iOS device commands
Last updated September 25th, 2024
The available commands for a device vary based on its management mode.
For Shared iPads, certain device commands require the Knox Manage agent to be installed and running on the device. To identify which, see the Supported system column in the command tables on this page. For details on how to install the agent, see Manage Shared iPads.
Device
| Device command | Description | Supported system |
|---|---|---|
| Push Profile |
Pushes and applies the latest profile and app information to the device. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS User Enrollment |
| Lock Device | Blocks some functions of the device without locking the device. |
iOS iPadOS User Enrollment |
| Unlock Device | Unlocks the device. |
iOS iPadOS User Enrollment |
| Factory Reset | Performs a factory reset and changes the device status to Unenrolled. |
iOS iPadOS |
| Power Off Device (Supervised) | Turns off the device. |
iOS iPadOS Supervised |
| Reboot Device (Supervised) | Restarts the device. |
iOS iPadOS Supervised |
| Clear Screen Lock |
Resets the device's screen lock password. Due to an outstanding bug, the password might not reset after the iPhone receives this command. This unexpected error occurs when the unlock token fails to deliver to the Knox Manage servers. |
iOS iPadOS |
| Initialize Blocked Information (Supervised) |
Initializes the block settings of the device. Only iOS Supervised devices are supported. |
iOS iPadOS Supervised |
| OS Update (Supervised) |
Updates the device to the latest iOS version. Select the Update Method:
Make sure that the App Installation policy is set to Allow so that OS updates can be installed. |
iOS iPadOS Supervised |
| Enable Lost Mode (Supervised) |
Enables Lost Mode on the device for scenarios where it's lost or stolen. When sending this device command, you must submit the following information:
You can also submit the following optional settings:
Devices in Lost Mode cannot be unenrolled from Knox Manage. You must disable Lost Mode to allow the device user to use the device again. |
iOS iPadOS Supervised |
| Disable Lost Mode (Supervised) | Disables Lost Mode on the device. |
iOS iPadOS Supervised |
| Update the eSIM Cellular Plan | Updates the cellular plan on a device.
For more information, see Prepare to use eSIMs with Apple devices in the Apple developer documentation. |
iOS iPadOS Supervised |
| Save User Information | Logs the sign-in information of the current user. For Shared iPads only. |
iOS iPadOS |
| Check User Out | Signs the current user out. For Shared iPads only. |
iOS iPadOS |
| Enable Activation Lock |
Enables activation lock on iOS devices enrolled using Automated Device Enrollment (ADE). Device users must sign in to iCloud and enable the Find My feature to apply activation lock on devices. To disable the activation lock, click Disable Activation Lock in the Device Information tab on the Device Details page. Activation lock settings are respected across Apple Business Manager and Knox Manage. If you disable the lock in Apple Business Manager, then **Disable Activation Lock** will not work in the Knox Manage console as the lock is already disabled. |
iOS iPadOS |
Application
| Device command | Description | Supported system |
|---|---|---|
| Install App |
Installs an app on the device. On the Request Command screen, select the app that you want to install. The app installation allowlist and blocklist policy take precedence over this command. If an app is blocked, then this command can't install it. |
iOS iPadOS |
| Uninstall App |
Uninstalls an app from the device. On the Request Command screen, select the app you want to uninstall. The app installation allowlist and blocklist policy take precedence over this command. If an app is explicitly allowed, then this command can't uninstall it. |
iOS iPadOS |
| Apply Latest Internal App Information |
Sends the latest internal app information and updates the device according to the information. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
Knox Manage
| Device command | Description | Supported system |
|---|---|---|
| Push Notification |
Sends an emergency message to the device. You can add a push notification message of up to 80 characters. On the Push Notification dialog, enter the title and content of the message. On iPhones, the notification title and message show on the lock screen and in the Notification Center. For shared iPads with an active Managed Apple ID user session, the Knox Manage agent must be installed for this command to function. |
iOS iPadOS |
| Unenroll Device | Unenrolls a selected device on the device list. |
iOS iPadOS User Enrollment |
| Update Knox Manage Agent | Updates the Knox Manage agent on the device for a new patch or version. |
iOS iPadOS Shared iPads |
| Update User Information |
Updates the device user information such as the user activation status, username, user settings—such as Secure Browser website URL information and bookmark information—as well as license information. If the user is signed out from the enrolled device, you can send this command to enable the user to sign in to Knox Manage automatically. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
| Lock Screen of Knox Manage agent |
Locks the Knox Manage agent. When the agent is locked, the device user must enter the agent's password that was configured during enrollment. If the user forgets the password, you can send the Delete Account command to sign out the user. Then, they can reset the password upon sign in. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
| Unlock Knox Manage agent |
Unlocks the Knox Manage agent. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
| Delete Account | Deletes the account registered in the Knox Manage agent. |
iOS iPadOS |
| Collect Audit Log |
Collects the Knox Manage audit logs of the device. When the log size exceeds the maximum size, logs are automatically sent to the server, but the log file may be lost. For more detailed information, see Viewing audits. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
| Collect Device Log |
Collects the logs of devices. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
| Collect Diagnosis Information |
Collects the device log to diagnose the cause of device lock. Personally identifiable or sensitive information is masked. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
| Sync App Auto-removal Property (When service is deactivated) | If the value of Delete app during Unenrollment process has changed in the server configuration, this option syncs the app auto-deletion property when managed apps are deactivated. |
iOS iPadOS |
Device Info.
| Device command | Description | Supported system |
|---|---|---|
| Collect current location |
Shows the current location of the device. To view the location of the device after sending this command, navigate to Device, click the check box for the device, and then click Check Location. Each time you send the command to collect current location, the user must consent to collecting device location data. Alternatively, the device user can provide consent to collect location data as a background process. Before you can collect location data from the device as a background process, the following prerequisites must be met:
After these prerequisites are met, the device's location data is collected whenever the device moves 500 meters or more, and this device command is functional. Location history for iOS devices is stored for 30 days from the last collection date. Shared iPads with an active Managed Apple ID user session require the Knox Manage agent to be installed and running for this device command to function. |
iOS iPadOS |
| Sync Device Information |
Updates the inventory and app information on the device. For iOS devices, only the hardware status is updated. |
iOS iPadOS User Enrollment |
| Sync Installed App List |
Pulls the device's app list. You have the option to delete app feedback when sending this device command. |
iOS iPadOS |
| Check Connection Status |
Checks the service connection status of the device. To check the status of the device after sending this command, navigate to Device, click the device name or tag, click the Security tab, and view the connection status below the device name. For information on the different connection statuses, see Device connection statuses. |
iOS iPadOS User Enrollment |
| Collect Profile ID |
Collects the ID of the profile applied to the device. If the device was enrolled, then the ID is automatically collected from the device's inventory information without sending the device command. |
iOS iPadOS User Enrollment |
On this page
Is this page helpful?