Best practise with deploying custom config filesSolved

Thanks a lot for that! If you could just show how I can create a wifi configuration profile using apple configurator as well that’d be great.

Hi @ann-christin, Glad to hear we could help out!

To configure a Wi-Fi profile using Apple Configurator, please follow along:

1. Log in to your Mac and launch Apple Configurator 2.
2. Click on File > New Profile to open a blank configuration profile.
3. The first window you see is the General settings pane. Provide the profile name and fill in the Identifier field. You can also set security permissions to allow/deny profile removal.
4. Since you need to configure a Wi-Fi profile, navigate to Wi-Fi from the payload list on the left and click Configure.
5. Now, you need to configure details such as SSID, Security type, password, and various other settings.
6. Once completed, you can sign the profile by selecting File > Sign profile. Choose the certificate from the drop-down and click OK. Please keep in mind that signing profiles lets devices know that the profile is safe to be installed.
7. If you don’t want to sign the profile, you can directly choose File > Save and name the file, select the location to save it and click Save.

Hope this answers your query.

Regards
Emma Jones
Hexnode UEM

Used config profile to set a passwrd policy. But when I checked the action history it showed 2 statuses as failed. Showing msg “Failed to apply action to the device. The profile “Password policy” may require a passcode change but the passcode cannot be modified.”

also error “Profile installation failed. The profile “Password policy Config profile” may require a passcode change but the passcode cannot be modified.”

You guys got any idea why this might be happening?

Hello @mikaela, thanks for reaching out!

You have encountered this error due to a conflict between the password policy set using Hexnode and the one configured using a custom configuration profile. In such cases, the action returns the ‘Failed’ status. Please ensure that you apply the required password policy using only one method to avoid such cases.

Quick tip: By default, if the restrictions you’ve configured using Hexnode and configuration profiles conflict with each other, the most restrictive action will be implemented.

As a best practice, use custom configuration profiles to deploy only the payloads not available in Hexnode. Furthermore, it is advised that you apply the custom configurations on a single device and verify how it works before applying them to your production environment.

Hope this answer helps you.

Cheers!
Emma Jones
Hexnode UEM

need to configure many settings via payloads in my devices. Before i do that just wanted a second opinion is it better to put all the payloads within a single profile or is it better to have only one payload per profile?
All suggestions/ideas are welcome.

Hi @mikaela personally I find putting all the payloads within a single profile saves so much time… I mostly use config profiles for applying certain device restrictions and since I don’t have to change that very often doing it all in one go is the best way to go about it.

Hey @mikaela I think it is better that you create separate profiles for diff payloads. I used to do it all in one profile like @thomas-fred mentioned but after a few months it was kinda hectic and confusing when I had to change or remove some vpn and certificates payloads. So I’d say go with one payload per profile. Definitely makes your work easier in the long run!

Hello folks, thank you all for being such an active part of our community!

To answer your query @mikaela, even though it is possible to create a single configuration profile with all your necessary payloads, it is recommended that you create distinct profiles based on functionality. This way, you can rest assured that modifications made to one configuration profile do not affect another inadvertently.

Nevertheless, if your settings rarely change, you can add them all within a single configuration profile at your convenience.

A quick tip: Device restrictions, Wi-Fi, mail, calendar, LDAP, security and privacy are settings that might not be prone to frequent changes. On the other hand, settings that may change often include Home Screen settings, VPN, certificates and Web Clips.

Try it out, and keep me posted on any updates.

Cheers!
Emma Jones
Hexnode UEM

Hey @emma-jones thanks for that! Just one quick question… since I created this config profile with payloads for mac can I also use this for iphone as well? Does it work like that or is it only specific to macs?

Hey @ann-christin, great to see you again!

The answer to your query is, unfortunately, no. When a custom configuration profile, including macOS payloads, is applied to a device that runs on a different platform, such as iOS or tvOS, the status on the Action History page of the Hexnode portal will show Success. However, only macOS devices will have the policy applied to them.

Looking forward to hearing from you again.

Cheers!
Emma Jones
Hexnode UEM