Computer Configuration Profiles

Configuration profiles are XML files (.mobileconfig) that provide an easy way to define settings and restrictions for devices, computers, and users.

You can use Jamf Pro to create a configuration profile or you can upload a configuration profile that was created using third-party software, for example, Apple's Profile Manager or Apple Configurator.

Before creating a configuration profile, you should have basic knowledge of configuration profile payloads and settings. For more information, see the following Apple documentation:

Some configuration profile payloads and settings available in Jamf Pro may differ from their implementation in Apple’s tools. For more information on these settings, see the Configuration Profile Payload Settings Specific to Jamf Pro article.

When you create a computer configuration profile, you must specify the level at which to apply the profile—computer level or user level. Each level has a unique set of payloads and a few that are common to both.

There are two different ways to distribute a configuration profile: install it automatically (requires no interaction from the user) or make it available in Self Service. You can also specify the computers and users to which the profile should be applied (called “scope”).

Note: Removing a computer from the scope of a computer-level profile prompts Jamf Pro to remove the settings applied by the profile the next time the computer checks in with Jamf Pro. Removing a computer from the scope of a user-level profile prompts Jamf Pro to remove the settings applied by the profile the next time the computer checks in with Jamf Pro while that user is logged in.

Payload Variables for Configuration Profiles

There are several payload variables that you can use to populate settings in a configuration profile with attribute values stored in Jamf Pro. This allows you to create payloads containing information about each mobile device, computer, and user to which you are distributing the profile.

To use a payload variable, enter the variable into any text field when creating a configuration profile in Jamf Pro. When the profile is installed, the variable is replaced with the value of the corresponding attribute in Jamf Pro.

Variable

Inventory Information

$COMPUTERNAME

Computer Name

$SITENAME

Site Name

$SITEID

Site ID

$UDID

UDID

$SERIALNUMBER

Serial Number

$USERNAME

Username associated with the computer in Jamf Pro
(computer-level profiles only)

Username of the user logging in to the computer
(user-level profiles only)

$FULLNAME or $REALNAME

Full Name

$EMAIL

Email Address

$PHONE

Phone Number

$POSITION

Position

$DEPARTMENTNAME

Department Name

$DEPARTMENTID

Department ID

$BUILDINGNAME

Building Name

$BUILDINGID

Building ID

$ROOM

Room

$MACADDRESS

MAC Address

$JSSID

Jamf Pro ID

$PROFILEJSSID

Jamf Pro ID of the Configuration Profile

$EXTENSIONATTRIBUTE_#

Extension Attribute ID Number

Note: The ID number is found in the extension attribute URL. In the example URL below, "id=2" indicates the extension attribute ID number:
https://instancename.jamfcloud.com/computerExtensionAttributes.html?id=2&o=r

For more information, see Computer Extension Attributes.

General Requirements

To install a configuration profile on a computer, you need:

  • A push certificate in Jamf Pro. For more information, see Push Certificates.

  • The Enable certificate-based authentication and Enable push notifications settings configured in Jamf Pro. For more information, see Security Settings.

  • (User-level profiles only) Computers that are bound to a directory service or local user accounts that have been MDM-enabled. For information, see Directory Bindings and MDM-Enabled Local User Accounts.

Manually Creating a Configuration Profile

You can create a configuration profile using Jamf Pro.

Beginning with Jamf Pro 10.17.0, you can configure some payloads using a redesigned flow. Use switches to include the settings that will be sent to deployment targets. In the summary view, only the included or configured settings are displayed in the Jamf Pro interface. The operating system manages settings on the computer level. Some enforced settings that do not change default values will not be visible on the computer. For more information on the default settings, see this documentation from the Apple Developer website.

Note: When upgrading to Jamf Pro 10.17.0 or later, any previously configured payloads that have been redesigned are automatically migrated. Review the settings in the Jamf Pro user interface. The migrated payloads are not redeployed to deployment targets.

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Configuration Profiles.

  4. Click New images/download/thumbnails/86475858/Icon_New_Button.png .

  5. Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.
    Only payloads and settings that apply to the selected level are displayed for the profile.
    To distribute the profile during enrollment using a computer PreStage enrollment, ensure you create a computer-level configuration profile.

  6. Use the rest of the payloads to configure the settings.

  7. Click the Scope tab and configure the scope of the profile.
    To distribute the profile during enrollment using a computer PreStage enrollment, ensure the scope of the profile contains the computers that are in the scope of the PreStage enrollment.

  8. (Optional) If you chose to make the profile available in Self Service, click the Self Service tab to configure Self Service settings for the profile.

  9. Click Save images/download/thumbnails/81531754/floppy-disk.png .

The profile is distributed to the deployment targets in the scope the next time they contact Jamf Pro.

Uploading a Configuration Profile

You can create a configuration profile by uploading a profile that was built using Apple’s software, for example, Profile Manager or Apple Configurator .

Note: Some payloads and settings configured with third-party software are not displayed in Jamf Pro. Although you cannot view or edit these payloads, they are still applied to the deployment targets.

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Configuration Profiles.

  4. Click Upload and upload the configuration profile (.mobileconfig).

  5. Use the General payload to change or configure basic settings for the profile, including a distribution method.

  6. Use the rest of the payloads to configure or edit settings as needed.

  7. Click the Scope tab and configure the scope of the profile.

  8. (Optional) If you chose to distribute the profile in Self Service, click the Self Service tab to configure Self Service settings for the profile.

  9. Click Save images/download/thumbnails/81531754/floppy-disk.png .

Downloading a Configuration Profile

If you want to view the contents of a configuration profile for troubleshooting purposes, you can download the profile (.mobileconfig) from Jamf Pro.

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Configuration Profiles.

  4. Click the configuration profile you want to download.

  5. Click Download images/download/thumbnails/80748286/download-1.png .

The profile downloads immediately.

Viewing the Status of a Configuration Profile

For each configuration profile, you can view the number of the deployment targets with a status of Complete, Remaining, or Failed for the profile installation.

Note: Depending on your system configuration, status data may not be available for profiles installed using Jamf Pro 9.63 or earlier.

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Configuration Profiles.
    A list of configuration profiles is displayed.
    For each profile, you can view the number of the deployment targets for which the profile installation has a Completed, Remaining, or Failed status.

    Note: If a computer becomes unmanaged after a profile is successfully distributed to it, the profile will continue to be displayed in the Completed column.

  4. To view a list of deployment targets with a status of Complete, Remaining, or Failed for the profile installation, click the number displayed in the corresponding column. Then click Back images/download/thumbnails/80748248/DONE_cropped.png in the top-left corner of the pane.

  5. To view logs for a configuration profile, click View in the corresponding row. For a different date range, specify the starting and ending dates using the Date Range pop-up calendars.

  6. Click Back images/download/thumbnails/80748248/DONE_cropped.png in the top-left corner of the pane.

Troubleshooting a Failed Status of a Configuration Profile

If a profile fails to install on a compatible computer, Jamf Pro will automatically retry the deployment every six hours. To manually force the attempt, use the “Send blank push” management command. To access this feature, navigate to the Management tab in the inventory of a computer and click Management Commands.

If a profile fails to install on an incompatible computer (e.g., when the profile includes settings that require User Approved MDM), the computer must first meet the profile requirements for the retry attempt to happen.

Related Information

For related information, see the following sections in this guide:

For related information about uploading custom configuration profiles, see the Deploying Custom Configuration Profiles using Jamf Pro article.

For related information about distributing certificates via a configuration profile, see the Enabling Jamf Pro as SCEP Proxy technical paper.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.