Creating a Device Profile for macOS

This exercise explores how to modify the macOS device behavior using Profiles.

Profiles are the mechanism by which Workspace ONE UEM manages settings on a macOS device.  macOS profile management is done in two ways: device level and enrollment-user level. You can set appropriate restrictions and apply appropriate settings regardless of the logged-on user. You can also apply settings specific to the logged-on user on the device. 

All profiles are broken down into two basic sections, the General section and the Payload section.

  • The General section has information about the Profile, its name and some filters on what device will get it.
  • The Payload sections define actions to be taken on the device.

Every Profile must have all required fields in the General section properly filled out and at least one payload configured.

Device Profiles are typically used to control settings that apply system-wide.  Device profiles can include items such as VPN and Wi-Fi configurations, Global HTTP Proxy, Disk Encryption, and/or Directory (LDAP) integration.   In this exercise, we create a profile that modifies the dock for all users on the machine.

1. Close System Preferences if opened

Close System Preferences if opened

This section helps you to create a device profile which will change some system preferences in your Mac. However, to see those changes take place, you must first close any existing System Preference sessions if they are already open.

If System Preferences are opened, click X to close.

2. Add a macOS Device Profile

Add a macOS Device Profile

Return to the workstation where you are taking the Hands-on Lab. In the Workspace ONE UEM console:

  1. Select Devices.
  2. Select Profiles & Resources.
  3. Select Profiles.
  4. Select Add
  5. Select Add Profile.

3. Select Profile Platform

Select Profile Platform

Select the macOS icon.

4. Select the Profile Context

Select the Profile Context

Select the Device Profile icon.

5. Profile General Settings

Profile General Settings

Configure the device profile as follows:

  1. Select General if it is not already selected
  2. Enter macOS Device Restrictions for the profile name
  3. Select Auto for the Assignment Type
  4. Scroll down to view the Smart Groups field, and click in the search box. This will pop-up the list of created Smart Groups. Enter All Devices and select All Devices ([email protected]).

    NOTE: You DO NOT need to click Save or Save & Publish at this point.  This interface allows you to move around to different payload configuration screens before saving.

6. Select the Restrictions Payload

Select the Dock Payload
  1. Select Restrictions.
  2. Click the Configure button.

Note: When initially setting most payloads a Configure button will show to reduce the risk of accidentally setting a payload configuration.

7. Configure the Restrictions Payload

Configure the Dock Payload
  1. Select Restrict System Preference Panes
  2. Select Disable Selected Items
  3. Enable the Accessibility checkbox
  4. Enable the Desktop & Screen Saver checkbox
  5. Click Save and Publish

8. Publish the Device Profile

Click the Publish button.

9. Verify the Device Profile Now Exists

Verify the Device Profile Now Exists

You should now see your macOS Device Restrictions Device Profile within the list of the Profiles window.

Note: If you need to edit the Profile, this is where you would return in order to do so.

10. Validate Applied Profiles

Validate Applied Profiles

Return to the enrolled macOS Device:

  1. Click the Apple icon in the upper-left corner
  2. Click System Preferences.
  3. If System Preferences shows you a specific subpanel, such as Time Machine, click the back button.
  4. Note you cannot modify the settings for Desktop & Screen Saver and Accessibility as those icons are grayed-out.

Key Takeaways

  • You can use a combination of Device-level and User-level profiles for flexibility when configuring your macOS devices.
  • Profiles can be targeted against Assignment Groups for granular control.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.