Category filter

Configuration profile reference for macOS devices

Configuration profiles are XML files that lets you configure settings on macOS devices. These profiles can be created and deployed by administrators to enforce security policies, manage restrictions, and customize the user experience. With Hexnode UEM, you may remotely deploy configuration profiles on macOS devices. This document provides a repository of custom configuration profiles that can be valuable for Mac administrators in their workflow.

Create and deploy configuration profiles

To prepare a configuration profile, identify the specific restrictions, policies, or settings you want to apply to the devices. You can use profile creator tools like Profile Creator, Apple Configurator, iMazing, or even text editors to create the configuration profiles.

To deploy a configuration profile on a Mac using Hexnode UEM, you will need a signed or unsigned non-encrypted file which can be of the following extensions- .mobileconfig, .xml, and .plist.

Once you’ve prepared the configuration profile, follow these steps:

  1. Navigate to Policies > New Policy or existing policy > macOS.
  2. Select Deploy Custom Configuration > Configure > Choose File; you can either select a profile stored on your device or choose one that is already added to the portal. Click OK.
  3. Navigate to Policy Targets to select the Devices/Device Groups/Users/User Groups/Domains to associate the policy with. Save the policy to deploy it.
  4. To view the profile output status on the device, go to the Action History sub-tab on the device details page.

  • Ensure that your Hexnode UEM portal is running its latest version to support the deployment of signed configuration profiles.
  • While defining a profile, ensure it contains all the mandatory payload keys, including PayloadUUID, PayloadType, PayloadVersion and PayloadIdentifier, etc.
  • Binary .plist files cannot be used to deploy custom configuration profiles. You can convert the binary .plist files to normal .plist files using the terminal command: plutil -convert binary1 <name of the .plist file>.
  • Generic .plist files alone can’t be used to deploy custom configuration profiles. It is recommended to choose an appropriate payload, add profile-specific payload keys to the configuration profile, and verify them before uploading it.
  • Ensure that conflicting configurations are not deployed across the devices.

Wildcards for macOS configuration profiles

Hexnode supports the use of the following wildcards:

  • %devicename%
  • %model%
  • %serialnumber%
  • %osname%
  • %osversion%
  • %deviceid%
  • %udid%
  • %phonenumber%
  • %wifimacaddress%
  • %name%
  • %email%
  • %username%
  • %domain%
  • %netbiosname%
  • %assettag%
  • %department%
  • %devicenotes%
  • %userprincipalname%
  • %alternateemail%

In configuration profiles, wildcards are used as placeholders to represent dynamic values that can vary based on the device or user.

For example, you need to configure mail accounts for multiple users. Since each user has a unique account name, the value of the EmailAccountName key will vary for each user. In such instances, you can utilize a wildcard to represent corresponding value.

One common wildcard option is %username%. By incorporating %username% as the wildcard for the EmailAccountName field value in the configuration profile, the actual device user’s name will be substituted when the profile is deployed.

Custom configuration profiles

Serial No Configuration profile
1 Disable Screen capture
2 Disable Find My options
3 Apps notification settings
4 Add custom fonts
5 Skip Touch ID setup
6 Remove Restart button from Apple menu
7 Skip iCloud setup
8 Skip Siri setup
9 Set time server and time zone
10 Disable iCloud Drive
11 Open Safari at login
12 Manage Chrome apps and extensions
13 Disable Incognito mode
14 Install web apps
15 Remove Restart from login screen
16 Remove Shut Down option from Apple Menu
  • Configuration Profile Repository