Profiles are the future of Apple device management. But so many questions still surround them. What types of profiles are there, and when do you use each of them? Are they scoped to a user or a device? How do you create profiles on the JSS and make them available on client systems? In today’s session, Teri Grossheim and Daniel Mintz were on hand to answer these and many more questions surrounding profiles.
The session began with Teri providing a brief history of profiles with Apple technology. Back in 2001, OS X offered a common method for managing settings using the defaults command. A year later, Workgroup Manager introduced managed preferences, known as MCX. This offered admins the tools to centrally manage settings over the network. With the introduction of iPhone in 2007, configuration profiles were added to the IT admin’s tool belt—although at first limited to iPhone Configuration Utility over USB. In 2011, configuration profiles were normalized across both macOS and iOS and MDM (like Jamf Pro) became the preferred method for management.
A configuration profile, at its simplest, is a collection (or payload) of keys and values. The keys define system settings like password policies, network configuration and restrictions. They can also define user-centric settings like email accounts. With each release of iOS and macOS, configuration profiles gain additional payloads as new features are added to the OS. Most recently, we saw new settings for Firewall management, iCloud settings, and Apple Watch unlock added to macOS Sierra.
Daniel offered sage advice for the audience, based on his experience as a Jamf Pro Services Engineer: “Less is more.” To drive home the point, he shared an anecdote from one of his first JumpStarts. The IT admin he met with was very Windows-centric. He asked Daniel for guidance on applying restrictions on the Mac. “I want to lock them down and make them look like PCs”. As you might guess, this was not well received by the users with locked-down Macs. The lesson is clear: preserve the Mac user experience and don't manage more settings than absolutely required.
When it comes to deploying profiles, Daniel covered the common routes: profiles can be installed locally on a Mac or iOS device; they can be deploying using Apple’s Profile Manager, or they can be deployed using MDM like Jamf Pro. While building and testing profiles, admins should be familiar with the /usr/bin/profiles command using Terminal.
Teri rounded out the session with a review of another type of profile: provisioning profiles for in-house app deployment. These are created through the Apple Developer Program and required for iOS app deployments outside the App Store.
Whether you're new to configuration profiles or an old hand with MCX, this session offers a great review of the technology and considerations to future-proof your Apple management scheme.
Check back soon for a full video recording!