Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Configuration Profiles Reference

Overview

This article explains configuration profile settings that affect devices in a complex way or are unique to Jamf Pro.

Settings



Jamf Pro Versions Affected Configuration Profile Type Payload Setting Description
9.101.0 or later Computer Security & Privacy Recovery Key Encryption Method Allows you to choose whether Jamf Pro will automatically encrypt and decrypt personal (also known as "individual") FileVault recovery keys.

There are two options:

  • Automatically encrypt and decrypt recovery key (default)
    • Key decryption—Key is automatically decrypted. If you choose this option, you do not need to configure a certificate in the Certificate payload when the Enable Escrow Personal Recovery Key option is enabled.
    • Key storage—Key is stored in Jamf Pro.
    • Viewing the recovery key—When you view the personal recovery key for a computer, the decrypted recovery key is displayed.
  • Manually specify encryption key
    • Key decryption—You must manually specify the encryption key to decrypt the FileVault recovery key. Manually specifying the encryption key requires a Certificate payload (.cer) included in the configuration profile. The certificate used to encrypt the personal recovery key must be specified in the Personal Recovery Key Encryption Certificate pop-up menu.
    • Key storage—Key is not stored in Jamf Pro.
    • Viewing the recovery key—When you view the personal recovery key for a computer, the encrypted recovery key is displayed. The encrypted key file will be base64- and CMS-encoded and is accessible when viewing management information for a computer by navigating to Management tab > FileVault 2 > Get FileVault 2 Recovery Key.

9.98 or later Mobile Device Restrictions Allow connection to unmanaged Wi-Fi networks Allows you to prevent users from connecting to any Wi-Fi networks not deployed through Jamf Pro.

Warning: If left unchecked, and if at least one Wi-Fi payload is not configured on scoped devices through a configuration profile, devices may lose all network connectivity.

9.9 or later Mobile Device Home Screen Layout Page Layout Allows you to configure the content and layout for each page on the device.

Apps and web clips that are assigned to the device but are not added to the page layout are placed on the last page of the device in alphabetical order.

If a folder on the device is not added to the page layout, the apps within the folder are removed from the folder and are placed on the last page of the device. The folder is removed from the device.

9.8 or later Mobile Device Restrictions Allow installing apps using Apple Configurator and iTunes (supervised iOS 9 only)/Allow installing apps using App Store (iOS 5–8 only) This setting works differently depending on the iOS version:

  • On iOS 9 or later—Devices must be supervised. When selected, the App Store is disabled and removed from the Home screen but apps from the App Store can still be installed and updated using Apple Configurator, iTunes, or Jamf Pro. When deselected, the App Store is still disabled and apps from the App Store can only be installed or updated using Jamf Pro.

  • On iOS 5–8—Supervision not required. When selected, the App Store is enabled and displayed on the Home screen. Apps from the App Store can be installed or updated using the App Store, iTunes, or Jamf Pro. When deselected, the App Store is disabled and removed from the Home screen. Apps from the App Store cannot be installed or updated using the App Store or iTunes but can be installed or updated using Jamf Pro.

9.8 or later Mobile Device Restrictions Allow installing apps using App Store (iOS 9 only; supervised only) Works on supervised devices with iOS 9 only.

When selected, the App Store is enabled and displayed on the Home screen. Apps from the App Store can be installed or updated using the App Store, iTunes, Apple Configurator, or Jamf Pro. (This excludes automatic downloads.)

When deselected, the App Store is disabled and removed from the Home screen but apps from the App Store can still be installed and updated via Apple Configurator, iTunes, or Jamf Pro.

9.2 or later Computer FileVault Recovery Key Redirection Recovery Key Redirection Unique to Jamf Pro.

Choose how you want the recovery keys to be redirected.

9.0 or later Mobile Device
Computer
SCEP Display "Redistribute Profile" setting for this profile Unique to Jamf Pro.

Select this checkbox if you want to display the Redistribute Profile setting in the General payload.

9.0 or later Mobile Device
Computer
General Redistribute Profile Unique to Jamf Pro.

Automatically redistributes the profile when its SCEP-issued certificate is the specified number of days from expiring.

8.6 or later Mobile Device
Computer
SCEP Challenge Type Unique to Jamf Pro.

The challenge password is used as the pre-shared secret for enrollment. There are three challenge type options:

  • Static - Use the same challenge password for each computer or mobile device.

  • Dynamic - Use a unique challenge password for each computer or mobile device. This option is for non-Microsoft CAs.
    The Dynamic option requires use of the Jamf API and membership in the Jamf Developer Program. Before selecting this option, contact your Jamf account representative to learn more about the Jamf Developer Program and the additional steps you need to take to use this option.

  • Dynamic-Microsoft CA - Use a unique challenge password for each computer or mobile device. This option is for Microsoft CAs only.

Like Comment
SOLVED Posted: 8/7/17 at 2:54 PM by jasunlego

So how do you fix this if the box was unchecked and no wi-fi networks were configured? Now i have an iPad that cannot see any networks and cannot check for config changes because it is not able to see and connect to any networks.

Like