You can deploy either an iOS Configuration Profile or Provisioning Profile using the iOS/iPadOS Profile bundle.
iOS/iPadOS Profiles
iOS/iPadOS profiles are XML files consisting of payloads that will enable you to deploy configuration settings and restrictions to iOS/iPadOS devices. These XML files are exported from Apple Configurator and each individual configuration setting, such as the Wi-Fi configuration setting, VPN configuration setting, and certificate information, are called payloads. Using an iOS/iPadOS profile, you can deploy these configuration settings or restrictions, which are not available in ZENWorks, to the devices. While creating an iOS/iPadOS profile bundle, the XML file that is obtained from Apple Configurator is uploaded in ZENworks. When you assign this bundle to a device, on deployment of the iOS/iPadOS profile bundle, the encrypted version of the profile is installed on the device, thereby restricting users from changing the setting.
NOTE:If you deploy an iOS/iPadOS configuration profile with a specific setting and if the same setting is applied using ZENworks but with conflicting values, then the setting that is applied will be based on the device’s operating system rules. For example, if you have uploaded a configuration profile that disables the device camera and if the device camera is enabled in the assigned Mobile Device Control Policy, then the setting that is applied will be based on the precedence set by iOS/iPadOS. To avoid such discrepancies, it is advisable that you apply a specific setting either through an iOS/iPadOS profile or through another feature in ZENworks.
iOS/iPadOS Commands
iOS/iPadOS command is an instruction that is sent remotely to a device to perform a specific action or configuration at a time. The iOS/iPadOS command is an XML file that can be created using either manually or automatically using Apple Configurator. When you upload the iOS/iPadOS command file to ZENworks by creating an iOS/iPadOS bundle and assign the bundle to the device, it allows for real-time control and execution of tasks on devices.
To create a command manually,
Identify the specific payload types and settings you wish to include in the command. For more information on supported commands, see https://developer.apple.com/documentation/devicemanagement/commands_and_queries?language=objc
Using a text editor or an XML editor, create an XML configuration file that conforms to the structure and syntax specified in the Apple Configuration Profile Reference documentation. The XML file should include the necessary keys, values, and payload types based on the settings you want to configure. An example of the Restart Device command is as follows:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict> <key>Command</key> <dict> <key>RequestType</key> <string>RestartDevice</string> </dict> <key>CommandUUID</key> <string>0001_RestartDevice</string></dict></plist>
Test and validate the XML file for correctness and compliance with Apple's requirements. Apple provides a Profile Manager Validation Tool, available in Xcode, to help validate the XML configuration file. Ensure that the profile is error-free and adheres to the specifications.
To automatically create a command on Apple Configuration, see the Apple Configurator User Guide.
A provisioning profile authorizes developers and devices to install apps meant for iOS or iPad devices. It is required to install and run an enterprise or a developer app on a managed iOS or iPad device.
Apple generates development certificates that expire within three years. However, the provisioning profiles for the applications made with the development certificates expire in one year. A notification is sent to the app developer before the expiry of the profile. As users will not be able to run apps with an expired provisioning profile, you need to ensure that the provisioning profile is renewed before it is due for expiry. ZENworks gives you a provision to renew the profile using the iOS/iPadOS Profile bundle. This ensures that the apps continue to work without the users having to re-install them.
For more information on deploying a provisioning profile to managed devices, see Procedure.
To upload an iOS Configuration Profile or command, an XML file with the configuration settings should be exported from Apple Configurator. For more information on creating and importing iOS profiles or commands, refer to the Apple Configurator documentation.
To renew an iOS Provisioning Profile that is due to expire, you need to modify the .mobileprovision file with an updated certificate and expiration date and obtain it from the iOS Developer Enterprise Program. If you distribute a new profile, then the apps that are already deployed on devices will not receive any updates. You also need to ensure that the same credentials as those of the embedded profile are used for generating the modified provisioning profile. For more information on updating a provisioning profile, see the Apple Documentation.
On the Getting Started with Mobile Management page, navigate to the Deploy Mobile Applications section and click Create Bundles. Alternatively, from the left hand side navigation pane of ZCC, click Bundles > New > Bundle.
On the Select Bundle Type page, click iOS/iPadOS Bundle.
On the Select Bundle Category page, click iOS/iPadOS Profile.
On the Define Details page, specify a name for the bundle, select the folder in which to place the bundle, then click Next.
On the Select Profile Type page, select the iOS Profile category that you want to upload.
Based on the option selected in the previous page, browse and upload a configuration profile/command or a provisioning profile. Ensure that you read the Prerequisites section before uploading either of the two profiles.
Click Create Sandbox, if you want to create a Sandbox only version of the bundle.
Click Define Additional Properties if you want to view the summary of the bundle or want to navigate to the Details tab.
NOTE:You can view or download the uploaded configuration or provisioning profile by navigating to the Details tab. This tab also lets you edit the upload configuration profile. However, you cannot edit the uploaded provisioning profile. For more information on editing the configuration profile, see Editing a Configuration Profile
Click Finish to complete the activity.
You can continue to assign this bundle to an iOS or iPadOS device. For more information, see Assigning Bundles.
If you delete an iOS/iPadOS Profile bundle, as soon as the device syncs with the server, the profile is removed from the device.
To edit the configuration profile file that you uploaded, you can either select Define Additional Properties while creating the bundle or navigate to Bundles > <click the iOS profile bundle> > Details. Click Download, update the profile and upload it in the same bundle. For the modified or the new setting to take effect on all the devices, you need to republish the bundle. On republishing the bundle, the existing profile installed on the device is overwritten with the modified or new setting.