Complete .mobileconfig example (MDM)
XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>ibi.aws.client.mdm</string>
<key>PayloadUUID</key>
<string>21a82569-089e-4290-835a-3caaca40b79a</string>
<key>PayloadDisplayName</key>
<string>IBI aws Client – Permissions and Defaults</string>
<key>PayloadOrganization</key>
<string>IBITECH AG</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<!-- Defaults -->
<dict>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>ibi.aws.client.mdm.preferences</string>
<key>PayloadUUID</key>
<string>0125ea44-8d09-482b-a1a2-1bb93d09800f</string>
<key>PayloadDisplayName</key>
<string>IBI-aws Client - Defaults</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadContent</key>
<dict>
<key>ibi.aws.client</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>Remarks</key>
<string>https://server.example.internal/remarks.ibi</string>
<key>Logo</key>
<string>/Path/To/Logo.png</string>
<!-- Skip Permissions Flags -->
<key>SkipAccessibilityPermissionCheckAtStartup</key>
<true/>
<key>SkipAutomationPermissionCheckAtStartup</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
<!-- Permissions -->
<dict>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>ibi.aws.client.mdm.tcc</string>
<key>PayloadUUID</key>
<string>aedc3ac6-a750-4847-8963-be21eed100c1</string>
<key>PayloadDisplayName</key>
<string>IBI-aws Client - Permissions</string>
<key>Services</key>
<dict>
<key>Accessibility</key>
<array>
<dict>
<key>IdentifierType</key>
<string>bundleID</string>
<key>Identifier</key>
<string>ibi.aws.client</string>
<key>CodeRequirement</key>
<string>identifier "ibi.aws.client" and anchor apple generic and certificate leaf[subject.OU] = "B7QQ66KZ4Y"</string>
<key>Allowed</key>
<true/>
</dict>
</array>
<key>AppleEvents</key>
<array>
<!-- Safari Automation -->
<dict>
<key>IdentifierType</key>
<string>bundleID</string>
<key>Identifier</key>
<string>ibi.aws.client</string>
<key>CodeRequirement</key>
<string>identifier "ibi.aws.client" and anchor apple generic and certificate leaf[subject.OU] = "B7QQ66KZ4Y"</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.Safari</string>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.apple.Safari" and anchor apple</string>
<key>Allowed</key>
<true/>
</dict>
<!-- Google Chrome Automation -->
<dict>
<key>IdentifierType</key>
<string>bundleID</string>
<key>Identifier</key>
<string>ibi.aws.client</string>
<key>CodeRequirement</key>
<string>identifier "ibi.aws.client" and anchor apple generic and certificate leaf[subject.OU] = "B7QQ66KZ4Y"</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>AEReceiverIdentifier</key>
<string>com.google.Chrome</string>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.google.Chrome" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = EQHXZ8M8AV</string>
<key>Allowed</key>
<true/>
</dict>
</array>
</dict>
</dict>
<!-- Login Items -->
<dict>
<key>PayloadType</key>
<string>com.apple.loginitems.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>ibi.aws.client.mdm.loginitems</string>
<key>PayloadUUID</key>
<string>a380b972-0d8c-4e70-b55f-f2bac66a8657</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDisplayName</key>
<string>IBI-aws Client - Login Items</string>
<key>AutoLaunchedApplicationDictionary-managed</key>
<array>
<dict>
<key>Path</key>
<string>/Applications/IBI-aws Client.app</string>
</dict>
</array>
</dict>
</array>
</dict>
</plist>