Creating a Device Profile for macOS
This exercise explores how to modify the macOS device behavior using Profiles.
Profiles are the mechanism by which Workspace ONE UEM manages settings on a macOS device. macOS profile management is done in two ways: device level and enrollment-user level. You can set appropriate restrictions and apply appropriate settings regardless of the logged-on user. You can also apply settings specific to the logged-on user on the device.
All profiles are broken down into two basic sections, the General section and the Payload section.
- The General section has information about the Profile, its name and some filters on what device will get it.
- The Payload sections define actions to be taken on the device.
Every Profile must have all required fields in the General section properly filled out and at least one payload configured.
Device Profiles are typically used to control settings that apply system-wide. Device profiles can include items such as VPN and Wi-Fi configurations, Global HTTP Proxy, Disk Encryption, and/or Directory (LDAP) integration. In this exercise, we create a profile that modifies the dock for all users on the machine.
1. Close System Preferences if opened
This section helps you to create a device profile which will change some system preferences in your Mac. However, to see those changes take place, you must first close any existing System Preference sessions if they are already open.
If System Preferences are opened, click X to close.
2. Add a macOS Device Profile
Return to the workstation where you are taking the Hands-on Lab. In the Workspace ONE UEM console:
- Select Devices.
- Select Profiles & Resources.
- Select Profiles.
- Select Add
- Select Add Profile.
3. Select Profile Platform
Select the macOS icon.
4. Select the Profile Context
Select the Device Profile icon.
5. Profile General Settings
Configure the device profile as follows:
- Select General if it is not already selected
macOS Device Restrictionsfor the profile name
- Select Auto for the Assignment Type
- Scroll down to view the Smart Groups field, and click in the search box. This will pop-up the list of created Smart Groups. Enter
All Devicesand select All Devices ([email protected]).
NOTE: You DO NOT need to click Save or Save & Publish at this point. This interface allows you to move around to different payload configuration screens before saving.
6. Select the Restrictions Payload
- Select Restrictions.
- Click the Configure button.
Note: When initially setting most payloads a Configure button will show to reduce the risk of accidentally setting a payload configuration.
7. Configure the Restrictions Payload
- Select Restrict System Preference Panes
- Select Disable Selected Items
- Enable the Accessibility checkbox
- Enable the Desktop & Screen Saver checkbox
- Click Save and Publish
9. Verify the Device Profile Now Exists
You should now see your macOS Device Restrictions Device Profile within the list of the Profiles window.
Note: If you need to edit the Profile, this is where you would return in order to do so.
10. Validate Applied Profiles
Return to the enrolled macOS Device:
- Click the Apple icon in the upper-left corner
- Click System Preferences.
- If System Preferences shows you a specific subpanel, such as Time Machine, click the back button.
- Note you cannot modify the settings for Desktop & Screen Saver and Accessibility as those icons are grayed-out.
- You can use a combination of Device-level and User-level profiles for flexibility when configuring your macOS devices.
- Profiles can be targeted against Assignment Groups for granular control.