Agent settings: MacOS Device Configuration

Tools > Configuration > Agent Settings > Mac Profiles > macOS device configuration

Use the configuration profile editor to create new configuration profiles or edit existing ones without external tools. For more information about the configuration profile editor, see Configuration Profile Editor.

The macOS device section of the configuration profile editor contains the following settings for macOS devices:


General: Set mandatory settings for all configuration profiles.

Certificates: Add certificates that will be installed with the profile on the target devices. Clicking the Configure button will let you choose an X.509 certificate file from disk to attach to the profile.


Passcode: Specify passcode policies, such as minimum password length and complexity.

Network (Wi-Fi): Configure how devices connect to your wireless network, including authentication information.

Network (Ethernet): Configure how devices connect to your Ethernet network, including authentication information.

VPN: Configure how devices connect to your network via VPN, including authentication information.

SCEP: Define settings for connecting to your SCEP server.

Fonts: Specify which fonts will be installed on the device.

AirPlay: Allow AirPlay destinations and enter credentials for them.

Security & Privacy: Configure which security settings users will have access to and if diagnostics will be sent to Apple.

Privacy preferences: Allow or deny specific applications access to device data including contacts, calendar, and system administration files. Each application entry requires a code signature. To find the code signature for an app, run the command codesign -display -r - for the application. The code signature is the string that follows designated =>. Requires user-approved MDM or DEP enrollment.

Identification: Configure user accounts.

Restrictions: Set application and content restrictions for preferences, applications, widgets, media, sharing, and functionality.

AD Certificate: Add and configure settings for Active Directory certificates.

Directory: Configure credentials for Open Directory/LDAP and Active Directory.

Login Window: Configure the behavior and appearance of the login window.

Login Items: Specify settings for items that run at login.

Mobility: Define settings for Mobility and Portable Home Directories, including account creation and encryption.

Dock: Define settings for dock appearance, applications, and items.

Software Update: Enter the location of the software update server, specify if beta releases are allowed, and set who can install software updates.

AirPrint: Define a list of AirPrint printers that the device can connect to.

Printing: (Legacy) Add approved printers to the device.

Energy Saver: Set sleep and wake options for both desktop and portable devices.

Parental Controls: Configure parental controls for the device, including website access limitations and disabling Siri.

Time Machine: Enter the location of the Backup Server and select which files will be backed up.

Finder: Configure what is accessible through the Finder and available commands.

Autonomous Single App Mode: Grant autonomous single app mode capabilities to specific applications. Requires user-approved MDM or DEP enrollment.

Accessibility: Configure accessibility settings for vision, hearing, and interaction.

Xsan: Configure how devices will connect to your Xsan network.

Proxies: Enter credentials for your proxy servers.

Smart Card: Enable, disable, or restrict Smart Card functionality.

System Migration: Create custom migration paths for migrating from Windows devices.

Kernel Extensions: Configure whether users can use kernel extensions, and approve specific teams that are allowed to use them. Requires user-approved MDM or DEP enrollment.

Content Caching: Configure content caching settings including what content will be cached, maximum cache size, and peer-to-peer sharing.

Extensions: Select which extensions are allowed or disabled on the device.

Custom Settings: Enter the domain and key value pairs for custom settings.

Single Sign On Extensions: Identify and configure application extensions that can perform single sign on for the device.

Associated Domains: Associate applications with specific domains.

Global HTTP Proxy: Configure settings for the global HTTP proxy for supervised devices.