Service configuration files declarative configuration for Apple devices
Use the Service configuration files configuration to provide managed settings for common system services in a robust and tamper-resistant way. When the configuration is activated, the archive is downloaded and expanded into a special tamper-proof, service-specific location. The service-specific location can be found by calling a function in a public library, so that any service can adopt managed service configuration files. The following built-in services are modified to look for the managed service configuration files, which take precedence over built-in settings:
sshdsudoPAMCUPSApachezsh (/private/etc/zprofile)bash (/private/etc/profile)
The Service configuration files configuration supports the following:
Minimum supported operating system versions and channels: macOS 14 device.
Requires supervision: Yes.
Supported enrollment methods: Device Enrollment, Automated Device Enrollment.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Declarative Key: String: ServiceType, Data Asset Reference | The identifier of the system service the managed configuration files are related to. Use a reverse DNS style for this identifier. | Yes | |||||||||
Declarative Key: String: DataAssetReference, Service Type | An asset declaration that contains the service configuration files. The files need to be distributed as a .zip archive of a directory that can contain one or many files and that should mirror the layout of the directory it replaces. | Yes | |||||||||
Note: Each device management service developer implements these settings differently. To learn how various Service configuration files’ settings are applied to your devices and users, consult your developer’s device management service documentation.