Profile is a fundamental piece in Apple device management technical architecture for enterprise. You can manage numerous settings using profiles and deliver them to devices avoiding a lot of manual administration work. Profiles are XML files which can control the behavior of iOS devices, restrict certain features etc. There can be multiple types of profiles. In the context of device management, the most common is Configuration Profile. Using this profile you can set restrictions on device features, control Wi-Fi, VPN, email server, LDAP, credentials and many other settings. You can distribute configuration profile files in multiple ways: via email attachment, download from web page or using specialized tools described in detail further: Apple Configurator 2, using MDM by Over-the-Air method.
 |
| Items in configuration profile as seen in Apple Configurator 2 |
Enrollment Profile is used to make relationship with MDM server upon device enrollment. It tells the iOS device to check for upcoming configurations from MDM server.
Trust profile is intended to validate the secure service connection during device enrollment to MDM and other purposes by applying one or more digital certificates. Provisioning Profile can be applied by developers or organizations to deploy iOS apps directly without passing via App Store.
To create or edit profiles administrators can use Apple Configurator 2 or Mobile Device Management (MDM) solution, such as Profile Manager which also offer default profiles for users. It is also possible to open the profile file and edit the XML syntax based settings by text editor. To prevent installation of corrupted, compromised profile on device, a profile can be code signed using code-signing certificate. Apple iOS devices will check for code signing upon installation of profile.
Configuration profile file icon and sample contents as seen in text editor
Apple iOS devices can install multiple profile from various sources. MDM may offer capability to create profiles for user accounts known by OS X Server including in Active Directory.
No comments:
Post a Comment