Mac (macOS) Device Profile

Device Profiles are a quick and easy way to group the common set of policies and then apply them to multiple devices. Any changes or edits to the Device Profile are applied to all the devices in that Profile without any further steps.

In Scalefusion, minimum of one Mac (macOS) Device Profile is mandatory to manage your Mac devices. Without a Device Profile, you cannot apply any policies to the device. You can create as many Device Profiles as you want and depending upon your organization structure.

Since a macOS Device Profile offers quite a lot of settings and policies, this document covers the basics of creating a profile and links to various settings in separate documents for easier understanding.

Before you Start

1. Login to Scalefusion Dashboard.
2. Complete the Configure APNs step.

Understanding Device vs User Policies/Profiles

Before you enroll your first device, it will be handy to understand some fundamental concepts of Mac (macOS) device management.

1. A single Mac machine might be used by multiple user accounts. Typically there is one administrator account and more than one standard user account on a Mac machine. It is quite common that there is only one user account on the device which is of type administrator.
   1. Additionally these users can be locally created users or Network users.
2. Apple's macOS MDM protocol divides the policies into two categories,
   1. Device Level Policy: These are the types of policies which are applicable at a device level and hence apply to all the users of that machine.
   2. User Level Policy: These are the types of policies which are applicable to the users and can be selectively applied to the users of the machine.
3. Scalefusion currently supports single user management, what this means is that Scalefusion installs the Device Level policies for all the users of the machine, however the user level policies are installed ONLY for the user from where the enrollment was done. For example, consider that you have a Mac device with two users, John Doe and Jane Doe. If the enrollment was done using John Doe user then the user policies are applied only when the user John Doe signs in to the computer. The device level policies are however applied to both the users.
4. The following table details out the device level policies vs the user level policies.

Creating a macOS Device Profile

1. Navigate to Device Management > Device Profiles section.
2. Click on CREATE NEW PROFILE to launch the profile creator dialog.
3. Select macOS tab. Enter a name for the Profile and click on SUBMIT.

   

4. The Profile creator wizard will be shown. The Profile creation is divided into the following sections,
   1. Restrictions: Allows you to configure various restrictions on the device usage. Please refer to the Configuring Restrictions section to understand the various options available.
   2. Content Filtering: Allows you to set the Web Content Filtering options and allow websites. Use the Web Content Filtering section to understand how to use this feature.
   3. Exchange & Email: Allows you to push Exchange & Email settings. Refer to our Exchange & Email settings guide on how to configure it.
   4. Network Settings: Allows you to remotely push Wifi configurations on the managed device. Refer to our Network Settings guide to configure this section.
   5. Passcode Settings: You can set the passcode policy inside the device profiles. This provides the flexibility for the IT admins to define passcode policy of different complexities to devices in different profiles. To configure, Toggle on the button Override Global Password Policy, only then the passcode settings become configurable.
      The policy created here will override the global passcode settings and will be applied to the devices of this macOS profile.
   6. Security & Privacy: Use this section to configure the various security and privacy settings options. Use the Security & Privacy section to configure these settings.
   7. Parental Controls: Allows you to set Time limits on the managed Mac device usage. Use the Parental Controls guide to get a better understanding.
5. Once you have set the various policies, click on the SAVE button.

1. Once a Device Profile is saved, it will be listed in the Device Profile section as shown below.

Applying a Device Profile to a Mac Device or Device Group

A Device Profile can be applied to one or multiple devices or Device Groups. Any changes in the device profile are automatically applied to all the devices in that profile or the device group. Follow the steps below to Apply it a device or a group,

1. Navigate to Device Management > Device Profile and click on the device Profile.
2. Click on APPLY button on the right hand side.

   

3. In the Apply Profile window, you would see the Device Groups without a Mac Profile and Devices without a Mac Profile. Select either the Device Group tab or Devices tab, select the Groups OR Devices and click APPLY.
   
   

   

   

Switching the Device Profile on a Mac Device

The easiest way to switch Device Profiles on the Mac Devices is to create Device Groups and change the Device Profile on the group. However, If you have Mac devices that are not part of a device group and you want to switch the Device Profiles then please follow the steps below,

1. Navigate to Device Management > Device Profile section. Select the Device Profile that is currently applied to the device.
2. From the action panel on the right side, click on Delete icon and select Remove devices
   

   

3. Select the device that you want to switch the profile and click on REMOVE
   
   

   

4. Now refer to Applying a Device Profile to a Mac Device or Device Group section to apply the new Profile.