7.1 macOS MDM Configuration Profile and Commands

Configuration Profiles

Configuration profiles are XML files consisting of payloads that will enable you to deploy configuration settings and restrictions to Mac MDM devices. These XML files are exported from Apple Configurator and each individual configuration setting, such as the Wi-Fi configuration setting, VPN configuration setting, and certificate information, are called payloads. Using an configuration profile, you can deploy these configuration settings or restrictions, which are not available in ZENWorks, to the devices. While creating an macOS MDM profile bundle, the XML file that is obtained from Apple Configurator is uploaded in ZENworks. When you assign this bundle to a device, on deployment of the macOS MDM profile bundle, the encrypted version of the profile is installed on the device, thereby restricting users from changing the setting.

Configuration Commands

A configuration command is an instruction that is sent remotely to a device to perform a specific action or configuration at a time. The configuration command is an XML file that can be created using either manually or automatically using Apple Configurator. When you upload the configuration command file to ZENworks by creating an macOS MDM bundle and assign the bundle to the device, it allows for real-time control and execution of tasks on devices.

To create a command manually,

  • Identify the specific payload types and settings you wish to include in the command. For more information on supported commands, see Commands and Queries in Apple documentation.

  • Using a text editor or an XML editor, create an XML configuration file that conforms to the structure and syntax specified in the Apple Configuration Profile Reference documentation. The XML file should include the necessary keys, values, and payload types based on the settings you want to configure. An example of the Restart Device command is as follows:

    <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict> <key>Command</key> <dict> <key>RequestType</key> <string>RestartDevice</string> </dict> <key>CommandUUID</key> <string>0001_RestartDevice</string></dict></plist>

  • Test and validate the XML file for correctness and compliance with Apple's requirements. Apple provides a Profile Manager Validation Tool, available in Xcode, to help validate the XML configuration file. Ensure that the profile is error-free and adheres to the specifications.

To automatically create a command on Apple Configuration, see the Apple Configurator User Guide.

Procedure

  1. In ZENworks Control Center, click the Bundles tab.

  2. In the Bundle list, click New, then click Bundle to display the Select Bundle Type page.

  3. Select macOS MDM Bundle, then click Next to display the Select Bundle Category page.

  4. Select the macOS Profile bundle category.

  5. Click Next to display the Define Details page, then fill in the fields:

  6. On the Define Details page, specify a name for the bundle, select the folder in which to place the bundle, then click Next.

  7. On the Select Profile Type page, select from one of the following Configuration Profile to deploye to macOS MDM device:

    • Configuration Profile: Select a Configuration Profile consisting of payloads that will enable you to deploy configuration settings and commands.

      NOTE:In ZENworks 23.3, the Provisioning Profile type is not supported when creating the macOS MDM bundle.

  8. Based on the option selected in the previous page, browse and upload a configuration profile or command on the Import Configuration Profile/Command page.

    IMPORTANT:Currently, you can configure profiles and commands only for device channels and not for user channels.

  9. Review the information, making any changes to the bundle settings by using the Back button as necessary.

  10. Click Finish to create the bundle as configured per settings.

    For information on the viewing the bundle information, see Viewing the Bundle Information.

    When you create a bundle, the bundle is listed on the Bundles page of the ZENworks Control Center. For more information on the created bundle, review the following sections:

    After the macOS bundle is created, bundle is assigned to devices, device groups, or device folders and the summary of bundle assignment and distribution is displayed on the Bundle Dashboard page. You can continue to assign this bundle to an Mac device. For more information, see Assigning Bundles.

    NOTE:For macOS MDM bundle, the user assignment is not supported.

    After enforcing the profile on the device, on your Mac device, go to System Settings > Privacy & Security > Profiles.

    The profile you have assigned from ZENworks will be available. You can double-click the profile to view the restrictions and configurations that are applied to the device.