JumpCloud policies can help you customize, manage, and secure macOS or iOS devices that are enrolled in MDM. If you need a policy that isn’t available as a ready-to-use policy in the JumpCloud Admin Portal, you can create an MDM custom configuration profile policy to help you distribute payloads and policies to devices.
A custom configuration profile is an XML file with an extension of .mobileconfig. You can use GUI tools like Apple Configurator 2 or iMazing Profile Editor, or a manual tool like Apple’s Configuration Profile Reference to create the custom configuration profile. To see available payloads you can include in a configuration profile, use the Profile Reference Documentation maintained by the MacAdmins community.
Prerequisites
- MDM is configured for your organization. For more information, see Manage Apple Devices with MDM.
- Your devices are enrolled in MDM.
Considerations
- The custom MDM configuration profile is automatically installed to all users on a device. JumpCloud signs the custom configuration profiles that are uploaded to the policy and modifies the following attributes within the profile:
- PayloadIdentifier
- PayloadUUID
- PayloadRemovalDisallowed
- MacOS devices with M1 chips require additional considerations if you are deploying kernel extensions as part of a custom MDM profile .mobileconfig payload. See Apple’s Documentation and consider using system extensions instead.
To create a macOS or iOS MDM Custom Configuration Profile policy
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Policy Management.
- In the All tab, click (+).
- On the New Policy panel, select the Mac or iOS tab.
- Select MDM Custom Configuration Profile from the list, then click configure.
- (Optional) Edit the Policy Name to enter a new name for the custom configuration profile policy or keep the default.
- Under Settings, click upload file.
- Select the
.mobileconfig
file you want to upload and click Open.
The .mobileconfig
file lets you upload and distribute MDM custom configuration profiles to macOS or iOS devices that are enrolled in JumpCloud MDM.
- (Optional) Select the Device Groups tab, then select one or more device groups on which to apply the policy.
- (Optional) Select the Devices tab, then select one or more devices on which to apply the policy.
- Click save.