegion
+ us
+ ratingTVShows
+ 1000
+ safariAcceptCookies
+ 2
+ safariAllowAutoFill
+
+ safariAllowJavaScript
+
+ safariAllowPopups
+
+ safariForceFraudWarning
+
+
+
+ AssetTagInformation
+ This is a FleetDM owned device
+ IfLostReturnToMessage
+ Fleet Device Management Inc.
+ PayloadDescription
+ Configures ownership information for a shared device
+ PayloadDisplayName
+ Lock Screen Message
+ PayloadIdentifier
+ com.apple.shareddeviceconfiguration.8A2A7B75-4E65-42EF-AC09-B1F8A7EE94B5
+ PayloadType
+ com.apple.shareddeviceconfiguration
+ PayloadUUID
+ 8A2A7B75-4E65-42EF-AC09-B1F8A7EE94B5
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Restrictions
+ PayloadIdentifier
+ Lucass-MacBook-Pro.47AF8BD0-DC78-4814-98A1-40B927B3408E
+ PayloadRemovalDisallowed
+
+ PayloadType
+ Configuration
+ PayloadUUID
+ A5EE2362-BF54-45F4-A00F-55B1E990A4C0
+ PayloadVersion
+ 1
+
+
diff --git a/it-and-security/teams/iphones.yml b/it-and-security/teams/iphones.yml
new file mode 100644
index 0000000000..c41faaeca5
--- /dev/null
+++ b/it-and-security/teams/iphones.yml
@@ -0,0 +1,38 @@
+name: iPhones
+team_settings:
+ features:
+ enable_host_users: true
+ enable_software_inventory: true
+ host_expiry_settings:
+ host_expiry_enabled: false
+ host_expiry_window: 0
+ secrets:
+ - secret: $DOGFOOD_IPHONES_ENROLL_SECRET
+ integrations:
+ google_calendar:
+ enable_calendar_events: false
+agent_options:
+ path: ../lib/agent-options.yml
+controls:
+ enable_disk_encryption: true
+ macos_settings:
+ custom_settings:
+ - path: ../lib/configuration-profiles/ios-restrictions.mobileconfig
+ - path: ../lib/configuration-profiles/ios-passcode-settings-ddm.json
+ - path: ../lib/configuration-profiles/ios-lock-screen-message.mobileconfig
+ - path: ../lib/configuration-profiles/ios-content-filtering.mobileconfig
+ macos_setup:
+ bootstrap_package: ""
+ enable_end_user_authentication: true
+ macos_setup_assistant: null
+ macos_updates:
+ deadline: ""
+ minimum_version: ""
+ windows_settings:
+ custom_settings: null
+ windows_updates:
+ deadline_days: 7
+ grace_period_days: 2
+ scripts: []
+policies: []
+queries: []