[Emma Hexnode 14 March 2022 Emma Moderator]

Hello @ann-christin, thank you for reaching out to us!

Hexnode UEM provides many policies that can be specified and associated with your devices. However, with Custom Configuration profiles, you can configure specific settings, enforce restrictions and set up preferences for managed Apple devices even outside the scope of what we currently support.

To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors. Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across iOS/iPadOS, macOS and tvOS devices. You can view the deployed configuration profiles at the Profiles section in Device Settings.

While creating profiles, you can use dynamic variables (Wildcards supported by hexnode) for commonly used device and user fields instead of entering them manually. Dynamic variables automatically fetch the requisite information from the enrollment details when the configuration profile is sent to devices or assigned to a user.

Use Apple’s Configuration profile documentation to see what payloads you may include in a configuration profile. You can also check out the profile reference documentation maintained by the MacAdmins community for reference and generic profile templates.

Once you’ve created the profiles, log in to the Hexnode portal and follow the below steps to distribute them to the devices.

1. Start by going to Policies and navigating to Deploy Custom Configuration under Configurations within the macOS tab.
2. Now select Configure and Choose File to select a configuration profile from your device by clicking Upload. If the file has already been added to the Hexnode console, you can select it directly.
3. Click OK.
4. Finally, navigate to Policy Targets and associate devices/device groups/users/user groups/domains to the policy and click OK.
5. Save the policy.

Check out deploying custom configuration profiles to macOS devices for further information.

Hope this answer suits your requirements.

Cheers!
Emma Jones
Hexnode UEM

[Ann-Christin Participant 14 March 2022 Ann-Christin Participant]

Thanks a lot for that! If you could just show how I can create a wifi configuration profile using apple configurator as well that’d be great.

[Emma Hexnode 14 March 2022 Emma Moderator]

Hi @ann-christin, Glad to hear we could help out!

To configure a Wi-Fi profile using Apple Configurator, please follow along:

1. Log in to your Mac and launch Apple Configurator 2.
2. Click on File > New Profile to open a blank configuration profile.
3. The first window you see is the General settings pane. Provide the profile name and fill in the Identifier field. You can also set security permissions to allow/deny profile removal.
4. Since you need to configure a Wi-Fi profile, navigate to Wi-Fi from the payload list on the left and click Configure.
5. Now, you need to configure details such as SSID, Security type, password, and various other settings.
6. Once completed, you can sign the profile by selecting File > Sign profile. Choose the certificate from the drop-down and click OK. Please keep in mind that signing profiles lets devices know that the profile is safe to be installed.
7. If you don’t want to sign the profile, you can directly choose File > Save and name the file, select the location to save it and click Save.

Hope this answers your query.

Regards
Emma Jones
Hexnode UEM

[Mikaela Participant 14 March 2022 Mikaela Participant]

Used config profile to set a passwrd policy. But when I checked the action history it showed 2 statuses as failed. Showing msg “Failed to apply action to the device. The profile “Password policy” may require a passcode change but the passcode cannot be modified.”

also error “Profile installation failed. The profile “Password policy Config profile” may require a passcode change but the passcode cannot be modified.”

You guys got any idea why this might be happening?

[Emma Hexnode 14 March 2022 Emma Moderator]

Hello @mikaela, thanks for reaching out!

You have encountered this error due to a conflict between the password policy set using Hexnode and the one configured using a custom configuration profile. In such cases, the action returns the ‘Failed’ status. Please ensure that you apply the required password policy using only one method to avoid such cases.

Quick tip: By default, if the restrictions you’ve configured using Hexnode and configuration profiles conflict with each other, the most restrictive action will be implemented.

As a best practice, use custom configuration profiles to deploy only the payloads not available in Hexnode. Furthermore, it is advised that you apply the custom configurations on a single device and verify how it works before applying them to your production environment.

Hope this answer helps you.

Cheers!
Emma Jones
Hexnode UEM

[thomas Participant 15 March 2022 thomas Participant]

need to configure many settings via payloads in my devices. Before i do that just wanted a second opinion is it better to put all the payloads within a single profile or is it better to have only one payload per profile?
All suggestions/ideas are welcome.

[Martin Participant 15 March 2022 Martin Participant]

Hi @mikaela personally I find putting all the payloads within a single profile saves so much time… I mostly use config profiles for applying certain device restrictions and since I don’t have to change that very often doing it all in one go is the best way to go about it.

[Kenneth Participant 15 March 2022 Kenneth Participant]

Hey @mikaela I think it is better that you create separate profiles for diff payloads. I used to do it all in one profile like @thomas-fred mentioned but after a few months it was kinda hectic and confusing when I had to change or remove some vpn and certificates payloads. So I’d say go with one payload per profile. Definitely makes your work easier in the long run!

[Emma Hexnode 15 March 2022 Emma Moderator]

Hello folks, thank you all for being such an active part of our community!

To answer your query @mikaela, even though it is possible to create a single configuration profile with all your necessary payloads, it is recommended that you create distinct profiles based on functionality. This way, you can rest assured that modifications made to one configuration profile do not affect another inadvertently.

Nevertheless, if your settings rarely change, you can add them all within a single configuration profile at your convenience.

A quick tip: Device restrictions, Wi-Fi, mail, calendar, LDAP, security and privacy are settings that might not be prone to frequent changes. On the other hand, settings that may change often include Home Screen settings, VPN, certificates and Web Clips.

Try it out, and keep me posted on any updates.

Cheers!
Emma Jones
Hexnode UEM

[Ann-Christin Participant 15 March 2022 Ann-Christin Participant]

Hey @emma-jones thanks for that! Just one quick question… since I created this config profile with payloads for mac can I also use this for iphone as well? Does it work like that or is it only specific to macs?

[Emma Hexnode 15 March 2022 Emma Moderator]

Hey @ann-christin, great to see you again!

The answer to your query is, unfortunately, no. When a custom configuration profile, including macOS payloads, is applied to a device that runs on a different platform, such as iOS or tvOS, the status on the Action History page of the Hexnode portal will show Success. However, only macOS devices will have the policy applied to them.

Looking forward to hearing from you again.

Cheers!
Emma Jones
Hexnode UEM