This document lists errata for the YAML schema. This is used when older versions of the schema are incorrect, and a fix was made in later schema to correct the problem.

Added AuthName, AuthPassword and RemoteAddress keys to VPN subkey that were previously missing

Removed Password key from VPN subkey that was incorrectly added

Adjusted supportedOS information for Shared iPad for a number of restrictions

Hideable and Lockable attributes in the app.managed configuration were missing - originally added in 18.1.

Added missing supervised key to macOS across profiles and commands

allowExplicitContent was incorrectly marked as supported on unsupervised devices for tvOS.

tvOS introduced values have been set to a minimum value of 9.0 to reflect the first version of tvOS itself, as opposed to earlier versions of the Apple TV Software.

The <service>Active keys were incorrectly marked as unsupported on macOS.

The PayloadContent key of the com.apple.ManagedClient.preferences profile payload was incorrectly named PreferenceDomain; the key itself also represents a dictionary of application preference domain identifiers to ManagedPreference.PreferenceDomains (rather than a single ManagedPreference.PreferenceDomain).

iOS 17 supported multiple private network payloads, but the multiple key was set to false.

iOS 17 also mistakenly forbade multiple private network payloads in a single profile.

Starting in iOS 13 and macOS 10.15 UDID is optional because User Enrollments do not return UUIDs.

Starting is iOS 13 and macOS 10.15 Enrollment ID is optional because Device Enrollments only return UUIDs.

The GroupBeaconIDs key in the DepartmentsItem dictionary in the com.apple.education profile payload incorrectly listed its type as an array of string. The correct type is an array of integer.

The CertificateType key in the com.apple.vpn.managed profile payload incorrectly listed Ed25519 as a supported certificate type. That type was never supported and has now been removed.

The PPTP VPNType has not been supported since iOS 10 and macOS 10.12, see https://support.apple.com/en-us/HT206844. The PPTP VPNType has been removed.

There were a number of keys in the VPN dictionary that were implied to appear in other VPN types. These keys have now been explicitly added in all VPN types.

The ActionParameters key in the profile payload has always been an array of dictionaries.

The response keys were incorrectly listed as being top-level keys in the response dictionary when in fact they were nested one-level deep.

The OnDemandMatchAppEnabled key in the com.apple.vpn.managed.applayer profile payload incorrectly listed its type as integer. The correct type is boolean.

The EAPClientConfiguration dictionary listed both OneTimePassword and OneTimeUserPassword as valid keys. The erroneous OneTimePassword key has been removed.

The documentation indicated that all the keys in the SubjectAltName value could be either string or array types. The ntPrincipalName cannot be an array and must be a string. This has been clarified in the description. Note that the type field for the rfc822Name, dNSName, and uniformResourceIdentifier still indicates these are strings. This has not been corrected as the schema does not support polymorphic types.

The contrast key in the com.apple.universalaccess profile payload incorrectly listed its type as integer. The correct type is real.

The AuthorizationGroups key was updated as the key values-pairs in the dictionary were incorrectly stated.

The ActionParameters key in the com.apple.dnsSettings.managed profile payload has always been an array of dictionaries.