Contents

Domains

The payload that configures the domains under an organization’s management.

Declaration

object Domains

Properties

NameTypeDescription
CrossSiteTrackingPreventionRelaxedApps[string]

An array of up to 10 strings representing app bundle-ids. Apps matching the bundle-ids listed here have relaxed enforcement of cross-site tracking prevention for the domains listed in CrossSiteTrackingPreventionRelaxedDomains.

Available in iOS 18 and later and macOS 15 and later.

CrossSiteTrackingPreventionRelaxedDomains[string]

An array of up to 10 strings. URLs matching the patterns listed here have relaxed enforcement of cross-site tracking prevention.

Available in iOS 16.2 and later and macOS 13.1 and later.

EmailDomains[string]

An array of domains. Mail marks in red all email addresses that lack a suffix matching any of these strings.

Available in iOS 8 and later and macOS 10.10 and later.

SafariPasswordAutoFillDomains[string]

An array of domains. Users can only save passwords in Safari from URLs matching the patterns listed here. This property doesn’t disable the autofill feature itself.

Supervised devices or Shared iPads need this property to enable saving passwords in Safari.

Available in iOS 9.3 and later.

WebDomains[string]

An array of domains. The system considers URLs matching the patterns listed in this property managed.

Available in iOS 9.3 and later.

Discussion

Specify com.apple.domains as the payload type.

The WebDomains, SafariPasswordAutoFillDomains, and CrossSiteTrackingPreventionRelaxedDomains keys are arrays containing strings that use the following matching patterns:

  • example.com: Any path under example.com matches, but not site.example.com.

  • foo.example.com: Any path under foo.example.com matches, but not example.com or bar.example.com.

  • \*.example.com: Any path under foo.example.com or bar.example.com matches, but not example.com.

  • example.com/sub: example.com/sub and any path under it matches, but not example.com.

  • foo.example.com/sub: Any path under foo.example.com/sub matches, but not example.com, example.com/sub, foo.example.com/, or bar.example.com/sub.

  • \*.example.com/sub: Any path under foo.example.com/sub or bar.example.com/sub matches, but not example.com or foo.example.com/.

  • \*.co: Any path under example.co or betterbag.co matches, but not example.co.uk or example.com.

A URL that begins with the prefix www. is treated as though it doesn’t contain that prefix during matching. For example, http://www.example.com/store is matched as http://example.com/store.

Trailing slashes are ignored.

If a domain string contains a port number, the system considers only addresses that specify that port number managed. Otherwise, the system matches the domain without regard to the port number specified. For example, the pattern *.example.com:8080 matches http://site.example.com:8080/page.html but not http://site.example.com/page.html, while the pattern *.example.com matches both URLs.

Profile availability

Device channel

iOS, macOS, Shared iPad, visionOS

User channel

macOS, Shared iPad

Allow manual install

iOS, macOS, visionOS

Requires supervision

NA

Requires user-approved MDM

NA

Allowed in user enrollment

NA

Allow multiple payloads

NA

Profile example

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>EmailDomains</key>
            <array>
                <string>example.com</string>
            </array>
            <key>SafariPasswordAutoFillDomains</key>
            <array>
                <string>example.com</string>
            </array>
            <key>WebDomains</key>
            <array>
                <string>example.com</string>
            </array>
            <key>PayloadIdentifier</key>
            <string>com.example.mysafaridomainspayload</string>
            <key>PayloadType</key>
            <string>com.apple.domains</string>
            <key>PayloadUUID</key>
            <string>0f94e664-4c36-4637-b264-19a533adc8e1</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Domains</string>
    <key>PayloadIdentifier</key>
    <string>com.example.myprofile</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>0cf6d95f-8e9f-49f3-9cba-c5e78de5430e</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

See Also

Networking