Default attributes

Information about default attributes (wildcards) that can be used across different platforms for device management, app configuration, and policy deployment in the IBM® MaaS360® Portal. These attributes enable dynamic configuration and personalization of device settings, applications, and policies.

Default attributes are system variables that dynamically populate device and user information in policies, app configurations, and workflows. These wildcards follow the syntax pattern %attribute_name% and are replaced with actual values during policy deployment or app configuration.
Note: Make sure that you use a wildcard that is appropriate for your use case and supported by the target platform.

Default attribute details

Name Variable Platform Description Usage scenario
User principal name %upn% iOS, Android User principal name, an email-style login for users in Microsoft Active Directory

For example, exmaple@test.company.com

App configuration
User %user% iOS, Android Alternative username variable

For example, test/dean/mcley

App configuration
Device ID %deviceid% iOS, Android Device unique identifier (CSN)
  • For Android, Androidxxxxxxx
  • For iOS, Applxxxxxxx

For example,

Android345ddt5

ApplSDK45SHSDS

App configuration

MDM policy

Persona policy

IMEI %imei% iOS, Android International Mobile Equipment Identity.

For example, 213243454545435ßß

App configuration

MDM policy

Username %username% iOS, Android, Windows Username column value of the user in the IBM MaaS360 portal.

For example, test/dean/mcley

App configuration

Persona policy

MDM policy

Window MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Device Settings, select ActiveSync. You can configure Account Username field under Configure ActiveSync Settings.

Email Address %email% iOS, Android, Windows Email address of the user enrolled with the device.

For example, dean@ibm.com

App configuration

Persona policy

MDM policy

Window MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Device Settings, select ActiveSync. You can configure Email Address field under Configure ActiveSync Settings.

Domain %domain% iOS, Android, Windows Domain of the user

For example, ibm.com, google.com

App configuration

Persona policy

MDM policy

Window MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Device Settings, select ActiveSync. You can configure Domain Name field under Configure ActiveSync Settings.

CSN %csn% iOS Computer Serial Number of the device.

For example, DMPDF1HPQ1KM

App configuration
UDID %udid% iOS Unique Device Identifier for iOS devices.

For example, 00008020-001435EA2EF0402E

App configuration
ICCID %iccid% iOS ICCID of the device. Integrated Circuit Card Identifier (SIM card).

For example, 8944 4756 0010 3641 191

App configuration
Device Name %devicename% Windows Device name in the IBM MaaS360 Portal.

For example, jack-device

Window MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Advanced Settings, select Network Restrictions. You can configure Configure Bluetooth Device Name field under Bluetooth Settings.

Directory %WINDIR% Windows Windows drive or directory (SystemRoot).

For example, C:\WINDOWS, C:\WINDOWS\regedit.exe

App that exists under C:\WINDOWS. For example, C:\WINDOWS\regedit.exe can be replaced as %WINDIR%\regedit.exe

Windows MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under the Desktop Apps.

OS Drive %OSDRIVE% Windows Windows installation directory (SystemDrive).

For example, C:\

App that exists under OS drive C:\. For example, C:\DRIVER\DisplayDriver.exe can be replaced as %OSDRIVE%\DRIVER\DisplayDriver.exe

Windows MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and allowlist under Desktop Apps.

Program Files %PROGRAMFILES% Windows

A 64-bit installed app files that exist under file path C:\Program Files.

For example, C:\Program Files\Notepad++\notepad++.exe

A 64-bit installed app files that exist under file path C:\Program Files. For example, C:\Program Files\Notepad++\notepad++.exe can be replaced as %PROGRAMFILES%\Notepad++\notepad++.exe

Windows MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy.
  • Configure App Blocklist and Allowlist

    On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under Desktop Apps

  • Configure Kiosk mode

    On the Advanced Settings, select Kiosk Mode (Assigned Access). You can configure Multi App Kiosk settings as Win32 and Win32 Shortcut types.

App Catalog. For example, from the IBM MaaS360 Portal, go to Apps > Catalog
  • EXE, MSI, and Script app

    In the Relevance to Install and Install Success Criteria fields, you can use the environment variable %PROGRAMFILES% as a prefix to the target file path. The MDM Extender Service (MES) automatically resolves this variable based on the operating system environment. Use this approach for configuring 'File exists or File does not exist conditions.

  • Downloadable apps

    In the Save to location field, you can specify %PROGRAMFILES% followed by the wanted file path. MDM Extender Service (MES) replaces the environment variable with the appropriate OS-specific value during app deployment.

Program Files (x86) %PROGRAMFILES(X86)% Windows

A 32-bit installed app files that exist under file path C:\Program Files(X86).

For example, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

A 32-bit installed app files that exist under file path C:\Program Files (x86). For example, C:\Program Files (x86)\Notepad++\notepad++.exe can be replaced as %PROGRAMFILES(X86)%\Notepad++\notepad++.exe

Windows MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy.
  • Configure App Blocklist and Allowlist

    On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under Desktop Apps

  • Configure Kiosk mode

    On the Advanced Settings, select Kiosk Mode (Assigned Access). You can configure Multi App Kiosk settings as Win32 and Win32 Shortcut types.

App Catalog. For example, from the IBM MaaS360 Portal, go to Apps > Catalog
  • EXE, MSI, and Script app

    In the Relevance to Install and Install Success Criteria fields, you can use the environment variable %PROGRAMFILES% as a prefix to the target file path. The MDM Extender Service (MES) automatically resolves this variable based on the operating system environment. Use this approach for configuring 'File exists or File does not exist conditions.

  • Downloadable apps

    In the Save to location field, you can specify %PROGRAMFILES% followed by the wanted file path. MDM Extender Service (MES) replaces the environment variable with the appropriate OS-specific value during app deployment.

Removable Media %REMOVABLE% Windows Removable media drive (CD/DVD).

For example, apps that exist under CD/DVD drive E:\

E:\OS\WinOS.exe

An app exists under a CD or DVD drive. For example, D:\OS\WinOS.exe can be replaced as %REMOVABLE%\OS\WinOS.exe

Windows MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under Desktop Apps.

Hot Pluggable Storage %HOT% Windows Removable storage device (USB flash drive).

For example, apps that exist under USB drive E:\

E:\OS\WinOS.exe

App file that exists under a removable USB drive. For example, E:\OS\WinOS.exe

Windows MDM policy. For example, from the IBM MaaS360 Portal, go to Security > Policies and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under Desktop Apps.

Application Name %APPNAME% Windows Batch or PowerShell or VBS file name for script installation

For example, cleanup-device.ps1

App Catalog. For example, from the IBM MaaS360 Portal, go to Apps > Catalog. For script app type, update the Execution command > Install field to include %APPNAME%. The MDM Extender Service (MES) automatically replaces this variable with the full file path of the app in the MES downloaded folder.

Application URL %APPURL% Windows MSI file name for MSI installation

App catalog MSI distribution. For example, from the IBM MaaS360 Portal, go to Apps > Catalog. For MSI app type, update the Execution command > Install field in Apps > Catalog to include %APPURL%. The MDM Extender Service (MES) automatically replaces this variable with the full file path of the app in the MES downloaded folder.

Application executable file %APPNAME%.exe Windows EXE file name for executable installation

App catalog EXE distribution. For example, from the IBM MaaS360 Portal, go to Apps > Catalog. For script app type, update the Execution command > Installs field to include %APPNAME%.exe. The MDM Extender Service (MES) automatically replaces this variable with the full file path of the app in the MES downloaded folder.

Platform-specific attributes

  • iOS

    %upn%, %user%, %username%, %email%, %domain%, %deviceid%, %csn%, %udid%, %imei%, %iccid%

    Use cases
    • App configuration for enterprise applications
    • Persona and MDM policy deployment
    • Device identification and tracking
    • Email and network configuration
  • Android

    %upn%, %user%, %username%, %email%, %domain%, %deviceid%, %imei%

    Use cases
    • App configuration for managed apps
    • Persona policy customization
    • MDM policy deployment
    • Work profile configuration
  • Windows
    • User attributes

      %email%, %username%, %domain%, %devicename%

    • System paths

      %WINDIR%, %OSDRIVE%, %PROGRAMFILES%, %PROGRAMFILES(X86)%

    • Storage

      %REMOVABLE%, %HOT%

    • App deployment

      %APPNAME%, %APPURL%, %APPNAME%.exe

    Use cases
    • ActiveSync email configuration
    • Advanced app compliance policies
    • Kiosk mode configuration
    • App catalog deployment (EXE, MSI, scripts)
    • Network and Bluetooth restrictions

Usage examples

  • App configuration

    Configure enterprise applications with user-specific credentials. Applicable for iOS, Android, Windows platforms. For more information, see App configuration details for MaaS360 MTD app.

    
      {
      "userEmail": "%email%",
      "userName": "%username%",
      "deviceId": "%deviceid%",
      "domain": "%domain%"
    }
  • Email and ActiveSync configuration

    Configure email settings for enrolled devices. Applicable for iOS, Android, Windows platforms.

    Email Address: %email%
    Username: %username%
    Domain: %domain%
    Server: mail.%domain%
  • Box EMM integration

    Configure Box integration with user credentials. Applicable for iOS, Android, Windows platforms. For more information, see Configuring Box for EMM integration.

     User Email: %email%
    User Name: %username%
    Domain: %domain%
  • Custom command for file upload

    Upload files to devices with user-specific paths. Applicable for iOS, Android, Windows platforms. For more information, see Upload file custom command.

    File path
    /Users/%username%/Documents/config.xml
    
    Destination
    %email%@device
  • Windows app compliance

    Configure allowlist or blocklist applications by using system paths. Applicable for Windows platform.

    Allowed Apps:
    %PROGRAMFILES%\Microsoft Office\Office16\WINWORD.EXE
    %PROGRAMFILES(X86)%\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 
    %WINDIR%\System32\notepad.exe
    Blocked Apps:
    
    %REMOVABLE%\*.*
    %HOT%\*.*
  • Kiosk mode configuration

    Configure multi-app kiosk with specific applications. Applicable for Windows platform.

    <AllowedApps>
      <App>%PROGRAMFILES%\CompanyApp\app.exe</App>
      <App>%PROGRAMFILES(X86)%\Browser\browser.exe</App>
    </AllowedApps>