Lights Out Management (LOM) (com.apple.lom)

com.apple.lom

The payload that configures lights-out management (LOM) settings.

macOS(11.0)
Branch: release

Settings (6)

SettingTypeRequiredDefaultManual InstallSupported OS
Device Certificate payload UUID
DeviceCertificateUUID
The UUID certificate for the device. This key indicates the device can receive `PowerON`, `PowerOFF`, and `Reset` requests from a LOM controller. This certificate must contain the Key Usage attributes of Digital Signature, Key Encipherment and Data Encipherment. As well as the Extended Key Usage attributes of Server Authentication and Client Authentication.
stringoptional
No
macOS (11.0+)
Controller Certificate payload UUID
ControllerCertificateUUID
The UUID certificate for the LOM controller. This key configures the device to accept the `LOMDeviceRequestCommand` from MDM and then send it to the target device.
stringoptional
No
macOS (11.0+)
CA certificate payload UUIDs
DeviceCACertificateUUIDs
An array of payload UUIDs containing CA certificates that controllers use to evaluate trust of device certificates.
1 subkey
arrayoptional
No
macOS (11.0+)
└─
DeviceCACertificateUUIDsItem
DeviceCACertificateUUIDsItem
string
No
macOS (11.0+)
CA certificate payload UUIDs
ControllerCACertificateUUIDs
An array of payload UUIDs containing CA certificates that devices use to evaluate trust of controller certificates. This key configures the device to accept the `LOMDeviceRequestCommand` from MDM and then send it to the target device. This certificate must contain the Key Usage attributes of Digital Signature, Key Encipherment and Data Encipherment. As well as the Extended Key Usage attributes of Server Authentication and Client Authentication.
1 subkey
arrayoptional
No
macOS (11.0+)
└─
ControllerCACertificateUUIDsItem
ControllerCACertificateUUIDsItem
string
No
macOS (11.0+)

Apple MDM & DDM Policy Explorer

Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.

Reference: policy categories & common keys

Policy categories

  • Configuration Profile
  • Declarative Configuration
  • Declarative Activation
  • Declarative Asset
  • Declarative Management

Common policy keys

  • com.apple.wifi.managedWi-Fi network configuration
  • com.apple.vpn.managedVPN configuration
  • com.apple.applicationaccessApp and feature restrictions
  • com.apple.security.pkcs1Certificate (PKCS#1) payload
  • com.apple.security.pkcs12Identity certificate (PKCS#12) payload
  • com.apple.security.scepSCEP certificate enrolment
  • com.apple.mail.managedMail account configuration
  • com.apple.eas.accountExchange ActiveSync account
  • com.apple.MCXManaged Client (macOS) preferences
  • com.apple.MCX.FileVault2FileVault 2 disk encryption
  • com.apple.dockmacOS Dock configuration
  • com.apple.screensaverScreensaver configuration
  • com.apple.loginwindowmacOS login window configuration
  • com.apple.systempolicy.managedGatekeeper / system policy
  • com.apple.systempreferencesSystem Preferences pane restrictions
  • com.apple.SoftwareUpdateSoftware update behaviour
  • com.apple.TCC.configuration-profile-policyPrivacy Preferences Policy Control (PPPC)
  • com.apple.notificationsettingsPer-app notification settings
  • com.apple.webcontent-filterWeb content filter
  • com.apple.dnsSettings.managedDNS settings (DoH / DoT)
  • com.apple.relay.managedNetwork relay configuration
  • com.apple.extensiblessoExtensible Single Sign-On
  • com.apple.configuration.passcode.settingsDDM: passcode policy
  • com.apple.configuration.softwareupdate.enforcement.specificDDM: enforced software update
  • com.apple.configuration.services.configuration-filesDDM: service configuration files
  • com.apple.configuration.management.status-subscriptionsDDM: status subscriptions
  • com.apple.activation.simpleDDM: simple activation predicate
  • com.apple.management.organization-infoDDM: organization information