Custom Payload for Mac(macOS)
  • 26 Sep 2023
  • 4 Minutes to read
  • PDF

Custom Payload for Mac(macOS)

  • PDF

Article summary

Configuration profiles streamline the process of setting up a large number of devices. Custom calendar and email settings, network settings (like WiFi and VPN settings), certificates, and device restrictions, are some of the properties you can configure using configuration profiles. Scalefusion provides IT Admins the option of deploying configuration profiles onto the devices.

By using the Custom Settings feature of a Scalefusion Mac Profile, IT Admins can use a top-notch XML editor and push a Custom Payload directly to the devices. Hence, with this, admins will now be able to add those features for Mac and iOS that are not yet offered under Scalefusion.

In this document, we will understand how to configure and push a custom settings payload to the device.

Prerequisites

  1. Understanding of Apple MDM Protocol.
  2. Ability to create XML payloads based on Profiles created using Apple Configurator 2 or as listed here.

Steps

  1. Sign In to Scalefusion and navigate to Device Profiles.
  2. Select a MacOS device profile and edit or create a new Mac profile to start adding the custom settings. Navigate to Custom Settings.
  3. Send Payload on User Channel: On Mac, certain payloads need to be applied only at the user level. To apply payload at the user level, enable this setting by toggling it ON. Otherwise, the payloads are sent to the device channel, which is then applied to all users on the device.
  4. Select Conflict Resolution Method: In case the custom payload that you upload conflicts with the rest of the settings in the Device Profile (like Wifi, Exchange settings etc.), this setting decides which one to use to resolve those conflicts. The options are,
    1. Custom Payload Wins over Device Profile Settings: The settings in custom payload are given preference over Device Profile.
    2. Device Profiles Wins over Custom Payload: The settings in Device Profile are given preference over Custom Payload.
      Select an option based on your payload, If you want to override what is being set from Device Profile, choose Option A else, choose Option B.
  5. Custom Payload: This is the actual payload editor, and you can either choose to Type In your payload or Import an XML file using the IMPORT FILESoption.
    1. Payload Editor: Here is an example of a payload for configuring the dock.
    2. Validate: Once you have entered the payload click on VALIDATE tomake sure there are no other syntactical/validation issues.
      1. ALL OK: If the entered payload is all good, a green tick is displayed on the top-right section of the editor.
      2. ERRORS: If there are errors, then a red cross is displayed on the top-right section of the editor, and the first error will be displayed below the editor,
  6. Save: Once you have made the required changes, click on SAVEto save the changes and push them to all the devices associated with this profile.
    You can push more than one payload in the same XML like Wifi and Email

Custom Properties in Custom Payload

Custom Properties, defined for devices and users, can also be used in custom payloads.

  1. Use $device.custom_property_key or $user.custom_property_key, and they will be replaced with the device or user-specific value.
  2. You can also use pre-defined keys like $user.email, $user.name, $user.contact_no, $device.imei_no, $device.serial_no, $device.id , $device.name etc.
    The properties can be used only for the Value/Data fields in the custom payload and not for the Key field.

Chrome Browser Cloud Management

Google's Chrome Browser Cloud Management (CBCM) is a service that allows centralized control over Chrome browser settings and policies on enterprise devices.

You can push Chrome browser settings to your managed Mac devices with the help of Custom Payload.

Step 1: Create the Custom Payload

Copy the XML snippet below to a text editor like Notepad++ or to any text editor.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadIdentifier</key>
    <string>org.example.profile.chrome</string>
    <key>PayloadRemovalDisallowed</key>
    <true/>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>D3E27DA6-AC75-4342-800E-EA64DBA681E3</string>
    <key>PayloadOrganization</key>
    <string>ORG NAME</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadDisplayName</key>
    <string>Chrome Configuration</string>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>PayloadType</key>
        <string>com.google.Chrome</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadIdentifier</key>
        <string>org.example.chromeconfig</string>
        <key>PayloadUUID</key>
        <string>13373056-FC4A-4BF3-894A-B6DB3D90FA58</string>
        <key>PayloadEnabled</key>
        <true/>
        <key>PayloadDisplayName</key>
        <string>Custom: (com.google.Chrome)</string>
        <key>CloudManagementEnrollmentToken</key> 
        <string>XXXXXXXXX-XXXXX-XXXX-XXXX-XXXXXXXXX</string> 
        <key>CloudManagementEnrollmentMandatory</key> 
        <false/> 
      </dict>
    </array>
  </dict>
</plist>

In the above payload, replace the XXXXXXXXX-XXXXX-XXXX-XXXX-XXXXXXXXX with the enrollment token, which you will get from your Google Workspace Admin Console.

  1. In your Google Workspace Admin Console, navigate to Devices > Chrome > Managed Browsers > click on Enroll.
  2. This will show the Token that you will need to enter in the above payload.

Step 2: Add Custom Settings to Device Profile

  1. Follow the steps shown above in the Steps section to add the custom settings to the device profile, and once the profile is updated, the configuration will be pushed to all managed devices in that profile.
  2. Once the custom payload is successfully applied, the Chrome browser will show the browser settings as set by you in your Google Workspace Admin Console. For example, if you have selected the "Disallow Incognito mode" option in the User and browser settings, then the users will not be able to open an Incognito Window in Chrome browser.
    Note:
    • Please validate these Custom Payloads on a test machine before deploying them on all your managed devices.
    • Scalefusion has tested these Custom Payloads, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these Custom Payloads.

Please contact us at support@scalefusion.com if you have any questions or need support using this feature.Apple MDM Protocol


Was this article helpful?