Configurations allow an administrator to set up accounts, services, and other functionalities on devices. Some configurations can be shared between device groups, some are linked to just one device group, and others are created as accounts for individual devices.
Available Profiles
SimpleMDM supports many configurations, including:
| Configuration Name | Allows you to define... |
|---|---|
| Accessibility | settings that would typically be found under System Settings > Accessibility on macOS. |
| App Restrictions | an app allow list or block list to hide undesired apps from iOS. Requires supervision. |
| AirPlay Destination | an available destination to stream audio and video to. |
| AirPrint Printer | an AirPrint-compatible printer for devices to utilize. |
| APN | an Access Point Name. This is also called a Cellular payload. Sometimes used in advanced deployments. |
| Background Tasks | a declarative configuration for macOS background tasks such as executables, scripts, and launchd configuration files. |
| CalDAV | a WebDAV or CalDAV calendar account. |
| CardDAV | a WebDAV or CardDAV contacts account. |
| Certificates | deploy custom certificates to devices. |
| an Exchange, IMAP, or POP-based email account. | |
| Extensible Single Sign On Kerberos | settings to configure SSO for apps and websites via Kerberos. |
| Extensible Single Sign On | settings to configure SSO for apps and websites for identity providers that support the extension. |
| FileVault | requirements around using Filevault full disk encryption. Also supports escrowing and rotating personal recovery keys. |
| Firewall | Firewall settings on macOS devices. |
| Firmware Password | Firmware password settings and saves password to SimpleMDM. |
| Gatekeeper Policy | settings for Gatekeeper (as found under System Settings > Privacy & Security on macOS). |
| Global HTTP Proxy | an HTTP proxy that all web traffic on the device will be forced to pass through. Requires supervision. |
| Google Account | a Google account to use for email, contacts, and calendaring. |
| Home Screen Layout | an icon and folder layout on the iOS home screen and dock. Requires supervision. |
| Kernel Extension Policy | approvals for specific kernel extensions on macOS. |
| LDAP | an LDAP account, typically used to populate Contacts in iOS. |
| Login and Background Item Management | settings for Login Items (as found under System Settings > Login Items on macOS). |
| Loginwindow | controls for the login window screen on macOS. |
| Notification Settings | notification preferences for applications. |
| Managed Software Updates | a declarative configuration to schedule & enforce OS software updates. |
| Passcode Policy | complexity requirements for passcodes on iOS and macOS, as well as screen lock settings. |
| Printing | configurations for printers on macOS. |
| Privacy Preferences | accessibility permissions for specific applications on macOS. |
| Recovery Lock Password | settings to enable a Recovery Lock password on macOS. |
| Restriction | a list of iOS functionalities that should be disabled. |
| Safari Extension Settings | a declarative configuration for configuring Safari Extensions. |
| Service Configuration Files | a declarative configuration for managing service configuration files. |
| Single App Lock | an app that is forced to run at all times on a device. Requires supervision. |
| Single Sign-On Account | a Kerberos account to be used to sign into websites and apps. |
| Software Update Policy for iOS | settings to automatically download/install iOS and tvOS updates. Requires supervision. |
| Software Update Policy for macOS | settings to configure Software Update preferences and automatically download/install macOS updates. |
| Software Update Settings | a declarative configuration that configures Software Update pane options under System Settings. |
| Subscribed Calendar | a calendar subscription. These appear in the device's calendar list. |
| System Extensions Policy | settings to allow specific System Extensions to automatically load on macOS. |
| VPN | a VPN account, such as L2TP, PPTP, Cisco, or other popular technologies. |
| Wallpaper | an image to appear in the background of the home and/or lock screen. Requires supervision. |
| Web Clip | an icon on the home screen that acts as a shortcut to a website. |
| Web Content Filter | a website whitelist or blacklist to control web access in the Safari app. Requires supervision. |
| Wireless Network | a WiFi network that the device can access. |
This is not intended to be a comprehensive list. Refer to the SimpleMDM interface for the latest capabilities.
Custom Configuration Profiles
Sometimes an organization needs a feature available in Apple Configurator that isn't supported by SimpleMDM. Or, an organization may have previously built configurations in Apple Configurator that they are not ready to rebuild in SimpleMDM. In these cases, SimpleMDM allows configurations that have been exported by Apple Configurator to be uploaded and distributed to enrolled devices.
To upload a custom configuration to SimpleMDM, follow the instructions below for creating a configuration and choose "Custom Configuration Profile" as the configuration type.
Creating Profiles
Most configurations require first creating a shared configuration profile and then assigning it to device groups. To create a shared configuration profile:
- Click Profiles under Configs in the left-side menu.
- Click "Create Profile"
- Click the type of profile you want to create (for example, "App Restrictions").
- Configure the profile settings as needed.
Once you have created the profile, it will be available for assignment via the "Profiles" tab on both the Group Details page and the Device Details page.
Assigning Configuration Profiles to Devices via Groups
Groups are the primary mechanism for automating the assignment of profiles to devices. When a device joins a group, it automatically inherits the profiles assigned to that group. This article covers managing profile assignments with groups in-depth: Groups - Managing Profile Assignments.
Creating and Assigning Accounts & Device-Specific Profiles
Profiles can also be assigned directly to devices instead of groups. To assign a profile directly to a device:
- Click "Devices" on the left hand side of the screen.
- Click on the name of the device you want to assign a profile to.
- Click the "Profiles" tab.
- Click the "Assign Profile" button in the upper right hand side of the screen.
- To assign a profile that has already been created, click "Assign" next to the profile name. Repeat these steps to add additional profiles to the device.
- To create a new profile, click "Create Profile".
- If you clicked "Create Profile", select the profile type you'd like to create, fill out the settings, then click "Save". When you click "Save", the configuration is automatically pushed to the device.
Viewing and Troubleshooting Profiles Assigned to a Device
To view the profiles assigned to a device:
- Navigate to the Devices list and click the device.
- Click the "Profiles" tab.
This tab will display a list of profile names assigned to the device, along with the following information:
- Type: the profile type.
- Assigned Via: where the profile is assigned - this will either be: "Direct" if assigned directly to the individual device, or will display the Device Group or Assignment Group name that is being used to assign the profile to the device.
-
Status: the status of the profile installation. Possible statuses:
- "Up to date": the profile is installed with no pending changes.
- "Pending": means it is installed but there are changes pending.
- "Unknown": means that it is not actually a profile but a command, therefore there is not installation status.
- Yellow warning symbol: indicates that there is an error - hover over the symbol to receive more information. Some examples of common errors are:
- "This profile conflicts with another profile assigned to this device and will not be installed."
- "This type of profile is not compatible with this device."
