# # █████╗ ██████╗ ██████╗ ██╗ ███████╗ # ██╔══██╗██╔══██╗██╔══██╗██║ ██╔════╝ # ███████║██████╔╝██████╔╝██║ █████╗ # ██╔══██║██╔═══╝ ██╔═══╝ ██║ ██╔══╝ # ██║ ██║██║ ██║ ███████╗███████╗ # ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ # - name: Install profile platform: apple category: Profile managment description: Install a configuration profile on a device. externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/install-profile-command supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command Payload PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBs aXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQTElTVCAxLjAvL0VOIiAiaHR0cDovL3d3 dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJz aW9uPSIxLjAiPgo8ZGljdD4KCTxrZXk+UGF5bG9hZENvbnRlbnQ8L2tleT4KCTxhcnJh eT4KCQk8ZGljdD4KCQkJPGtleT5QYXlsb2FkRGVzY3JpcHRpb248L2tleT4KCQkJPHN0 cmluZz5Db25maWd1cmVzIHJlc3RyaWN0aW9uczwvc3RyaW5nPgoJCQk8a2V5PlBheWxv YWREaXNwbGF5TmFtZTwva2V5PgoJCQk8c3RyaW5nPlJlc3RyaWN0aW9uczwvc3RyaW5n PgoJCQk8a2V5PlBheWxvYWRJZGVudGlmaWVyPC9rZXk+CgkJCTxzdHJpbmc+Y29tLmFw cGxlLmFwcGxpY2F0aW9uYWNjZXNzLkVENzE2QUU5LUFFODktNENFQy1BNzE3LUYyMTU2 N0UwRjUxMjwvc3RyaW5nPgoJCQk8a2V5PlBheWxvYWRUeXBlPC9rZXk+CgkJCTxzdHJp bmc+Y29tLmFwcGxlLmFwcGxpY2F0aW9uYWNjZXNzPC9zdHJpbmc+CgkJCTxrZXk+UGF5 bG9hZFVVSUQ8L2tleT4KCQkJPHN0cmluZz5FRDcxNkFFOS1BRTg5LTRDRUMtQTcxNy1G MjE1NjdFMEY1MTI8L3N0cmluZz4KCQkJPGtleT5QYXlsb2FkVmVyc2lvbjwva2V5PgoJ CQk8aW50ZWdlcj4xPC9pbnRlZ2VyPgoJCQk8a2V5PmFsbG93TG9ja1NjcmVlblRvZGF5 Vmlldzwva2V5PgoJCQk8ZmFsc2UvPgoJCQk8a2V5PnJhdGluZ1JlZ2lvbjwva2V5PgoJ CQk8c3RyaW5nPnVzPC9zdHJpbmc+CgkJPC9kaWN0PgoJPC9hcnJheT4KCTxrZXk+UGF5 bG9hZERpc3BsYXlOYW1lPC9rZXk+Cgk8c3RyaW5nPihVKSBhbGxvd0xvY2tTY3JlZW5U b2RheVZpZXc8L3N0cmluZz4KCTxrZXk+UGF5bG9hZElkZW50aWZpZXI8L2tleT4KCTxz dHJpbmc+Y29tLmFwcGxlLmRtcy5yZXN0cmljdGlvbnMuYWxsb3dMb2NrU2NyZWVuVG9k YXlWaWV3PC9zdHJpbmc+Cgk8a2V5PlBheWxvYWRSZW1vdmFsRGlzYWxsb3dlZDwva2V5 PgoJPGZhbHNlLz4KCTxrZXk+UGF5bG9hZFR5cGU8L2tleT4KCTxzdHJpbmc+Q29uZmln dXJhdGlvbjwvc3RyaW5nPgoJPGtleT5QYXlsb2FkVVVJRDwva2V5PgoJPHN0cmluZz42 OUE0RTVGRS03NUQxLTQyOTctQkQzMi01NDA3MTBFRDYzNjA8L3N0cmluZz4KCTxrZXk+ UGF5bG9hZFZlcnNpb248L2tleT4KCTxpbnRlZ2VyPjE8L2ludGVnZXI+CjwvZGljdD4K PC9wbGlzdD4K RequestType InstallProfile CommandUUID 0001_InstallProfile - name: Profile list platform: apple category: Profile managment externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/profile-list-command description: Get a list of installed profiles on a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command ManagedOnly RequestType ProfileList CommandUUID 0001_ProfileList - name: Remove profile platform: apple category: Profile managment externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/remove-profile-command description: Remove a previously installed profile from the device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command Identifier com.acme.myprofile RequestType RemoveProfile CommandUUID 0001_RemoveProfile - name: Install provisioning profile platform: apple category: Profile managment externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/install-provisioning-profile-command description: Install a provisioning profile on a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 11.0+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command ProvisioningProfile TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2Npbmcg ZWxpdC4gTWF1cmlzIGlwc3VtIGVyYXQsIHNlbXBlciBxdWlzIG1hc3NhIG5lYywgcHVs dmluYXIgcHVsdmluYXIgbWF1cmlzLiBBbGlxdWFtIGNvbW1vZG8gaWQgdXJuYSBzZWQg Y29uc2VxdWF0LiBEb25lYyBlZ2V0IGFsaXF1ZXQgYXVndWUuIEZ1c2NlIHF1aXMgdG9y dG9yIHZlbGl0LiBFdGlhbSBhdWN0b3IgdmVsIG1hc3NhIHNpdCBhbWV0IG1vbGxpcy4g TmFtIGVsZW1lbnR1bSB2aXRhZSBuZXF1ZSBhYyBhY2N1bXNhbi4gVml2YW11cyBpZCBs ZW8gYXVndWUuIFByb2luIGlhY3VsaXMgdWxsYW1jb3JwZXIgc2VtLCB2ZWwgZGFwaWJ1 cyBvcmNpIGNvbnNlcXVhdCBzaXQgYW1ldC4gQ3JhcyBhYyBtb2xlc3RpZSBleC4KCklu IG1vbGVzdGllIGJpYmVuZHVtIG1hZ25hIGlkIHVsdHJpY2VzLiBOYW0gZmF1Y2lidXMg anVzdG8gbmVjIGZlbGlzIHB1bHZpbmFyIGZhY2lsaXNpcy4gQ3JhcyBjb21tb2RvLCBk aWFtIGluIHRpbmNpZHVudCB1bHRyaWNlcywgcXVhbSBlbmltIHNvbGxpY2l0dWRpbiB0 dXJwaXMsIGV1IHRpbmNpZHVudCBuaXNpIGxvcmVtIGV0IGxpZ3VsYS4gU3VzcGVuZGlz c2UgcG90ZW50aS4gVmVzdGlidWx1bSBuZWMgbWFnbmEgZXUgbWV0dXMgbWF4aW11cyB1 bHRyaWNlcyBhIGNvbnZhbGxpcyBvcmNpLiBDcmFzIHF1aXMgdHVycGlzIHNvZGFsZXMs IHZhcml1cyBmZWxpcyBzZWQsIHNhZ2l0dGlzIG1hc3NhLiBQcmFlc2VudCBmZXJtZW50 dW0gbnVsbGEgZXUgbnVsbGEgcGhhcmV0cmEgY29tbW9kby4gSW50ZWdlciB1dCBkYXBp YnVzIG5pc2kuIE51bGxhIHZlaGljdWxhIHV0IGVsaXQgc2VkIHZlbmVuYXRpcy4gRG9u ZWMgZXQgZWdlc3RhcyBhbnRlLiBJbnRlcmR1bSBldCBtYWxlc3VhZGEgZmFtZXMgYWMg YW50ZSBpcHN1bSBwcmltaXMgaW4gZmF1Y2lidXMuIE1hZWNlbmFzIHJob25jdXMgbmlz aSByaXN1cywgZXQgc29kYWxlcyB2ZWxpdCB2b2x1dHBhdCBhdC4KClF1aXNxdWUgdmVo aWN1bGEgZXJvcyBlZmZpY2l0dXIgc2FwaWVuIGx1Y3R1cywgYSByaG9uY3VzIG51bGxh IHZlc3RpYnVsdW0uIFNlZCBzZW1wZXIganVzdG8gbm9uIHRyaXN0aXF1ZSBsb2JvcnRp cy4gUGhhc2VsbHVzIGV0IGVyYXQgZXQgbmliaCB2aXZlcnJhIHZvbHV0cGF0IGlkIHZl bCBtYXNzYS4gUGhhc2VsbHVzIHNlZCBhdWd1ZSBhIGVzdCBydXRydW0gZWZmaWNpdHVy LiBWaXZhbXVzIHZ1bHB1dGF0ZSBzY2VsZXJpc3F1ZSBydXRydW0uIE1hdXJpcyBwb3J0 YSBzYXBpZW4gdmVsIHNlbXBlciBzZW1wZXIuIEluIGhhYyBoYWJpdGFzc2UgcGxhdGVh IGRpY3R1bXN0LgoKQWxpcXVhbSBwb3J0dGl0b3Igbm9uIG1hc3NhIGVnZXQgY29uc2Vj dGV0dXIuIER1aXMgZWxlbWVudHVtIGxhY2luaWEgdG9ydG9yLCBhYyBwdWx2aW5hciBz ZW0gcGhhcmV0cmEgc2VkLiBJbnRlZ2VyIHJ1dHJ1bSBhdWd1ZSBlc3QsIGEgcmhvbmN1 cyBuaXNpIGNvbnZhbGxpcyBlZ2V0LiBDcmFzIGFjY3Vtc2FuIGZlbGlzIGlwc3VtLCBu ZWMgdml2ZXJyYSBuaXNpIGZpbmlidXMgbmVjLiBGdXNjZSBhdCBsdWN0dXMgc2FwaWVu LCBzZWQgdGluY2lkdW50IGVzdC4gUGVsbGVudGVzcXVlIGFsaXF1ZXQgYXVjdG9yIGRh cGlidXMuIE1hZWNlbmFzIGVnZXQgZHVpIHRlbXB1cywgbW9sbGlzIGxvcmVtIGVnZXQs IHZ1bHB1dGF0ZSBkdWkuIEluIGV1IGxpYmVybyBhcmN1LiBDcmFzIG1hdHRpcyBldWlz bW9kIG5pYmgsIGF0IHNlbXBlciBvZGlvIGRhcGlidXMgaW4uCgpEb25lYyB2ZWwgc29k YWxlcyBkb2xvci4gTWFlY2VuYXMgbWFsZXN1YWRhIGhlbmRyZXJpdCBuaXNpIHF1aXMg ZmVybWVudHVtLiBDcmFzIG5vbiBjb25kaW1lbnR1bSBsZWN0dXMuIFV0IGZhY2lsaXNp cyBmZWxpcyB2YXJpdXMgZXJhdCBhY2N1bXNhbiB2ZWhpY3VsYS4gTW9yYmkgbHVjdHVz IHRvcnRvciB2ZWwgYW50ZSBwb3N1ZXJlLCBldCBwb3J0YSBhdWd1ZSBwb3N1ZXJlLiBT dXNwZW5kaXNzZSBlZ2VzdGFzIGVmZmljaXR1ciB2ZW5lbmF0aXMuIE51bmMgZnJpbmdp bGxhIGVyb3MgdXQgb2RpbyB2dWxwdXRhdGUgcG9zdWVyZS4gTmFtIGVzdCBkaWFtLCBz Y2VsZXJpc3F1ZSBtb2xlc3RpZSBvZGlvIHNlZCwgbHVjdHVzIG1vbGVzdGllIHRvcnRv ci4gTWF1cmlzIG9ybmFyZSBuZXF1ZSBpZCBpbnRlcmR1bSB0cmlzdGlxdWUuIFZpdmFt dXMgdXQgcHVydXMgdmFyaXVzLCBwb3J0dGl0b3IgbG9yZW0gZXQsIGZhdWNpYnVzIGFu dGUuIE51bGxhbSBub24gZGljdHVtIGFudGUuIFBlbGxlbnRlc3F1ZSB2dWxwdXRhdGUg dHVycGlzIGF0IGFjY3Vtc2FuIHZvbHV0cGF0LiBEb25lYyBub24gbGliZXJvIGF0IGVu aW0gdWxsYW1jb3JwZXIgYWxpcXVldC4gTmFtIGRpY3R1bSBkb2xvciBub24gZHVpIHRp bmNpZHVudCBtYWxlc3VhZGEuIFV0IGNvbnZhbGxpcyBlbGl0IGF0IG1pIGRpZ25pc3Np bSwgYWMgdWxsYW1jb3JwZXIgZmVsaXMgaW1wZXJkaWV0LiBOYW0gbm9uIHRyaXN0aXF1 ZSBsZWN0dXMu RequestType InstallProvisioningProfile CommandUUID 0001_InstallProvisioningProfile - name: Provisioning profile list platform: apple category: Profile managment externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/provisioning-profile-list-command description: Get a list of installed provisioning profiles on a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 11.0+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command ManagedOnly RequestType ProvisioningProfileList CommandUUID 0001_ProvisioningProfileList - name: Remove provisioning profile platform: apple category: Profile managment externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/remove-provisioning-profile-command description: Remove a previously installed provisioning profile from a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 11.0+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command RequestType RemoveProvisioningProfile UUID 493d9dc8-e4c0-4fd8-bd8e-8fd4c0dc7b0c CommandUUID 0001_RemoveProvisioningProfile - name: Device information platform: apple category: Device details externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/device-information-command description: Get detailed information about a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command Queries UDID Languages Locales DeviceID OrganizationInfo LastCloudBackupDate AwaitingConfiguration MDMOptions iTunesStoreAccountIsActive iTunesStoreAccountHash DeviceName OSVersion BuildVersion ModelName Model ProductName SerialNumber DeviceCapacity AvailableDeviceCapacity BatteryLevel CellularTechnology ICCID BluetoothMAC WiFiMAC EthernetMACs CurrentCarrierNetwork SubscriberCarrierNetwork CurrentMCC CurrentMNC SubscriberMCC SubscriberMNC SIMMCC SIMMNC SIMCarrierNetwork CarrierSettingsVersion PhoneNumber DataRoamingEnabled VoiceRoamingEnabled PersonalHotspotEnabled IsRoaming IMEI MEID ModemFirmwareVersion IsSupervised IsDeviceLocatorServiceEnabled IsActivationLockEnabled IsDoNotDisturbInEffect EASDeviceIdentifier IsCloudBackupEnabled OSUpdateSettings LocalHostName HostName CatalogURL IsDefaultCatalog PreviousScanDate PreviousScanResult PerformPeriodicCheck AutomaticCheckEnabled BackgroundDownloadEnabled AutomaticAppInstallationEnabled AutomaticOSInstallationEnabled AutomaticSecurityUpdatesEnabled OSUpdateSettings LocalHostName HostName IsMultiUser IsMDMLostModeEnabled MaximumResidentUsers PushToken DiagnosticSubmissionEnabled AppAnalyticsEnabled IsNetworkTethered ServiceSubscriptions RequestType DeviceInformation CommandUUID 0001_DeviceInformation - name: Device configured platform: apple category: Device details externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/device-configured-command description: Inform the device that it can allow the user to continue in Setup Assistant. supportedDeviceTypes: - iOS 9.0+ - iPadOS 9.0+ - macOS 10.11+ - tvOS 10.2+ - visionOS 2.0+ command: | Command RequestType DeviceConfigured CommandUUID 0001_DeviceConfigured - name: User configured platform: apple category: Device details externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/user-configured-command description: Inform the device that it can allow the user to continue in Setup Assistant. supportedDeviceTypes: - iOS 9.0+ - iPadOS 9.0+ command: | Command RequestType UserConfigured CommandUUID 0001_UserConfigured - name: Restrictions platform: apple category: Device details externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/restrictions-command description: Get a list of restrictions on the device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command ProfileRestrictions RequestType Restrictions CommandUUID 0001_Restrictions - name: Erase device platform: apple category: Device state externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/erase-device-command description: Remotely and immediately erase a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command DisallowProximitySetup PreserveDataPlan RequestType EraseDevice CommandUUID 0001_EraseDevice - name: Device lock platform: apple category: Device state externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/device-lock-command description: Remotely and immediately lock a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - visionOS 2.0+ - watchOS 10.0+ command: | Command Message Lock Message PhoneNumber 408-555-5555 RequestType DeviceLock CommandUUID 0001_DeviceLock - name: Restart device platform: apple category: Device state externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/restart-device-command description: Remotely and immediately restart a device. supportedDeviceTypes: - iOS 10.3+ - iPadOS 10.3+ - macOS 10.13+ - tvOS 10.2+ command: | Command RequestType RestartDevice CommandUUID 0001_RestartDevice - name: Shut down device platform: apple category: Device state externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/shut-down-device-command description: Remotely and immediately shut down a device. supportedDeviceTypes: - iOS 10.3+ - iPadOS 10.3+ - macOS 10.13+ command: | Command RequestType ShutDownDevice CommandUUID 0001_ShutDownDevice - name: Install application platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/install-application-command description: Install a third-party app on a device. supportedDeviceTypes: - iOS 5.0+ - iPadOS 5.0+ - macOS 10.9+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command ManagementFlags 0 ManifestURL https://yourmdmhost.example.com/files/myenterpriseapp.plist RequestType InstallApplication CommandUUID 0001_InstallApplication - name: Install enterprise application platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/install-enterprise-application-command description: Install an enterprise app on a device. supportedDeviceTypes: - macOS 10.13.6+ command: | Command ManifestURL https://yourmdmhost.example.com/files/myenterpriseapp.plist PinningRevocationCheckRequired RequestType InstallEnterpriseApplication CommandUUID 0001_InstallEnterpriseApplication - name: Installed application list platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/installed-application-list-command description: Get a list of the installed apps on a device. supportedDeviceTypes: - iOS 5.0+ - iPadOS 5.0+ - macOS 10.7+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command ManagedAppsOnly RequestType InstalledApplicationList CommandUUID 0001_InstalledApplicationList - name: Managed application list platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/managed-application-list-command description: Get the status of all managed apps on a device. supportedDeviceTypes: - iOS 5.0+ - iPadOS 5.0+ - macOS 11.0+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command RequestType ManagedApplicationList CommandUUID 0001_ManagedApplicationList - name: Remove application platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/remove-application-command description: Remove an app. supportedDeviceTypes: - iOS 5.0+ - iPadOS 5.0+ - macOS 11.0+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command Identifier com.acme.myenterpriseapp RequestType RemoveApplication CommandUUID 0001_RemoveApplication - name: Apply redemption code platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/apply-redemption-code-command description: Remove an app. supportedDeviceTypes: - iOS 5.0+ - iPadOS 5.0+ command: | Command Identifier com.example.app RedemptionCode SB56LT7YX8RH RequestType ApplyRedemptionCode CommandUUID 0001_ApplyRedemptionCode - name: Validate applications platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/validate-applications-command description: Force validation of developer and universal provisioning profiles for enterprise apps. supportedDeviceTypes: - iOS 9.2+ - iPadOS 9.2+ - tvOS 10.2+ - visionOS 1.1+ command: | Command RequestType ValidateApplications CommandUUID 0001_ValidateApplications - name: Managed application attributes platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/managed-application-attributes-command description: Query attributes in managed apps on a device. supportedDeviceTypes: - iOS 7.0+ - iPadOS 7.0+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command Identifiers com.acme.myenterpriseapp RequestType ManagedApplicationAttributes CommandUUID 0001_ManagedApplicationAttributes - name: Managed application configuration platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/managed-application-attributes-command description: Get app configurations from managed apps on a device. supportedDeviceTypes: - iOS 7.0+ - iPadOS 7.0+ - macOS 10.15+ - tvOS 10.2+ - visionOS 1.1+ - watchOS 10.0+ command: | Command Identifiers com.acme.myenterpriseapp RequestType ManagedApplicationConfiguration CommandUUID 0001_ManagedApplicationConfiguration - name: Managed application feedback platform: apple category: Managed apps externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/managed-application-attributes-command description: Get app feedback from a managed app on the device. supportedDeviceTypes: - iOS 7.0+ - iPadOS 7.0+ - macOS 11.0+ - tvOS 10.2+ - visionOS 1.1+ command: | Command DeleteFeedback Identifiers com.acme.myenterpriseapp RequestType ManagedApplicationFeedback CommandUUID 0001_ManagedApplicationFeedback - name: Install media platform: apple category: Managed media externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/install-media-command description: Install a book on a device. supportedDeviceTypes: - iOS 8.0+ - iPadOS 8.0+ - macOS 10.19+ command: | Command Author Acme, Inc. Kind pdf MediaType Book MediaURL https://yourmdmhost.example.com/files/myenterprisebook.pdf PersistentID com.acme.pdf.myenterprisebook RequestType InstallMedia Title My Enterprise Book Version 1.0 CommandUUID 0001_InstallMedia - name: List managed media platform: apple category: Managed media externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/managed-media-list-command description: Get a list of the managed books on a device. supportedDeviceTypes: - iOS 8.0+ - iPadOS 8.0+ command: | Command RequestType ManagedMediaList CommandUUID 0001_ManagedMediaList - name: Remove media platform: apple category: Managed media externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/managed-media-list-command description: Remove a previously installed book from a device. supportedDeviceTypes: - iOS 8.0+ - iPadOS 8.0+ command: | MediaType Book PersistentID com.acme.pdf.myenterprisebook RequestType RemoveMedia - name: Account configuration platform: apple category: Accounts externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/account-configuration-command description: Create and configure a local administrator account on a device. supportedDeviceTypes: - macOS 10.11+ command: | Command AutoSetupAdminAccounts fullName Administrator hidden shortName admin passwordHash PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4K PCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQ TElTVCAxLjAvL0VOIiAiaHR0cDovL3d3dy5hcHBsZS5jb20vRFRE cy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJzaW9u PSIxLjAiPgo8ZGljdD4KCTxrZXk+U0FMVEVELVNIQTUxMi1QQktE RjI8L2tleT4KCTxkaWN0PgoJCTxrZXk+ZW50cm9weTwva2V5PgoJ CTxkYXRhPgoJCXJiSXZtVGlQQlJ3cWZ6dmFQQnhPT1VLRHVnTnRM YVVQZ2lIVnpBUWNsNDNjSmUzaGZ6ZW05TDVhczAyRQoJCXp2TEFl aTJFT0tqMFNaOENpKzNXV0tQN2orMklSdWU0T1ZyTzBsYnhGOHR5 K3pZb0hTMTVRU3hGcUplagoJCU5qdkk1NTk1N1JjZUVLaXFSRjZ1 UEpQUTYvbUxEc0xnSTR4dko3NVpEa0JlYW51QkI0TT0KCQk8L2Rh dGE+CgkJPGtleT5zYWx0PC9rZXk+CgkJPGRhdGE+CgkJTXVpS2g1 MjR3QkJMV0ZoQ3lzRFIzRnJPOGM0WlFIUGZTRE5JbDZvQjlCST0K CQk8L2RhdGE+CgkJPGtleT5pdGVyYXRpb25zPC9rZXk+CgkJPGlu dGVnZXI+NDAwMDA8L2ludGVnZXI+Cgk8L2RpY3Q+CjwvZGljdD4K PC9wbGlzdD4K DontAutoPopulatePrimaryAccountInfo LockPrimaryAccountInfo PrimaryAccountFullName User PrimaryAccountUserName user RequestType AccountConfiguration SetPrimarySetupAccountAsRegularUser SkipPrimarySetupAccountCreation CommandUUID 0001_AccountConfiguration - name: Invite to program platform: apple category: Accounts externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/account-configuration-command description: Invite a user to join the Volume Purchase Program (VPP). supportedDeviceTypes: - iOS 7.0+ - iPadOS 7.0+ - macOS 10.11+ command: | Command InvitationURL https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/associateVPPUserWithITSAccount?cc=us&inviteCode=7770596534cf46b58fb0254e7112a5e5&mt=8 ProgramID com.apple.cloudvpp RequestType InviteToProgram CommandUUID 0001_InviteToProgram - name: Clear passcode platform: apple category: Passwords externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/clear-passcode-command description: Remove the passcode from a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - visionOS 1.1+ - macOS 10.0+ command: | Command RequestType ClearPasscode UnlockToken REFUQQAABPRWRVJTAAAABAAAAAVUWVBFAAAABAAAAAJVVUlEAAAAEGHX7XgO5UNZsRiL 9Kq3hSdITUNLAAAAKLUR5mc5hBzI4bEsbWacE/gmhdJS6rl3978V3DY9ylBbEBGgJ/fA Ac9XUkFQAAAABAAAAAFTQUxUAAAAFIHju7P8BPFTz0JA8MDo+PsvcAAmSVRFUgAAAAQA AEEaVVVJRAAAABC70Oy5TtZCGocX/i7orO/pQ0xBUwAAAAQAAAABV1JBUAAAAAQAAAAD S1RZUAAAAAQAAAAAV1BLWQAAACjH8wUEvSkfgrEPSSQUazAz1eCuTXET3CkqgkNQZkjS jZEHtWmXpC4IVVVJRAAAABBW4TUxIb1L7aNAmbmGkxiIQ0xBUwAAAAQAAAACV1JBUAAA AAQAAAADS1RZUAAAAAQAAAABV1BLWQAAAChaDERvmDXtk9mikMCT30uDQ4XwrT9ifdmf 3Hjz/6atBPq/1uNpm5TtUEJLWQAAACCypmyEJV4x4wV6CKfZFEmkYHf8kOXh5ONM1A6B R26KM1VVSUQAAAAQH5Ol3/mLSM2dLvFxGTlf5kNMQVMAAAAEAAAAA1dSQVAAAAAEAAAA A0tUWVAAAAAEAAAAAFdQS1kAAAAoxNNjRWfqvgqXMVyiqDH2LXJdpafgsm+8ovRQuzL4 tp3Bs5y25bmRelVVSUQAAAAQB7drprzaR5aePknqFUjyWENMQVMAAAAEAAAABVdSQVAA AAAEAAAAA0tUWVAAAAAEAAAAAFdQS1kAAAAoMCe2S7psda5AHw99a+DKV8m0hR6aKUKP VG5oURKAJZSXJKYRRO2xKlVVSUQAAAAQMpEnWAWOS0qnOwWRdtSAlUNMQVMAAAAEAAAA BldSQVAAAAAEAAAAA0tUWVAAAAAEAAAAAFdQS1kAAAAoyhn4O/EIo5Q1NLt0/wL1UZGA EqTE45DEcNstAQZLk+1U/FSKOWtqrlVVSUQAAAAQFuJUehe6TC+3TImCkemk6kNMQVMA AAAEAAAAB1dSQVAAAAAEAAAAA0tUWVAAAAAEAAAAAFdQS1kAAAAoMcyPJI8vNBh7j6je VPu3zgDYTXAuoo68jqZU4kCubSGyRvIpa/O4n1VVSUQAAAAQF2v1dlxfRMqYs7swzn9s nENMQVMAAAAEAAAACFdSQVAAAAAEAAAAA0tUWVAAAAAEAAAAAFdQS1kAAAAoSx2pMsvH K2HNg9IIbrVEzX7T3Rw0vLEmwMJ3ignooj+3GMHeaJ0aplVVSUQAAAAQ8Qif3NCoTjiK WRjgOIHG6ENMQVMAAAAEAAAACVdSQVAAAAAEAAAAA0tUWVAAAAAEAAAAAFdQS1kAAAAo n2icCfaIRPbE7mzGqO7rOnuPhgUbYkcpAqf6RnAXljcpSxZqBiJtGlVVSUQAAAAQt9a3 ThB7SwaGw50i9Hhfu0NMQVMAAAAEAAAACldSQVAAAAAEAAAAA0tUWVAAAAAEAAAAAFdQ S1kAAAAoEW1/yC+YYXLVzyRxZwghOADACnWvOnHdBPhJ/z7VEkyHcObDPI9w41VVSUQA AAAQ4vImTUp5S7qmyMDZ82nM70NMQVMAAAAEAAAAC1dSQVAAAAAEAAAAA0tUWVAAAAAE AAAAAFdQS1kAAAAo8vkvhYNP7rTLdfXRifh+dcTIbj3EEJKyYXeCL9J9trYAo7B5mV5u 41NJR04AAAAUtFVbS3MM33WvBsEis1imzvs069A= CommandUUID 0001_ClearPasscode - name: Clear restrictions password platform: apple category: Passwords externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/clear-restrictions-password-command description: Remove the passcode from a device. supportedDeviceTypes: - iOS 8.0+ - iPadOS 8.0+ command: | Command RequestType ClearRestrictionsPassword CommandUUID 0001_ClearRestrictionsPassword - name: Unlock user account platform: apple category: Passwords externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/unlock-user-account-command description: Unlock a user account that the system locked because of too many failed password attempts. supportedDeviceTypes: - macOS 10.13+ command: | Command RequestType UnlockUserAccount UserName graham CommandUUID 0001_UnlockUserAccount - name: Set local admin password platform: apple category: Passwords externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/set-auto-admin-password-command description: Update the local administrator account password. supportedDeviceTypes: - macOS 10.13+ command: | Command GUID F7C60A02-E0AB-4C87-8356-E0CC11568043 RequestType SetAutoAdminPassword passwordHash PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4K PCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQ TElTVCAxLjAvL0VOIiAiaHR0cDovL3d3dy5hcHBsZS5jb20vRFRE cy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJzaW9u PSIxLjAiPgo8ZGljdD4KCTxrZXk+U0FMVEVELVNIQTUxMi1QQktE RjI8L2tleT4KCTxkaWN0PgoJCTxrZXk+ZW50cm9weTwva2V5PgoJ CTxkYXRhPgoJCVpxcWVkTU5Ya3BtVjhEbU5iRFdUYjBHTDNSNjAz RHNVSllkb1BvV0NlK2gwRDNubC9mWCsxTlpKSUxPdgoJCTBxQTVC Q0FBSEZCZ3REQzVqeEF3a2NyZ1puZVd4eWpGZGpvT0hsV2RoYWVF T0MyaFBwVktIaC9WUk9uUQoJCXM2cWUvRGtaZ1djVDBQdk9VQ3NM ZVhTd2dOTU9UNGFwMnJWR0IxOVFwSFBpdnJrNmp2dz0KCQk8L2Rh dGE+CgkJPGtleT5pdGVyYXRpb25zPC9rZXk+CgkJPGludGVnZXI+ NDAwMDA8L2ludGVnZXI+CgkJPGtleT5zYWx0PC9rZXk+CgkJPGRh dGE+CgkJZUl3Q3hxUk1NVm0wWGZ3VmpvbERCNEFUc2I0K3ZWMjdL Z1hDdU5ZMkNlOD0KCQk8L2RhdGE+Cgk8L2RpY3Q+CjwvZGljdD4K PC9wbGlzdD4K CommandUUID 0001_SetAutoAdminPassword - name: Set firmware password platform: apple category: Passwords externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/set-firmware-password-command description: Change or clear the firmware password on a device. supportedDeviceTypes: - macOS 10.13+ command: | Command AllowOroms CurrentPassword oldpassword NewPassword newpassword RequestType SetFirmwarePassword CommandUUID 0001_SetFirmwarePassword - name: Verify firmware password platform: apple category: Passwords externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/verify-firmware-password-command description: Verify the firmware password on a device. supportedDeviceTypes: - macOS 10.13+ command: | Command AllowOroms CurrentPassword oldpassword NewPassword newpassword RequestType SetFirmwarePassword CommandUUID 0001_SetFirmwarePassword - name: Enable lost mode platform: apple category: Lost device externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/enable-lost-mode-command description: Verify the firmware password on a device. supportedDeviceTypes: - iOS 9.3+ - ipadOS 9.3+ command: | Command Footnote Return to Acme, Inc. Message Lock Message PhoneNumber 408-555-555 RequestType EnableLostMode CommandUUID 0001_EnableLostMode - name: Device location platform: apple category: Lost device externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/device-location-command description: Request the location of a device when in Lost Mode. supportedDeviceTypes: - iOS 9.3+ - ipadOS 9.3+ command: | Command RequestType DeviceLocation CommandUUID 0001_DeviceLocation - name: Play lost mode sound platform: apple category: Lost device externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/play-lost-mode-sound-command description: Play the Lost Mode sound on a device that’s in Lost Mode. supportedDeviceTypes: - iOS 10.3+ - ipadOS 10.3+ command: | Command RequestType PlayLostModeSound CommandUUID 0001_PlayLostModeSound - name: Disable lost mode platform: apple category: Lost device externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/disable-lost-mode-command description: Take the device out of Lost Mode. supportedDeviceTypes: - iOS 9.3+ - ipadOS 9.3+ command: | Command RequestType DisableLostMode CommandUUID 0001_DisableLostMode - name: Set Recovery Lock platform: apple category: Recovery lock externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/set-recovery-lock-command description: Set or clear the Recovery Lock password. supportedDeviceTypes: - macOS 11.5+ command: | Command RequestType SetRecoveryLock NewPassword Apple - name: Verify Recovery Lock platform: apple category: Recovery lock externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/verify-recovery-lock-command description: Verify the device’s Recovery Lock password. supportedDeviceTypes: - macOS 11.5+ command: | Command RequestType VerifyRecoveryLock Password Apple - name: Content caching information platform: apple category: Content caching externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/content-caching-information-command description: Get the status of the content caches on a device. supportedDeviceTypes: - macOS 10.15.4+ command: | TODO - name: Request AirPlay mirroring platform: apple category: Airplay mirroring externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/request-mirroring-command description: Prompt the user to share their screen using AirPlay Mirroring. supportedDeviceTypes: - iOS 7.0+ - ipadOS 7.0+ - macOS 10.10+ command: | Command DestinationName Apple TV Password password RequestType RequestMirroring ScanTime 30 CommandUUID 0001_RequestMirroring - name: Stop AirPlay mirroring platform: apple category: Airplay mirroring externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/stop-mirroring-command description: Stop mirroring the display to another device. supportedDeviceTypes: - iOS 7.0+ - ipadOS 7.0+ - macOS 10.10+ command: | Command RequestType StopMirroring CommandUUID 0001_StopMirroring - name: Refresh cellular plans platform: apple category: eSim management externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/refresh-cellular-plans-command description: Query a carrier URL for active eSIM cellular-plan profiles on a device. supportedDeviceTypes: - iOS 13.0+ - ipadOS 13.0+ command: | Command RequestType RefreshCellularPlans eSIMServerURL http://example.server.com CommandUUID 0001_RefreshCellularPlans - name: Disable remote desktop platform: apple category: Managed settings externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/disable-remote-desktop-command description: Disable Remote Desktop on a device. supportedDeviceTypes: - macOS 10.14.4+ command: | Command RequestType DisableRemoteDesktop CommandUUID 0001_DisableRemoteDesktop - name: Enable remote desktop platform: apple category: Managed settings externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/enable-remote-desktop-command description: Enable Remote Desktop on a device. supportedDeviceTypes: - macOS 10.14.4+ command: | Command RequestType EnableRemoteDesktop CommandUUID 0001_EnableRemoteDesktop - name: Configure settings platform: apple category: Managed settings externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/settings-command description: Configure settings on a device. supportedDeviceTypes: - iOS 5.0+ - iPadOS 5.0+ - macOS 10.9+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command RequestType Settings Settings DeviceName NewName Item DeviceName CommandUUID 0001_Settings - name: LOM Device Request platform: apple category: Lights-Out management externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/lom-device-request-command description: Send requests to a device using lights-out management (LOM). supportedDeviceTypes: - macOS 11.0+ command: | Command RequestList DeviceDNSName lomdevice.com DeviceRequestType Reset DeviceRequestUUID 0001 PrimaryIPv6AddressList fe80::94f6:d6ff:fef3:c05b fe80::94f6:d6ff:fef3:c1a4 SecondaryIPv6AddressList CommandUUID 0001_LOMDeviceRequest - name: LOM setup Request platform: apple category: Lights-Out management externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/lom-setup-request-command description: Get information from a device to set up lights-out management (LOM). supportedDeviceTypes: - macOS 11.0+ command: | Command RequestType LOMSetupRequest CommandUUID 0001_LOMSetupRequest - name: Security info platform: apple category: Security externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/security-info-command description: Get security-related information about a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command RequestType SecurityInfo CommandUUID 0001_SecurityInfo - name: List certificate platform: apple category: Security externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/certificate-list-command description: Get a list of installed certificates on a device. supportedDeviceTypes: - iOS 4.0+ - iPadOS 4.0+ - macOS 10.7+ - tvOS 9.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command ManagedOnly RequestType CertificateList CommandUUID 0001_CertificateList - name: Activation Lock bypass code platform: apple category: Security externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/activation-lock-bypass-code-command description: Get the code to bypass Activation Lock on a device. supportedDeviceTypes: - iOS 7.1+ - iPadOS 7.1+ - macOS 10.15+ - visionOS 2.0+ command: | Command RequestType ActivationLockBypassCode CommandUUID 0001_ActivationLockBypassCode - name: Clear Activation Lock bypass code platform: apple category: Security externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/activation-lock-bypass-code-command description: Clear the Activation Lock bypass code on a device. supportedDeviceTypes: - iOS 7.1+ - iPadOS 7.1+ - macOS 10.15+ - visionOS 2.0+ command: | Command RequestType ClearActivationLockBypassCode CommandUUID 0001_ClearActivationLockBypassCode - name: Rotate FileVault key platform: apple category: Security externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/rotate-filevault-key-command description: Clear the Activation Lock bypass code on a device. supportedDeviceTypes: - macOS 10.9+ command: | Command FileVaultUnlock Password mypassword KeyType personal ReplyEncryptionCertificate MIIDKTCCAhGgAwIBAgIFAKGAf9cwDQYJKoZIhvcNAQELBQAwRTEfMB0GA1UEAwwWRmls ZVZhdWx0IFJlY292ZXJ5IEtleTEiMCAGA1UEDQwZR3JhaGFtcy1NYWNCb29rLVByby5s b2NhbDAeFw0yMDA2MTEyMzIwMjNaFw0yMTA2MTEyMzIwMjNaMEUxHzAdBgNVBAMMFkZp bGVWYXVsdCBSZWNvdmVyeSBLZXkxIjAgBgNVBA0MHNdyYWhhbXMtTWFjQm9vay1Qcm8u bG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSNk47J9l7Amit4JPf YEj6PvqZ5nH4kPsRmoAO1FfACpzskN7gA1qui7N+O0NNjtleUI2pX8X9NvINxfPX/KTy eP0VXlhixvYgKMiEUkrVFBrxRtQ+7Ow80MQUAKlDBe5FVj4GyN9sAPuAu7WaJtvDAWAW rBSRJNqdOYpKEkgK8N9a52BmuDEBtmpaq5o5JgR2Vc+OmjcogknZi++11dKI7sDCzF3e jO28e9E8XNBFRO716XdyEd/VU6rE8SQmpYqrfun1pRNtiiv3dTKKn9Gl42kg7RQHjMjx OjmBjzWLdFrO51crcJqbT/IQ0pjWqjDcwOz9Z2gWqbtxTrrWyuJZAgMBAAGjIDAeMAsG A1UdDwQEAwICtDAPBgNVHRMBAf8EBTADAQEAMA0GCSqGSIb3DQEBCwUAA4IBAQCcA999 lIN+t6u/DrTXhWlLKj8HXTmVVl8gkhxm42aZo/QsJr+gPsXF0yOWqkPpnhkrq6GVXgPx T7xmNv5+nDIcHX/mKRXBAUdWi/HDa3Wiytk4g9wO4xYsnBIhL5y2PHid9bSA1peKZsLL CX1v8vuA66trSp2fKYxW54VkLXR6xMqUcxTjp0qlfNRL6IHA6G/ogyjRkd0kt0+BwbYy 81dDKJHVxsYOUtQlmfa8dUl20SmLwZ/bujPFetfuvWmSHrnM//J5OT4HLoGRzqXhuC/m XEildp3HTCm6epem3cP6Sx99aGIi08xddDzmH/5XoPmuG4uw2+ry+qbhD/UYbJbX RequestType RotateFileVaultKey CommandUUID 0001_RotateFileVaultKey - name: Active NSExtensions platform: apple category: Extensions externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/active-nsextensions-command description: Get a list of active extensions for a user on a device. supportedDeviceTypes: - macOS 10.13+ command: | Command FilterExtensionPoints com.apple.share-services RequestType ActiveNSExtensions CommandUUID 0001_ActiveNSExtensions - name: NSExtensions mappings platform: apple category: Extensions externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/nsextension-mappings-command description: Get a list of the installed extensions for a user on a device. supportedDeviceTypes: - macOS 10.13+ command: | Command RequestType NSExtensionMappings CommandUUID 0001_NSExtensionMappings - name: List users platform: apple category: User management externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/user-list-command description: Get a list of users with active accounts on a device. supportedDeviceTypes: - iOS 9.3+ - ipadOS 9.3+ - macOS 10.13+ command: | Command RequestType UserList CommandUUID 0001_UserList - name: Log out user platform: apple category: User management externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/log-out-user-command description: Force the current user to log out of a device. supportedDeviceTypes: - iOS 9.3+ - ipadOS 9.3+ command: | Command RequestType LogOutUser CommandUUID 0001_LogOutUser - name: Delete user platform: apple category: User management externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/log-out-user-command description: Delete a user’s account from a device. supportedDeviceTypes: - iOS 9.3+ - ipadOS 9.3+ - macOS 10.13+ command: | Command RequestType LogOutUser CommandUUID 0001_LogOutUser - name: Declarative management platform: apple category: Declarative management externalDocumentationUrl: https://developer.apple.com/documentation/devicemanagement/declarative-management-command description: Enable your server to support declarative management or trigger a declarative management synchronization operation on the device. supportedDeviceTypes: - iOS 15.0+ - iPadOS 15.0+ - macOS 13.0+ - tvOS 16.0+ - visionOS 1.1+ - watchOS 10.0+ command: | Command CommandUUID 0001_DeclarativeManagement Command RequestType DeclarativeManagement Data eyJTeW5jVG9rZW5zIjogeyJUaW1lc3RhbXAiOiAiMjAyMS0wNi0wMlQwMToy ODowMFoiLCAiRGVjbGFyYXRpb25zVG9rZW4iOiAiYjY1NDQwMjdhMzE1Y2Qw MDg1ZDRjZjA4MTc0NjI0YzJkMTQyNDQ0ODA0MzBhODdiMTc2YTI3MjdlNzM2 NjEzOCJ9fQ== # # ██╗ ██╗██╗███╗ ██╗██████╗ ██████╗ ██╗ ██╗███████╗ # ██║ ██║██║████╗ ██║██╔══██╗██╔═══██╗██║ ██║██╔════╝ # ██║ █╗ ██║██║██╔██╗ ██║██║ ██║██║ ██║██║ █╗ ██║███████╗ # ██║███╗██║██║██║╚██╗██║██║ ██║██║ ██║██║███╗██║╚════██║ # ╚███╔███╔╝██║██║ ╚████║██████╔╝╚██████╔╝╚███╔███╔╝███████║ # ╚══╝╚══╝ ╚═╝╚═╝ ╚═══╝╚═════╝ ╚═════╝ ╚══╝╚══╝ ╚══════╝ # - name: RotateRecoveryPasswords platform: windows category: BitLocker externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp#rotaterecoverypasswords description: Triggers a one-time rotation of all numeric BitLocker recovery passwords for OS and fixed drives on Entra ID or hybrid-joined devices. Requires Active Directory backup of recovery passwords to be set to "required" before execution. supportedDeviceTypes: - Windows 10.0.18363 command: | 5f0096d1-c2aa-4934-b67a-0ed35d20d322 ./Device/Vendor/MSFT/BitLocker/RotateRecoveryPasswords chr text/plain - name: Enroll (Personal scope) platform: windows category: CertificateStore externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/certificatestore-csp#myscepuniqueidinstallenroll description: Initiates SCEP certificate enrollment in the personal certificate store on the device. supportedDeviceTypes: - Windows 10.0.10586 command: | 1a3a3666-2df6-4dcf-a785-46b2f28d2fbf ./Device/Vendor/MSFT/CertificateStore/MY/SCEP/{UniqueID}/Install/Enroll null text/plain - name: RenewNow platform: windows category: CertificateStore externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/certificatestore-csp#mywsteprenewrenewnow description: Triggers an immediate renewal of an existing certificate in the personal certificate store on the device. supportedDeviceTypes: - Windows 10.0.14393 command: | cdd76df2-d665-4045-9503-7954cc491bf2 ./Device/Vendor/MSFT/CertificateStore/MY/WSTEP/Renew/RenewNow null text/plain - name: Enroll (Device context) platform: windows category: ClientCertificateInstall externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/clientcertificateinstall-csp#devicescepuniqueidinstallenroll description: Triggers the device to start SCEP certificate enrollment at the device scope. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. supportedDeviceTypes: - Windows 10.0.10586 command: | 96821528-e7c2-41ce-b4a8-6a20c61df80b ./Device/Vendor/MSFT/ClientCertificateInstall/SCEP/{UniqueID}/Install/Enroll null text/plain - name: Enroll (User context) platform: windows category: ClientCertificateInstall externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/clientcertificateinstall-csp#devicescepuniqueidinstallenroll description: Triggers the user context to start SCEP certificate enrollment. The device will not notify MDM server after cert enrollment is done. The MDM server could later query the device to find out whether new cert is added. supportedDeviceTypes: - Windows 10.0.10586 command: | a901c1bc-3970-461d-9c92-932645cab9b3 ./User/Vendor/MSFT/ClientCertificateInstall/SCEP/{UniqueID}/Install/Enroll null text/plain - name: Enroll platform: windows category: DMClient externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp#deviceproviderprovideridlinkedenrollmentenroll description: Silently unenrolls the device from a Linked Enrollment without user interaction. All settings and resources applied by the Declared Configuration are rolled back automatically. supportedDeviceTypes: - Windows 10.0.22621 - Windows 10.0.22000.918 - Windows 10.0.19044.2193 - Windows 10.0.19043.2193 - Windows 10.0.19042.2193 command: | 307799ee-7535-472d-a06e-a846d8e6f214 ./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}/LinkedEnrollment/Enroll null text/plain - name: Unenroll (linked enrollment) platform: windows category: DMClient externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp#deviceproviderprovideridlinkedenrollmentunenroll description: Triggers the device to unenroll from its linked MDM enrollment supportedDeviceTypes: - Windows 10.0.22621 - Windows 10.0.22000.918 - Windows 10.0.19044.2193 - Windows 10.0.19043.2193 - Windows 10.0.19042.2193 command: | 48e557bd-c055-4239-bb13-d24fb5e0c526 ./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}/LinkedEnrollment/Unenroll null text/plain - name: InitiateRecovery platform: windows category: DMClient externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp#deviceproviderprovideridrecoveryinitiaterecovery description: Initiates a device recovery action. The server can specify prerequisites that must be met before the recovery action proceeds. supportedDeviceTypes: - Windows 10.0.22621 - Windows 10.0.22000.1165 command: | cc6ccbd3-3679-44c0-976a-581e8946a96a ./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}/Recovery/InitiateRecovery int text/plain 0 - name: Unenroll (provider) platform: windows category: DMClient externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp#deviceproviderprovideridunenroll description: Triggers the device to unenroll from a specific MDM provider. The Provider ID of the management server must be specified in the element of the command. supportedDeviceTypes: - Windows 10.0.10240 command: | e43a2271-7661-4587-b452-df8880005fd8 ./Device/Vendor/MSFT/DMClient/Provider/{ProviderID}//Unenroll null text/plain - name: Unenroll (device) platform: windows category: DMClient externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/dmclient-csp#deviceunenroll description: Triggers the device to permanently unenroll from its current MDM management server. The Provider ID of the management server must be specified in the element of the command. supportedDeviceTypes: - Windows 10.0.10240 command: | b1eae449-50af-4cb1-a680-a7ef8f583646 ./Device/Vendor/MSFT/DMClient/Unenroll null text/plain - name: OfflineScan platform: windows category: Defender externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#offlinescan description: Starts a Microsoft Defender Offline scan on the device. After the next reboot, the device will start in Microsoft Defender Offline mode to perform a scan before Windows loads, helping detect and remove persistent or hard-to-find malware. supportedDeviceTypes: - Windows 10.0.17134 command: | 0370d798-9a85-4dee-a870-176146513415 ./Device/Vendor/MSFT/Defender/OfflineScan chr text/plain - name: RollbackEngine platform: windows category: Defender externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#rollbackengine description: Rolls back the Microsoft Defender antimalware engine to its last known good version on the device. supportedDeviceTypes: - Windows 10.0.17134 command: | d8d49362-a2df-46b6-b42b-dab967f822f8 ./Device/Vendor/MSFT/Defender/RollbackEngine chr text/plain - name: RollbackPlatform platform: windows category: Defender externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#rollbackplatform description: Rolls back Microsoft Defender to its last known good installation location on the device. supportedDeviceTypes: - Windows 10.0.17134 command: | 25b353ea-3b5a-4da8-a9a0-3aa602cf08a3 ./Device/Vendor/MSFT/Defender/RollbackPlatform chr text/plain - name: Scan platform: windows category: Defender externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#scan description: Starts a Windows Defender scan on the device supportedDeviceTypes: - Windows 10.0.10586 command: | 9326cc3a-8960-4e7a-b46f-c414e871ca5b ./Device/Vendor/MSFT/Defender/Scan chr text/plain - name: UpdateSignature platform: windows category: Defender externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/defender-csp#updatesignature description: Performs a Windows Defender signature update on the device. supportedDeviceTypes: - Windows 10.0.10586 command: | 034c6f94-db50-4ec1-87f5-71900cb730a2 ./Device/Vendor/MSFT/Defender/UpdateSignature chr text/plain - name: MdmConfiguration platform: windows category: DiagnosticLog externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/diagnosticlog-csp#devicestatedatamdmconfiguration description: Triggers a snapshot of the device’s management state data, capturing the current MDM configuration for diagnostic purposes. supportedDeviceTypes: - Windows 10.0.14393 command: | 86e88d1e-9474-4098-91af-ec28d066b072 ./Vendor/MSFT/DiagnosticLog/DeviceStateData/MdmConfiguration chr text/plain SNAP - name: ArchiveDefinition platform: windows category: DiagnosticLog externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/diagnosticlog-csp#diagnosticarchivearchivedefinition description: Definition and collection point for diagnostic archives on the device. supportedDeviceTypes: - Windows 10.0.18362 command: | 91bde209-058a-4d1a-9805-702aeab4976a ./Vendor/MSFT/DiagnosticLog/DiagnosticArchive/ArchiveDefinition chr text/plain - name: Export platform: windows category: DiagnosticLog externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/diagnosticlog-csp#etwlogchannelschannelnameexport description: Triggers exporting events from the associated Windows event channel into a log file with the standard .evtx extension. supportedDeviceTypes: - Windows 10.0.10586 command: | 22ba5bc3-70cf-4742-94e4-c7c7658a64a2 ./Vendor/MSFT/DiagnosticLog/EtwLog/Channels/Export null text/plain - name: TraceControl platform: windows category: DiagnosticLog externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/diagnosticlog-csp#etwlogcollectorscollectornametracecontrol description: Triggers the start or stop of the associated trace session. supportedDeviceTypes: - Windows 10.0.10586 command: | a563bffc-2c4c-4f2f-a5e5-6545bab6ad95 ./Vendor/MSFT/DiagnosticLog/EtwLog/Collectors/{CollectorName}/TraceControl chr text/plain - name: DownloadInstall (Device context) platform: windows category: EnterpriseDesktopAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisedesktopappmanagement-csp#devicemsiproductiddownloadinstall description: Executes the download and installation of an application. An optional tag in the section of the XML (default 0) can be set to 1 to include the AAD user token when retrieving the download URL. supportedDeviceTypes: - Windows 10.0.10586 command: | 02802f7e-1266-494a-b4b0-9878a122fafa ./Device/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/{ProductID}/DownloadInstall xml text/plain - name: DownloadInstall (User context) platform: windows category: EnterpriseDesktopAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisedesktopappmanagement-csp#usermsiproductiddownloadinstall description: Executes the download and installation of an application. An optional tag in the XML section (default 0) can be set to 1 to include the AAD user token when retrieving the download URL. supportedDeviceTypes: - Windows 10.0.10586 command: | bbb7ee46-9032-4020-b1f5-0252104ab3a8 ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/{ProductID}/DownloadInstall xml text/plain - name: HostedInstall (Device context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#deviceappinstallationpackagefamilynamehostedinstall description: Installs an app package from a hosted location, such as a local drive, UNC path, or HTTPS source. supportedDeviceTypes: - Windows 10.0.10586 command: | ba628a02-12d5-48c4-9586-34fa039a4a00 ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}/HostedInstall xml text/plain - name: StoreInstall (Device context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#deviceappinstallationpackagefamilynamestoreinstall description: Installs an app along with its license from the Microsoft Store under the device context. supportedDeviceTypes: - Windows 10.0.10586 command: | 19e07f1f-bce0-43a1-a364-477c1cd500ab ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/{PackageFamilyName}/StoreInstall xml text/plain - name: AddLicense (Device context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#deviceapplicensesstorelicenseslicenseidaddlicense description: Adds a specified app license to the device using the provided license ID. supportedDeviceTypes: - Windows 10.0.10586 command: | 2a7e4bc2-5b0d-4cf1-b66d-05f828177582 ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppLicenses/StoreLicenses/{LicenseID}/AddLicense xml text/plain - name: GetLicenseFromStore (Device context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#deviceapplicensesstorelicenseslicenseidgetlicensefromstore description: Retrieves a specified app license from the Microsoft Store using the provided license ID. supportedDeviceTypes: - Windows 10.0.10586 command: | aba692b8-bd1b-4bd1-90b6-eef510b03562 ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppLicenses/StoreLicenses/{LicenseID}/GetLicenseFromStore xml text/plain - name: ResetPackage (Device context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#deviceappmanagementresetpackage description: Restores a specified Windows app to its initial state by resetting all configurations and data associated with the package. supportedDeviceTypes: - Windows 10.0.22000 command: | 5f301e26-48ec-4a40-bad5-9c8b4e438ca2 ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/ResetPackage xml text/plain - name: UpdateScan (Device context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#deviceappmanagementupdatescan description: Starts a Windows Update scan on the device. supportedDeviceTypes: - Windows 10.0.10586 command: | 44702317-0b9b-4dc0-945f-e5303a967e8c ./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/UpdateScan null text/plain - name: HostedInstall (User context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#userappinstallationpackagefamilynamehostedinstall description: Installs an app package from a hosted location, such as a local drive, UNC path, or HTTPS source. supportedDeviceTypes: - Windows 10.0.10586 command: | ab117216-9adc-49cf-b3b1-3a1a7d9b43d0 ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/HostedInstall xml text/plain - name: StoreInstall (User context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#userappinstallationpackagefamilynamestoreinstall description: Command to perform an install of an app and a license from the Microsoft Store. supportedDeviceTypes: - Windows 10.0.10586 command: | 48a53564-56b8-4ddf-b27f-8e0fa0d0f513 ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppInstallation/StoreInstall xml text/plain - name: AddLicense (User context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#userapplicensesstorelicenseslicenseidaddlicense description: Adds a specified app license to the device using the provided license ID. supportedDeviceTypes: - Windows 10.0.10586 command: | 9b0b3d42-e244-4359-8471-46f8cf62558e ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppLicenses/StoreLicenses/{LicenseID}/AddLicense xml text/plain - name: GetLicenseFromStore (User context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#userapplicensesstorelicenseslicenseidgetlicensefromstore description: Retrieves a specified app license from the Microsoft Store using the provided license ID. supportedDeviceTypes: - Windows 10.0.10586 command: | f4796a1e-5bf9-4828-a602-d3a0ac9f5930 ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppLicenses/StoreLicenses/{LicenseID}/GetLicenseFromStore xml text/plain - name: RemovePackage (User context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#userappmanagementremovepackage description: Removes a specified Windows app package from the device. supportedDeviceTypes: - Windows 10.0.15063 command: | 70fe3f35-ce6f-484d-a14f-1f8ceb9edda3 ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/RemovePackage xml text/plain - name: ResetPackage (User context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#userappmanagementresetpackage description: Restores a specified Windows app to its initial state by resetting all configurations and data associated with the package. supportedDeviceTypes: - Windows 10.0.22000 command: | ceeeeabd-f3d0-4c15-bdf2-07326cf27bbd ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/ResetPackage xml text/plain - name: UpdateScan (User context) platform: windows category: EnterpriseModernAppManagement externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/enterprisemodernappmanagement-csp#userappmanagementupdatescan description: Starts a Windows Update scan under the user context to check for available app updates. supportedDeviceTypes: - Windows 10.0.10586 command: | f4a37fe3-e8f4-4961-a80e-e4d33550d496 ./User/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/UpdateScan null text/plain - name: TriggerAttestation platform: windows category: HealthAttestation externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp#triggerattestation description: Triggers an asynchronous device health attestation session, prompting the device to collect and submit its current health status for verification. supportedDeviceTypes: - Windows 10.0.22000 command: | 47b2a850-2c56-4044-b2de-98e49d9cfcb9 ./Vendor/MSFT/HealthAttestation/TriggerAttestation chr text/plain - name: VerifyHealth platform: windows category: HealthAttestation externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp#verifyhealth description: Notifies the device to prepare a device health verification request. supportedDeviceTypes: - Windows 10.0.10586 command: | b442558e-a685-48c4-9fa1-71e5c6c9338f ./Vendor/MSFT/HealthAttestation/VerifyHealth null text/plain - name: ResetPassword platform: windows category: Local Administrator Password Solution (LAPS) externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/laps-csp#actionsresetpassword description: Immediately generates and securely stores a new random password for the managed local administrator account on the device using Local Administrator Password Solution (LAPS). supportedDeviceTypes: - Windows 10.0.25145 - Windows 10.0.22621.1480 - Windows 10.0.22000.1754 - Windows 10.0.20348.1663 - Windows 10.0.19041.2784 - Windows 10.0.17763.4244 command: | fa8a8f93-b3ed-48ef-940f-6232e74c087a ./Device/Vendor/MSFT/LAPS/Actions/ResetPassword null text/plain - name: Install (User context) platform: windows category: Office externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/office-csp#deviceinstallationidinstall description: Installs Microsoft Office for the user based on the provided XML configuration. supportedDeviceTypes: - Windows 10.0.15063 command: | b06743fc-3682-4aba-9f65-90a134b3dd6d ./Device/Vendor/MSFT/Office/Installation/{id}/Install chr text/plain - name: Install (Device context) platform: windows category: Office externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/office-csp#userinstallationidinstall description: Installs Microsoft Office on the device using the provided XML configuration data. supportedDeviceTypes: - Windows 10.0.15063 command: | 2e9f2aba-db2e-44a4-9c78-6d05fd5ef4a4 ./User/Vendor/MSFT/Office/Installation/{id}/Install chr text/plain - name: Install platform: windows category: PrinterProvisioning externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/printerprovisioning-csp#upprinterinstallsprintersharedidinstall description: Installs a Universal Print printer for the user asynchronously. supportedDeviceTypes: - Windows 10.0.22000 - Windows 10.0.19044.1806 - Windows 10.0.19043.1806 - Windows 10.0.19042.1806 command: | 0d2f967d-2c8b-45a6-9a5e-6969cb58b10a ./User/Vendor/MSFT/PrinterProvisioning/UPPrinterInstalls/{PrinterSharedID}/Install null text/plain - name: RebootNow platform: windows category: Reboot externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/reboot-csp#rebootnow description: Triggers an immediate device reboot, typically within 5 minutes to allow the user to finish active work. If executed during a sync session, the device will reboot at the end of the session. supportedDeviceTypes: - Windows 10.0.14393 command: | d21ff8f2-a1ae-43c9-8763-26d7554f4a94 ./Device/Vendor/MSFT/Reboot/RebootNow null text/plain - name: doAutomaticRedeployment platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#automaticredeploymentdoautomaticredeployment description: Triggers an Autopilot reset on the device. Unlike a standard reset, the device remains enrolled in Azure AD and MDM, and preserves Wi-Fi profiles, region, language, keyboard settings, and other key configurations. supportedDeviceTypes: - Windows 10.0.17763 command: | 1259012e-3aa2-4f65-a191-eee74d7208c1 ./Device/Vendor/MSFT/RemoteWipe/AutomaticRedeployment/doAutomaticRedeployment chr text/plain - name: doWipe platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#dowipe description: Performs a remote wipe on the device. The return status indicates whether the device accepted the command. When used with OMA Client Provisioning, include a dummy value of "1" for this element. supportedDeviceTypes: - Windows 10.0.10586 command: | d85af4e3-ed77-4b4e-8a6f-d50ae80d35e4 ./Device/Vendor/MSFT/RemoteWipe/doWipe chr text/plain - name: doWipeCloud platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#dowipecloud description: Performs a cloud-based remote wipe on the device. The return status indicates whether the device accepted the command. supportedDeviceTypes: - Windows 10.0.22621 command: | f1b40cb3-d964-4378-bdd8-132305dcc879 ./Device/Vendor/MSFT/RemoteWipe/doWipeCloud chr text/plain - name: doWipeCloudPersistProvisionedData platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#dowipecloudpersistprovisioneddata description: Performs a cloud-based remote wipe while preserving provisioning data by backing it up to a persistent location. The backed-up data is restored and applied when the device resumes. The return status indicates whether the device accepted the command. supportedDeviceTypes: - Windows 10.0.22621 command: | d07f227f-74c1-4a0d-8e79-f0a9bcf1ffe2 ./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistProvisionedData chr text/plain - name: doWipeCloudPersistUserData platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#dowipecloudpersistuserdata description: Performs a cloud-based remote reset while preserving user accounts and data. The return status indicates whether the device accepted the command. supportedDeviceTypes: - Windows 10.0.22621 command: | ef6fd567-f6ac-43c9-854d-c8df66684f0d ./Device/Vendor/MSFT/RemoteWipe/doWipeCloudPersistUserData chr text/plain - name: doWipePersistProvisionedData platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#dowipepersistprovisioneddata description: Performs a remote wipe while preserving provisioning data by backing it up to a persistent location. The backed-up data is restored and applied when the device resumes. The return status indicates whether the device accepted the command. When using OMA Client Provisioning, include a dummy value of "1" for this element. supportedDeviceTypes: - Windows 10.0.10586 command: | 505af1a0-407c-4971-a193-1a25a94abb2b ./Device/Vendor/MSFT/RemoteWipe/doWipePersistProvisionedData chr text/plain - name: doWipePersistUserData platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#dowipepersistuserdata description: Performs a remote reset of the device while preserving user accounts and data. The return status indicates whether the device accepted the command. supportedDeviceTypes: - Windows 10.0.16299 command: | faa34fe4-7ab5-4815-ac4d-3e99b4f79ad3 ./Device/Vendor/MSFT/RemoteWipe/doWipePersistUserData chr text/plain - name: doWipeProtected platform: windows category: RemoteWipe externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/remotewipe-csp#dowipeprotected description: Performs a remote wipe that fully cleans the internal drive and continues retrying until complete, even after power cycles. Unlike doWipe, which can be interrupted by a simple power cycle, doWipeProtected ensures the wipe finishes. May render the device unbootable on some configurations. supportedDeviceTypes: - Windows 10.0.15063 command: | 0d0f7e7b-82b7-4fff-a4d1-101c9edb795d ./Device/Vendor/MSFT/RemoteWipe/doWipeProtected chr text/plain - name: InstallWindowsDefenderApplicationGuard platform: windows category: WindowsDefenderApplicationGuard externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/windowsdefenderapplicationguard-csp#installwindowsdefenderapplicationguard description: Remotely installs the Windows Defender Application Guard feature on the device. supportedDeviceTypes: - Windows 10.0.16299 command: | be527684-1679-449f-b4f1-7d2f6fe48ce7 ./Device/Vendor/MSFT/WindowsDefenderApplicationGuard/InstallWindowsDefenderApplicationGuard chr text/plain - name: ChangeProductKey platform: windows category: WindowsLicensing externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp#changeproductkey description: Installs a new Windows product key on the device without requiring a reboot. supportedDeviceTypes: - Windows 10.0.15063 command: | e416bea9-8407-4a72-a7db-415cd4dcf622 ./Vendor/MSFT/WindowsLicensing/ChangeProductKey chr text/plain - name: CheckApplicability platform: windows category: WindowsLicensing externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp#checkapplicability description: Checks if the provided product key is valid for upgrading the Windows edition on the device, returning TRUE if applicable. supportedDeviceTypes: - Windows 10.0.10586 command: | e3f7b84a-1984-4511-843f-c33001392d14 ./Vendor/MSFT/WindowsLicensing/CheckApplicability chr text/plain - name: SwitchFromSMode platform: windows category: WindowsLicensing externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp#smodeswitchfromsmode description: Switches the device from Windows 10/11 S mode to a standard edition, if eligible. No reboot is required. supportedDeviceTypes: - Windows 10.0.17763 command: | 848dc97d-0d6d-489e-bb32-9a90fa2e3afb ./Vendor/MSFT/WindowsLicensing/SMode/SwitchFromSMode null text/plain - name: RemoveSubscription platform: windows category: WindowsLicensing externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp#subscriptionsremovesubscription description: Removes the subscription license from the device and resets the subscription type to a user-based subscription. supportedDeviceTypes: - Windows 99.9.99999 command: | da9c456a-2f0e-4d8a-9748-0fbde572ee76 ./Vendor/MSFT/WindowsLicensing/Subscriptions/RemoveSubscription null text/plain - name: UpgradeEditionWithLicense platform: windows category: WindowsLicensing externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp#upgradeeditionwithlicense description: Upgrades the Windows edition on the device by applying a provided license. No reboot is required to complete the upgrade. supportedDeviceTypes: - Windows 10.0.10586 command: | 472afd03-6963-4c7b-aebb-99d561724086 ./Vendor/MSFT/WindowsLicensing/UpgradeEditionWithLicense xml text/plain - name: UpgradeEditionWithProductKey platform: windows category: WindowsLicensing externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/windowslicensing-csp#upgradeeditionwithproductkey description: Upgrades the Windows edition on the device by applying a specified product key. A reboot is required to complete the upgrade. supportedDeviceTypes: - Windows 10.0.10586 command: | 3d13b6f6-5e79-4a28-b8f5-062f884a1de1 ./Vendor/MSFT/WindowsLicensing/UpgradeEditionWithProductKey chr text/plain XXXXX-XXXXX-XXXXX-XXXXX-XXXXX - name: ResetToFactoryState platform: windows category: eUICCs externalDocumentationUrl: https://learn.microsoft.com/en-us/windows/client-management/mdm/euiccs-csp#euiccactionsresettofactorystate description: Triggers an eUICC (embedded Universal Integrated Circuit Card) factory reset, permanently deleting all eSIM (embedded Subscriber Identity Module) profiles stored on the eUICC. supportedDeviceTypes: - Windows 10.0.16299 command: | ebb2aec5-4865-4419-9fa1-3458d32fcab6 ./Device/Vendor/MSFT/eUICCs/{eUICC}/Actions/ResetToFactoryState chr text/plain