- 06 Feb 2024
- 4 Minutes to read
Mac (macOS) Device Profile
- Updated on 06 Feb 2024
- 4 Minutes to read
Device Profiles are a quick and easy way to group the common set of policies and then apply them to multiple devices. Any changes or edits to the Device Profile are applied to all the devices in that Profile without any further steps.
In Scalefusion, a minimum of one Mac (macOS) Device Profile is mandatory to manage your Mac devices. Without a Device Profile, you cannot apply any policies to the device. You can create as many Device Profiles as you want depending upon your organization structure.
Since a macOS Device Profile offers quite a lot of settings and policies, this document covers the basics of creating a profile and links to various settings in separate documents for easier understanding.
Before you Start
- Login to Scalefusion Dashboard.
- Complete the Configure APNs step.
Understanding Device vs User Policies/Profiles
Before you enroll your first device, it will be handy to understand some fundamental concepts of Mac (macOS) device management.
- A single Mac machine might be used by multiple user accounts. Typically there is one administrator account and more than one standard user account on a Mac machine. It is quite common that there is only one user account on the device, which is of type administrator.
- Additionally, these users can be locally created users or Network users.
- Apple's macOS MDM protocol divides the policies into two categories,
- Device Level Policy: These are the types of policies that are applicable at a device level and hence apply to all the users of that machine.
- User Level Policy: These are the types of policies that are applicable to the users and can be selectively applied to the users of the machine.
- Scalefusion currently supports single-user management. What this means is that Scalefusion installs the Device Level policies for all the users of the machine, however, the user level policies are installed ONLY for the user from where the enrollment was done. For example, consider that you have a Mac device with two users, John Doe and Jane Doe. If the enrollment was done using a John Doe user, then the user policies are applied only when the user John Doe signs in to the computer. The device-level policies are, however, applied to both users.
- The following table details the device-level policies vs the user-level policies.
Device Level Policies (applicable to all users) User Level Policies (applicable ONLY to the enrolled users)
- All Restriction settings in Device Profile
- Parental Controls
- Wifi Configurations
- Security & Privacy
- Web Content Filtering aka Allowed Websites
- Exchange & Email Settings
- Passcode Policy
- Web-Clips aka Web shortcuts.
Creating a macOS Device Profile
- Navigate to Device Profile & Policies > Device Profiles section.
- Click on CREATE NEW PROFILE to launch the profile creator dialog.
- Select the macOS tab. Enter a name for the Profile and click on SUBMIT.
- The Profile Creator wizard will be shown. The Profile creation is divided into the following sections:
- Restrictions: Allows you to configure various restrictions on the device usage.
- Content Filtering: Allows you to set the Web Content Filtering options and allow websites.
- Branding: Lists the brands created for macOS and allows you to select a brand to be applied on device(s)
- Exchange & Email: Allows you to push Exchange & Email settings.
- Directory Settings: Select Active Directory and LDAP settings that will be configured on the device.
- Network Settings: Allows you to remotely push Wi-Fi configurations on the managed device.
- Passcode Settings: You can set the passcode policy inside the device profiles. This provides the flexibility for the IT admins to define passcode policy of different complexities to devices in different profiles. To configure, Toggle on the button Override Global Password Policy, only then the passcode settings become configurable. The policy created here will override the global passcode settings and will be applied to the devices of this macOS profile.
- Security & Privacy: Use this section to configure the various security and privacy settings options.
- Parental Controls: Allows you to set Time limits on the managed Mac device usage.
- Certificate Settings: Use this section to install certificates on your managed devices.
- Filevault: Use these settings to configure FileVault and enforce Full Disk Encryption on managed macOS devices. FileVault works best with macOS 10.13 & above.
- OS Update Settings: Enforce update policy or let user configure on their own.
- Custom Settings: Lets you build your own policy using the Apple MDM Protocol and add the settings that are not built in Scalefusion. Please refer to Apple Device Management to understand the various payloads and their support.You can also build your policies.
- Once you have set the various policies, click on the SAVE button.
- Once a Device Profile is saved, it will be listed in the Device Profile section as shown below.Once a Device Profile is created, it can be used to create Enrollment Configurations or to assign it to a Device Group.
Applying a Device Profile to a Mac Device or Device Group
A Device Profile can be applied to one or multiple devices or Device Groups. Any changes in the device profile are automatically applied to all the devices in that profile or the device group. Follow the steps below to Apply it a device or a group,
- Navigate to Device Profiles & Policies > Device Profile and click on the device Profile.
- Click on APPLY button on the right-hand side.
- In the Apply Profile window, you would see the Device Groups without a Mac Profile and Devices without a Mac Profile. Select either the Device Groups or User Groups or Devices tab and click APPLY. ￼
Switching the Device Profile on a Mac Device
The easiest way to switch Device Profiles on the Mac Devices is to create Device Groups and change the Device Profile on the group. However, If you have Mac devices that are not part of a device group and you want to switch the Device Profiles then please follow the steps below,
- Navigate to Device Management > Device Profile section. Select the Device Profile that is currently applied to the device.
- From the action panel on the right side, click on Delete icon and select Remove devices.
- Select the device that you want to switch the profile and click on REMOVE.
- Now refer to Applying a Device Profile to a Mac Device or Device Group section to apply the new Profile.