Personal Device Profile Payloads

The payloads and settings that you can configure using a personal device profile represent a subset of the iOS configuration profile payloads and settings available for institutionally owned mobile devices.

Before creating a personal device profile, you should have basic knowledge of configuration profile payloads and settings, and how they affect mobile devices. For detailed information about each payload and setting, see Apple’s iOS Deployment Reference at:

http://help.apple.com/deployment/ios/#/cad5370d089

Managed App Distribution to Personal iOS Devices

When creating or editing a personal device profile, you can specify managed in-house apps and App Store apps to distribute to personal devices. Available apps include all managed apps that have been added to the site that the profile is assigned to, and all managed apps that have been added to the full Jamf Pro.

When a managed app is distributed to personal iOS devices, the personal device profile automatically applies settings to do the following:

• Distribute the app using the Install Automatically/Prompt Users to Install distribution method

• Remove the app when the MDM profile is removed

• Prevent backup of app data

• Prevent opening documents from managed apps in unmanaged apps

When selecting managed apps to distribute, you have the option to clone an unmanaged app and make it managed. This adds a managed version of the app to Jamf Pro and leaves the original app unmanaged.

Note: Not all apps can be managed by Jamf Pro. For information on the factors that determine whether an app can be managed, see Understanding Managed Apps in the Jamf Pro Administrator’s Guide.

Creating a Personal Device Profile

To create a personal device profile, the User-Initiated Enrollment settings must be configured to allow user-initiated enrollment for personally owned devices. In addition, you can only create a personal device profile if there is an available site (or the full Jamf Pro) that does not have a profile assigned to it.

1. Log in to Jamf Pro.

2. Click Devices at the top of the page.

3. Click Personal Device Profiles.

4. Click New .
   Note: Only one personal device profile can be created per site in Jamf Pro. If all sites (or the full Jamf Pro) already have an assigned personal device profile, you will not be able to create a new one.

5. Use the General payload to configure basic settings for the profile, including the display name and the site to assign the profile to.
   Note: If you have site access only, the profile is assigned to the applicable site automatically and the Site pop-up menu is not displayed.
   To enable this personal device profile, select the Enable personal device profile checkbox.

   

6. (Optional) Use the Passcode payload to configure passcode policies.

7. (Optional) Use the Wi-Fi payload to configure how devices connect to your wireless network, including the necessary authentication information.

8. (Optional) Use the VPN payload to configure how devices connect to your wireless network via VPN, including the necessary authentication information.

9. (Optional) Use the Exchange ActiveSync payload to define settings for connecting to your Exchange server.

10. (Optional) Use the Mail payload to define settings for connecting to POP or IMAP accounts.

11. (Optional) Use the Calendar payload to define settings for configuration access to CalDAV servers.

12. (Optional) Use the Contacts payload to define settings for configuration access to CardDAV servers.

13. (Optional) Use the Subscribed Calendars payload to define settings for calendar subscriptions.

14. (Optional) Use the Certificate payload to specify the X.509 certificates (.cer, .p12, etc.) you want to install on devices to authenticate the device access to your network.

15. (Optional) Select the Apps payload and then do any of the following:

    • To distribute a managed app to personal iOS devices added to the site (or the full Jamf Pro) that the profile is assigned to, click Install next to the app name. (To distribute all managed apps, click Install All.)

    • To remove a previously distributed managed app from devices, click Remove next to the app name. (To remove all managed apps previously distributed with this profile, click Remove All.)

    • To clone an unmanaged app to add a managed version of the app to Jamf Pro, click the unmanaged app name and then click Clone App and Make Managed. A managed version of the app is added to Jamf Pro and is made available for installation.
      

16. (Optional) To add messaging that displays during user-initiated enrollment if the user belongs to multiple LDAP user groups with access to multiple sites, do the following:

    1. Click the Messaging tab, and then click Add .

    2. Choose a language from the Language pop-up menu.

    3. Use the settings on the pane to specify the site/profile display name, as well as the text to describe the settings included with the profile. You can also list any managed apps that will be included with the profile.

       

    4. Click Add Language.

    5. Repeat this process as needed for other languages.

17. Click Save.

If the profile is enabled in the General payload, it will be used to enroll personal devices with Jamf Pro when users enter credentials for an LDAP directory account or a Jamf Pro user account that has access to the site (or to the full Jamf Pro).