VSA 10 MDM: Apple MDM profiles

NAVIGATION   Administration > Configuration > Profiles > New Profile > Apple MDM Restrictions (Device Configuration) profile type

NAVIGATION   Administration > Configuration > Profiles > New Profile > Apple MDM Networking (Device Configuration) profile type

NAVIGATION   Administration > Configuration > Profiles > New Profile > Apple MDM Security (Device Configuration) profile type

NAVIGATION   Administration > Configuration > Profiles > New Profile > Apple MDM System Configuration (Device Configuration) profile type

NAVIGATION   Administration > Configuration > Policies

SECURITY   Administrator

Using any of the Apple MDM types of Device Configuration profiles, you have the ability to automate the setup of mobile device user accounts, networking settings, security policies, and hardware, operating system, and application restrictions from the moment the device is enrolled. This powerful feature eliminates the need for administrators to manually onboard every MDM endpoint in your environment, saving you time and ensuring that all devices are configured consistently.

To learn how to enroll a device in MDM, refer to VSA 10 MDM: enrollment.

For a comprehensive overview of how profiles and policies work in VSA 10, refer to Policies overview.

Overview

With MDM profiles, you can create predefined setup templates for supported Apple devices and associate them with management policies. When VSA 10 detects a client that meets the criteria of one or more of the associated policy rules, it will automatically apply the corresponding profile to the device via the Apple Push Notification Service.

Supported hardware

The following devices support management via MDM profiles:

Notebooks Desktops Mobile Other
MacBook Air, Macbook Pro iMac, Mac mini, Mac Studio, Mac Pro iPad, iPhone Apple Watch, Apple TV

Capabilities

MDM profiles support the following applications and system settings:

Category Description Applications and settings
Networking Manage network configuration, including WiFi, Ethernet, and VPNs.

WiFi, Ethernet, cellular, firewall, DNS, proxy, VPN, AirPlay, AirPrint
Security Control sensitive security-related device settings.

Authentication, certificates, parental controls, encryption, passcodes
Restrictions Manage hardware, operating system, and application restrictions.

Bluetooth, camera, Game Center App Store, lock screen, user creation, startup, authentication
System Configuration Enable or disable interface elements, manage login behavior, control system updates.

Login behavior, user experience, preferences, software catalog

How to...

To create an MDM profile, complete the following steps:

  1. In your VSA instance, navigate to Administration > Configuration > Profiles.
  2. The Profiles page will load. At the top of the Folders list, click All Profiles.
  3. In the Profiles pane, click New Profile.
  4. The Create New Profile page will load.
  5. In the Details section, enter a name and a brief description for the profile
  6. In the Policy Type section, make the following selections:
    • Policy Type: Device Configuration
    • Configuration Type: Any Apple MDM configuration type
  7. Click Next.
  8. Select a configuration section from the Not Configured Sections list. Then, click Add Configuration.
  9. You'll notice that the selected configuration moves into the Configured Sections list. Complete all applicable fields.
  10. To add additional configuration sections, click Add Configuration. To remove a section, click the Remove link next to its name.
  11. When you've finished customizing the profile, click Create.

Next, you'll need to create a policy that defines the devices to which you'd like to automatically apply your configuration. Complete the following steps:

  1. Navigate to Configuration > Policies. Create a new policy or edit an existing policy.
  2. Click Assign Profile.
  3. Locate the profile you'd like to use. Select it by clicking the radio button next to its name.

    EXAMPLE  

  4. Click Assign.
  5. VSA 10 will begin enforcing the selected profile immediately. You can view it in effect at Configuration > Policies.

EXAMPLE