MacOS 11 "Big Sur" is now preventing prevents automatic installation of profiles using the command line . Introduced "profiles" command. This was introduced for security reasons (to prevent malware from installing silently profiles which could damage the device installation), this has an impact on how profiles must be installed with FileWave.
- the MDM protocol does not allow to "take ownership" of a profile ; in other words, there is no way to manage, via MDM, a profile already installed via profiles command line
- managing such a profile from MDM requires to remove the removal of the profile using command line before installing it via MDM
- removing Network, Certificate or any profile required to setup communication with FileWave server may break MDM management and require manual interaction to fix the issue
Therefore, FileWave keeps track of the method of installation mode and keeps managing via the profiles command line a profile which has been installed via the command linethat way initially.
But, MacOS Big Sur is now making makes profiles -I command ineffective ; as FileWave removes and reinstall then reinstalls profiles when upgrading them, this can lead to profile removal.
Starting with FileWave 14.0.2, upgrading (command line) profiles on macOS Big Sur using the fwcld agent will be disabled, so profiles will not be removed accidentally. The next steps will be:
- ensure your device is MDM enrolled (DEP or User Approved)
- for any profile installed via command line, you need to remove the association so FileWave removes the profile via command line
- re-associate the profile, so FileWave now installs the profile via MDM
Removing profile(s) may disconnect your device from your network ; proceed carefully. It may be required to deploy another profile which will allow the device to stay connected during the process.