Add Profile

What

Profiles allow you to control settings, features, and capabilities for Apple devices; iOS, macOS, iPadOS, TvOS

When/Why

Devices may need profiles for initial configuration (like to allow them to join a network), in reaction to a request (like please disable the camera on the devices), or to configure settings at anytime.

How

Selecting the plus () in the top right will open a the profile editor for a new profile.

Basic Profile Properties

Every configuration profile has a few required properties, regardless of the profile type. Every time we create a profile we must specify these basic properties before we can save the profile. At minimum, we must set a profile name and add at least one payload (configuration) to the profile.

How

The three most common elements to set (or change from the default value) are highlighted below:

In order, those elements are:

Name: Must be unique, should be descriptive, and can not be left blank
Security: Specifies when this profile can be removed by the user
Installation scope: Defines whether the profile installs for the system, or for the user of the device

The highlighted warning above is reminding us that we have to add at least one payload to the profile before we can save it.

Navigating an Apple Profile

Configuration profiles aren't hard. In fact they are quite simple generally. Finding the right setting can be bothersome though, so FileWave provides some user interface options to make this easier. We'll use filtering and search options in the profile editor to help us narrow down our search for payload items.

How

Let's assume that we want to set the wallpaper for an iOS device. We can narrow down the options first by specifying the platform for our setting in the upper left (iOS in this case):

Once the platform is set, the list of profile categories becomes smaller (but still long). If we know specifically what version of iOS a setting is for, then we can specify that to further refine the list. (Not used frequently)

But, with our filter in place above, we can also search for "wallpaper" to further refine the payloads. Notice that when we enter the search term below, the payloads refine to just two sections, and in that section "wallpaper" is highlighted as well:

Setting Profile Payloads

The intended result of the creation of a configuration profile is always to make some change to configuration of endpoints. What those changes are, and how they are made differs profile by profile.

Profiles tend to fall into two categories:

Stuff we've done before
New stuff we haven't touched before

The first is no trouble, because we know what we are doing. For instance, after we have already created a wi-fi config profile for 41 of our 42 locations, the 42nd one isn't going to be too much trouble.

But, what if we have something new to do that we haven't done before? There are two answers to this:

Experiment and test (no better teacher than experience with a device in hand)
Read the documentation (yes, seriously):
1. https://support.apple.com/guide/mdm/welcome/web#/mdmf0ec4d860
2. FileWave (nor any other MDM provider) defines what the elements in profiles are or what they mean. The above reference explains them all
3. For third-party settings, reference the Vendor's documentation

How

Defining MDM elements is out of scope for our Knowledge Base, but we can give best-practice guidance on building and testing profiles:

Build profiles (especially restrictions) as small as possible...do not intermix settings if at all possible
- This prevents having to split profiles later when you have the inevitable exceptions to deal with
Test, test, and then test again against a device in your hands
Never create and deploy a profile to production without testing
Be especially careful with edits to already assigned profiles (especially wi-fi or anything else where a mistake could cause catastrophic consequences)

Here is a simple example of setting a Wallpaper and preventing it from being changed (notice two payloads, but related):

Column Searching Criteria

Columns Adding and Removing (Customizing)

Columns Pinning

Columns Sorting & Moving

Create Deployment

Deployment Targets

Deployment Payloads

Deployment Options

Deployment Summary

Deployment Drafts

Deployments Targeting LDAP Groups

View - Devices Overview

Basic Filtering

Adding Devices

Upload Devices and/or Data

Group Navigation (Devices View)

Individual Device View

Tree / List View Toggle

Working with Groups and Smart Groups

Device Actions Overview

Clear Activation Lock

Clear Passcode

Clear Restrictions Passcode

Copy to Group

Edit Device Fields

Lock Device

Move to Group

Performing Actions on Multiple Devices

Remove from Group

Remove from System

Rename

Restart (Windows)

Send Verify Command

NAT Support for Client Monitor/Verify

Set Tracking Mode

Wipe Device

Windows MDM Wipe Command

View - Imaging Overview

Imaging Association Deletion, Enable and Disable

Imaging Association Properties

Create Imaging Association

View - Licenses Overview

About Profiles / Policies

Add Profile

Editing Payloads / Payload Properties

FileWave Anywhere Payload Script Editor

Payload Actions (Move/Remove)

Payload Groups

Upload Profile

MSI & PKG Payloads

View - Reports Overview

Report Creation/Editing

Fields in Reports (Preview)

Report Condition Groups

Report Conditions

Report Groups

Viewing Reports

View - Software Updates Overview

Software Update Detail View

Software Updates: Deploying to Groups

Software Updates: Rollout Plans

Apple General Settings (APN)

DEP Accounts (Tokens)

DEP Profile Workflows

DEP Profiles

VPP Tokens

Add Profile

What

When/Why

How

Basic Profile Properties

How

Navigating an Apple Profile

How

Setting Profile Payloads

How

No Comments