System Policy Rule (com.apple.systempolicy.rule)

com.apple.systempolicy.rule

The payload that configures the system policy.

macOS(10.8)
Branch: release

Settings (6)

SettingTypeRequiredDefaultManual InstallSupported OS
Requirement
Requirement
The policy requirement. This key must follow the syntax described in [Code Signing Requirement Language](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html#//apple_ref/doc/uid/TP40005929-CH5).
stringoptional
Yes
macOS (10.8+)
Comment
Comment
This string appears in the System Policy UI. If it's missing, `PayloadDisplayName` or `PayloadDescription` is entered into this field before the rule is added to the System Policy database.
stringoptional
Yes
macOS (10.8+)
Priority
Priority
The rule's priority.
realoptional
Yes
macOS (10.8+)
Expiration
Expiration
The expiration date for rules being processed.
dateoptional
Yes
macOS (10.8+)
OperationType
OperationType
The type of operation.
stringoptionaloperation:execute
Yes
macOS (10.8+)
LeafCertificate
LeafCertificate
The single leaf certificate for the app that is in the allow list.
dataoptional
Yes
macOS (10.8+)

Apple MDM & DDM Policy Explorer

Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.

Reference: policy categories & common keys

Policy categories

  • Configuration Profile
  • Declarative Configuration
  • Declarative Activation
  • Declarative Asset
  • Declarative Management

Common policy keys

  • com.apple.wifi.managedWi-Fi network configuration
  • com.apple.vpn.managedVPN configuration
  • com.apple.applicationaccessApp and feature restrictions
  • com.apple.security.pkcs1Certificate (PKCS#1) payload
  • com.apple.security.pkcs12Identity certificate (PKCS#12) payload
  • com.apple.security.scepSCEP certificate enrolment
  • com.apple.mail.managedMail account configuration
  • com.apple.eas.accountExchange ActiveSync account
  • com.apple.MCXManaged Client (macOS) preferences
  • com.apple.MCX.FileVault2FileVault 2 disk encryption
  • com.apple.dockmacOS Dock configuration
  • com.apple.screensaverScreensaver configuration
  • com.apple.loginwindowmacOS login window configuration
  • com.apple.systempolicy.managedGatekeeper / system policy
  • com.apple.systempreferencesSystem Preferences pane restrictions
  • com.apple.SoftwareUpdateSoftware update behaviour
  • com.apple.TCC.configuration-profile-policyPrivacy Preferences Policy Control (PPPC)
  • com.apple.notificationsettingsPer-app notification settings
  • com.apple.webcontent-filterWeb content filter
  • com.apple.dnsSettings.managedDNS settings (DoH / DoT)
  • com.apple.relay.managedNetwork relay configuration
  • com.apple.extensiblessoExtensible Single Sign-On
  • com.apple.configuration.passcode.settingsDDM: passcode policy
  • com.apple.configuration.softwareupdate.enforcement.specificDDM: enforced software update
  • com.apple.configuration.services.configuration-filesDDM: service configuration files
  • com.apple.configuration.management.status-subscriptionsDDM: status subscriptions
  • com.apple.activation.simpleDDM: simple activation predicate
  • com.apple.management.organization-infoDDM: organization information