Default attributes
Information about default attributes (wildcards) that can be used across different platforms for device management, app configuration, and policy deployment in the IBM® MaaS360® Portal. These attributes enable dynamic configuration and personalization of device settings, applications, and policies.
%attribute_name% and are replaced with actual values during policy deployment or
app configuration.Default attribute details
| Name | Variable | Platform | Description | Usage scenario |
|---|---|---|---|---|
| User principal name | %upn% |
iOS, Android | User principal name, an email-style login for users in Microsoft Active Directory For
example, |
App configuration |
| User | %user% |
iOS, Android | Alternative username variable For example, test/dean/mcley |
App configuration |
| Device ID | %deviceid% |
iOS, Android | Device unique identifier (CSN)
For example, Android345ddt5 ApplSDK45SHSDS |
App configuration MDM policy Persona policy |
| IMEI | %imei% |
iOS, Android | International Mobile Equipment Identity. For example, 213243454545435ßß |
App configuration MDM policy |
| Username | %username% |
iOS, Android, Windows | Username column value of the user in the IBM MaaS360 portal. For example, test/dean/mcley |
App configuration Persona policy MDM policy Window MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Device Settings, select ActiveSync. You can configure Account Username field under Configure ActiveSync Settings. |
| Email Address | %email% |
iOS, Android, Windows | Email address of the user enrolled with the device. For example,
|
App configuration Persona policy MDM policy Window MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Device Settings, select ActiveSync. You can configure Email Address field under Configure ActiveSync Settings. |
| Domain | %domain% |
iOS, Android, Windows | Domain of the user For example, |
App configuration Persona policy MDM policy Window MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Device Settings, select ActiveSync. You can configure Domain Name field under Configure ActiveSync Settings. |
| CSN | %csn% |
iOS | Computer Serial Number of the device. For example, DMPDF1HPQ1KM |
App configuration |
| UDID | %udid% |
iOS | Unique Device Identifier for iOS devices. For example, 00008020-001435EA2EF0402E |
App configuration |
| ICCID | %iccid% |
iOS | ICCID of the device. Integrated Circuit Card Identifier (SIM card). For example, 8944 4756 0010 3641 191 |
App configuration |
| Device Name | %devicename% |
Windows | Device name in the IBM MaaS360 Portal. For example, jack-device |
Window MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Advanced Settings, select Network Restrictions. You can configure Configure Bluetooth Device Name field under Bluetooth Settings. |
| Directory | %WINDIR% |
Windows | Windows drive or directory (SystemRoot). For example, C:\WINDOWS, C:\WINDOWS\regedit.exe |
App that exists under C:\WINDOWS. For example,
Windows MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under the Desktop Apps. |
| OS Drive | %OSDRIVE% |
Windows | Windows installation directory (SystemDrive). For example, C:\ |
App that exists under OS drive C:\. For example,
Windows MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and allowlist under Desktop Apps. |
| Program Files | %PROGRAMFILES% |
Windows |
A 64-bit installed app files that exist under file path C:\Program Files. For example, C:\Program Files\Notepad++\notepad++.exe |
A 64-bit installed app files that exist under file path C:\Program Files.
For example, Windows MDM policy. For example, from the IBM
MaaS360 Portal, go to
and open
Window MDM policy.
App Catalog. For example, from the IBM
MaaS360 Portal, go to
|
| Program Files (x86) | %PROGRAMFILES(X86)% |
Windows |
A 32-bit installed app files that exist under file path C:\Program Files(X86). For example, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
A 32-bit installed app files that exist under file path C:\Program Files
(x86). For example, Windows MDM policy. For example, from the IBM
MaaS360 Portal, go to
and open
Window MDM policy.
App Catalog. For example, from the IBM
MaaS360 Portal, go to
|
| Removable Media | %REMOVABLE% |
Windows | Removable media drive (CD/DVD). For example, apps that exist under CD/DVD drive E:\ E:\OS\WinOS.exe |
An app exists under a CD or DVD drive. For example,
Windows MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under Desktop Apps. |
| Hot Pluggable Storage | %HOT% |
Windows | Removable storage device (USB flash drive). For example, apps that exist under USB drive E:\ E:\OS\WinOS.exe |
App file that exists under a removable USB drive. For example,
Windows MDM policy. For example, from the IBM MaaS360 Portal, go to and open Window MDM policy. On the Device Settings, select Advanced App Compliance. You can configure allowlist or blocklist of apps with file path in Configure App Blocklist and Allowlist under Desktop Apps. |
| Application Name | %APPNAME% |
Windows | Batch or PowerShell or VBS file name for script installation For example,
|
App Catalog. For example, from the IBM
MaaS360 Portal, go to
. For script app
type, update the Execution command > Install field to
include |
| Application URL | %APPURL% |
Windows | MSI file name for MSI installation |
App catalog MSI distribution. For example, from the IBM
MaaS360 Portal, go to
. For MSI app
type, update the Execution command > Install field in
Apps > Catalog to include |
| Application executable file | %APPNAME%.exe |
Windows | EXE file name for executable installation |
App catalog EXE distribution. For example, from the IBM
MaaS360 Portal, go to
. For script app
type, update the Execution command > Installs field to
include |
Platform-specific attributes
- iOS
%upn%,%user%,%username%,%email%,%domain%,%deviceid%,%csn%,%udid%,%imei%,%iccid%Use cases- App configuration for enterprise applications
- Persona and MDM policy deployment
- Device identification and tracking
- Email and network configuration
- Android
%upn%,%user%,%username%,%email%,%domain%,%deviceid%,%imei%Use cases- App configuration for managed apps
- Persona policy customization
- MDM policy deployment
- Work profile configuration
- Windows
- User attributes
%email%,%username%,%domain%,%devicename% - System paths
%WINDIR%,%OSDRIVE%,%PROGRAMFILES%,%PROGRAMFILES(X86)% - Storage
%REMOVABLE%,%HOT% - App deployment
%APPNAME%,%APPURL%,%APPNAME%.exe
Use cases- ActiveSync email configuration
- Advanced app compliance policies
- Kiosk mode configuration
- App catalog deployment (EXE, MSI, scripts)
- Network and Bluetooth restrictions
- User attributes
Usage examples
- App configuration
Configure enterprise applications with user-specific credentials. Applicable for iOS, Android, Windows platforms. For more information, see App configuration details for MaaS360 MTD app.
{ "userEmail": "%email%", "userName": "%username%", "deviceId": "%deviceid%", "domain": "%domain%" } - Email and ActiveSync configuration
Configure email settings for enrolled devices. Applicable for iOS, Android, Windows platforms.
Email Address: %email% Username: %username% Domain: %domain% Server: mail.%domain% - Box EMM integration
Configure Box integration with user credentials. Applicable for iOS, Android, Windows platforms. For more information, see Configuring Box for EMM integration.
User Email: %email% User Name: %username% Domain: %domain% - Custom command for file upload
Upload files to devices with user-specific paths. Applicable for iOS, Android, Windows platforms. For more information, see Upload file custom command.
File path/Users/%username%/Documents/config.xmlDestination%email%@device - Windows app compliance
Configure allowlist or blocklist applications by using system paths. Applicable for Windows platform.
Allowed Apps:%PROGRAMFILES%\Microsoft Office\Office16\WINWORD.EXE %PROGRAMFILES(X86)%\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe %WINDIR%\System32\notepad.exeBlocked Apps:%REMOVABLE%\*.* %HOT%\*.* - Kiosk mode configuration
Configure multi-app kiosk with specific applications. Applicable for Windows platform.
<AllowedApps> <App>%PROGRAMFILES%\CompanyApp\app.exe</App> <App>%PROGRAMFILES(X86)%\Browser\browser.exe</App> </AllowedApps>