Management and Security powered by Landesk

Agent settings: Apple configuration profiles editor

The Apple configuration profiles editor lets you create new Apple configuration profiles or edit existing ones without requiring external tools. The editor supports the following platforms:

  • macOS profiles (under Agent settings > Mac profiles)
  • macOS device configuration (under Agent settings > Mac profiles)
  • iOS profiles (under Agent settings > Mobility)
  • tvOS profiles (under Agent settings)

Open the Apple configuration profiles editor by clicking Tools > Configuration > Agent settings, and the Apple agent setting you want. This opens a dialog box in which you can choose from new or available profiles or open an existing profile from disk; the chosen profile is then opened in the configuration profile editor (the exact content of the window depends on the type of the profile):

Clicking OK in the profile editor window saves the new or edited profile.

The Save to Disk button at the bottom of the window lets you export the profile as a text file to disk. This button is enabled only if exporting the profile was allowed by checking the Allow save to disk option (see "Common settings").

The other options available in the editor depend on the profile chosen.

Administrators can access this editor only if the Modify Mobile Device Configuration Profiles option has been activated for their account.

Common settings

The Common section of the configuration profile editor lets you specify and edit settings that each configuration profile has, independent of its type. The section has two subsections:

General

Certificates

The settings from both sections are described below.

General

The General section contains mandatory settings for all kinds of configuration profiles:

Name: The name of the profile. This is also the name that the profile will have in the Mobile Devices window.

Identifier: A unique identifier for the profile, for example “com.mycompany.it.mdm.my-profile.421”.

Organization: The name of your organization.

Description: A brief text describing the purpose of the profile.

Consent Message: A message that will be displayed on the target device when the user is prompted to allow the installation of the profile.

Security: The options the user of the target device has for removing this profile:

Always: The user can remove the profile as desired.

With Authorization: The user can remove the profile when she or he enters a password that you specify in the Authorization password field. (The field is hidden unless you choose this option.)

Never: The profile cannot be removed, although it can be overwritten with a newer version.

Automatically Remove Profile: At which point the profile is automatically removed from the device (that is, without requiring further action by you or the user):

Never: The profile is not automatically removed.

On Date: The profile is automatically removed at the specified date. (Choosing this option displays a field for entering the date.)

After Interval: The profile is automatically removed a set time after it has been installed. (Choosing this option displays a field for specifying the number of days.)

Allow save to disk: If this option is checked, any administrator can save the profile to disk as a file (by clicking the Save to Disk button in the profile editor). If this option is unchecked, only superadministrators can export the profile in this manner.

Certificates

The Certificates section lets you specify which certificates will be installed with the profile on the target devices.

Clicking the Configure button will let you choose an X.509 certificate file from disk to attach to the profile.

Imported certificates have + and - buttons beside their names. Clicking + lets you import an additional certificate; clicking - removes the imported certificate from the profile.

Each imported certificate has two editable fields:

Credential Name: The name of the certificate. By default, this is the file name, but you can edit it as desired.

Password: If the certificate is protected by a password, you can enter it. If you do not do so, the user must enter the password during the installation of the profile; if it is not entered correctly, the installation fails. (This does not apply when no password is set for the profile.)

macOS profiles

The macOS section of the configuration profile editor contains settings for macOS computers that can be specified in profiles.

Categories

Categories have + and - buttons or just - buttons beside their names. Clicking + lets you specify an instance of the category. Clicking - removes the category instance from the profile. If this was the last (or only) instance of the category, the profile no longer provides settings for this category.

iOS profiles

The iOS section of the configuration profile editor contains settings for iOS devices that can be specified in profiles.

Custom setting

The settings in this section are the same as those in Apple’s Profile Manager (part of macOS Server), with one additional setting in the Disable App Store section. If you add this payload to a configuration profile, it disables access to the App Store from any device on which it is installed. Note that the Disable access to the App Store from the device option is always checked – the payload does not offer any other options.

If you want to re-enable App Store access, do so by removing the profile from the device.

If you create a profile with the Disable App Store payload, you must not add any other payloads to the profile.

Categories

Categories have + and - buttons or just - buttons beside their names. Clicking + lets you specify an instance of the category. Clicking - removes the category instance from the profile. If this was the last (or only) instance of the category, the profile no longer provides settings for this category.

tvOS profiles

The tvOS section of the configuration profile editor contains settings for tvOS devices that can be specified in profiles.

The settings in this section are the same as those in Apple’s Profile Manager (part of macOS Server).

Categories

Categories have + and - buttons or just - buttons beside their names. Clicking + lets you specify an instance of the category. Clicking - removes the category instance from the profile. If this was the last (or only) instance of the category, the profile no longer provides settings for this category.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other