Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Use the interactive explorer to search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.
The payload that configures the system policy.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Requirement Requirement The policy requirement. This key must follow the syntax described in [Code Signing Requirement Language](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html#//apple_ref/doc/uid/TP40005929-CH5). | string | optional | — | ✓Yes | macOS (10.8+) |
Comment Comment This string appears in the System Policy UI. If it's missing, `PayloadDisplayName` or `PayloadDescription` is entered into this field before the rule is added to the System Policy database. | string | optional | — | ✓Yes | macOS (10.8+) |
Priority Priority The rule's priority. | real | optional | — | ✓Yes | macOS (10.8+) |
Expiration Expiration The expiration date for rules being processed. | date | optional | — | ✓Yes | macOS (10.8+) |
OperationType OperationType The type of operation. | string | optional | operation:execute | ✓Yes | macOS (10.8+) |
LeafCertificate LeafCertificate The single leaf certificate for the app that is in the allow list. | data | optional | — | ✓Yes | macOS (10.8+) |
