Using Configuration Profiles and Custom Configurations

Ann MacPhail: Configuration profiles allow you to set up accounts and services on the iPhones and/or iPads you manage. SimpleMDM has over 20 standard configuration profiles you can add and then share to a device or to one or more device groups. You can also create a custom configuration profile which you’ll learn how to do in this third topic video: Using Configuration Profiles and Custom Configurations.

Start by clicking Configs in the menu. In the profiles webpage, click Add Profile. You see a dropdown list of the standard profiles you can create, which include App Restrictions, so you can add apps to show or hide on your managed iPhones or iPads. AirPlay Destination, which is the destination for your app to stream audio and video to. AirPrint Printer, which is an AirPrint compatible printer your app uses to print documents from the app. APN which stands for Access Point Name and is also called a cellular payload. This setting is sometimes used in deploying apps. Consult with your app documentation to find out if this variable is necessary for your app.

Email Account, which can be an Exchange, IMAP or pop-based email account. FileVault, which allows your app to use file vault full disk encryption, as well as growing and rotating personal recovery keys. Firmware Password, which allows you to set and change the iPhone and/or iPad firmware password for one or more devices you manage. GlobalHTTP Proxy, which is an HTTP proxy that all web traffic on the device will be forced to pass through. To use this variable, the iPhone or iPad must be supervised. Google Account, which allows the app to use your Google account for email, viewing your contacts and using your calendar. Home Screen Layout, which allows the users, iPhone or iPad, to display an icon and folder layout on the home screen and dock. The users’ iPhone or iPad must be supervised to use this variable.

Kernel Extension Policy, which allows you to white list iOS kernel extensions on iPhones and/or iPads you manage. iOS Auto Update Policy, which will cause SimpleMDM to update iOS on iPhones and/or iPads you manage on a day of the week and time interval you specify. You can only apply this policy to supervise devices. Passcode/Screensaver that specifies passcode complexity requirements and screen lock settings on your users’ iPhone and/or iPad. Privacy Preferences, which allow you to create a privacy profile for one or more devices, so you can allow or block access to apps or events on iPhones and/or iPads you manage. Restriction, which specifies a list of functions that should be disabled on the users’ iPhone or iPad. Single App Lock, which specifies the app is forced to run on the user’s iPhone or iPad at all times. Single App Lock requires that the users’ iPhone or iPad is supervised. Single Sign-On Account, which allows the users’ iPhone or iPad to use the Kerberos network protocol to sign into websites and apps.

VPN Account, VPN stands for Virtual Private Network and allows the app to access a VPN account such as L2TP, PPTP, or Cisco Systems. Wallpaper, which displays an image that appears in the background of the users’ iPhone or iPad home and/or lock screen. To use this variable, the users’ iPhone or iPad must be supervised. Web Clip, which allows you to display a shortcut app icon on the users’ iPhone or iPad home screen, so the user can access the app quickly. Web Content Filter, which is a website whitelist or blacklist to allow or block website access respectively within the Safari app. Using this value requires that the users’ iPhone or iPad is supervised. Wireless Network, which allows the app to use the Wi-Fi network to access data on the iPhone or iPad.

The Custom Configuration Profile option appears at the bottom of the list, so you can create a custom profile and distributed automatically to your device group or to an individual iPhone or iPad. For example, some common uses for custom configuration profiles in iOS include managing a firewall payload, custom VPN payloads and certificate payloads. What’s more, if your company needs an Apple Configurator feature that isn’t supported by SimpleMDM or your organization has previously built configurations and Apple Configurator, SimpleMDM allows you to import, export, had configurator features as custom configuration profiles and push them to your managed iPhones and iPads in groups of devices you specify. This video presumes that you’ve already exported the Apple Configurator features to a file that will be uploaded by SimpleMDM.

Creating a custom configuration profile is a three-step process. First, click Custom Configuration Profile at the bottom of the list. Type the name of your custom profile into the Name box. If you have an exported mobile config file from Apple Configurator available, click Browse, navigate to the appropriate file in the open window and open the file. If you have the profile code instead, open the code in a text editor such as Notepad in Windows or Notes on your Mac, then copy and paste the code into the editor box. Otherwise you will need to type the code into the mobile config box. Since we don’t deploy profiles on MacOS in this video, you can leave the deploy as a device profile instead of a user profile checkbox blank. Enable attributes support by clicking on the enable attributes support checkbox. When attributes support is enabled, SimpleMDM processes all variables in the profile you uploaded or entered into the editor box.

If you’re not sure what attributes SimpleMDM supports, move the mouse pointer over the attributes support box. The pop-up window shows the list of supported attributes. You can get a description of these attributes in the Deploying Apps and iOS Managed Apps Configurations video. When you’re done, click Save. Your new configuration appears in the Profiles webpage. You can edit the profile by clicking the profile name in the list or delete the profile by clicking Delete to the right of the profile name.

In the second step of the process, you have to create a device group and assign your custom configuration to the group. Start by clicking Devices in the menu and then clicking Groups. In the Groups webpage, click Create Group in the upper right area of the page. Within the Add Group webpage, type the group name in the Group Name box, leave the two check boxes checked so you can automatically deploy this SimpleMDM app to all group I iPhones and/or iPads and track the location of each device and the group within your SimpleMDM account. Click Save. The new group appears in the Groups webpage. Click the name of your new group in the list. In the Configurations list, click the name of the custom configuration profile you want to use to the right of the Custom Profiles entry in the list. The selected profile has a checkmark within the checkbox next to the Custom Profiles name. Scroll to the bottom of the screen, and then click Save. You returned to the top of the Group Details page, which means SimpleMDM has saved your group information. You can also confirm that SimpleMDM added your customer profile.

The third and final step in the process is to assign one or more iPhones and/or iPads you manage to the group you just created so the customer profile can be applied to those devices. Start by clicking the Devices option under the Devices header and the menu. Click the device name in the Devices list. In the Device Details webpage, click Settings. Click the Device group name and the device group box, and then select the group you just added from the dropdown list. Click Save. The screen blinks to let you know that SimpleMDM saved your changes. Click Groups in the menu, and then click the custom group name in the list. Confirm the check box to the left of the Custom Profile name is checked. Scroll down to the bottom of the screen, and then click Save. The screen blanks, and the word Saved appears at the top of the webpage. Now you can check one of your managed iPhones or iPads in your group, which may be your own to confirm that SimpleMDM has applied your custom profile.