Image: Getty Images/iStockphoto

When working with macOS and iOS devices, Apple has gone to great strides to ensure that users can manage their devices as they need. Often the belief that Apple devices “just work” is something the company takes to heart as it forms one of the cornerstones of the user experience for the consumers of their products.

Conversely, IT pros have a much more difficult time when managing Apple devices due to the focus on the consumer driven management strategy that sees end users as the primary and default means of being the administrator of their own devices. This does not bode well since it limits IT’s ability to properly manage these devices on their network. Additionally, complicating matters is the growing shift toward BYOD, wireless networking, and telecommuting– all of which are factors that further hamper device management at an enterprise scale.

SEE: VPN usage policy (Tech Pro Research)

While Mobile Device Management (MDM) servers normally fill this void, if devices are personally owned or if the MDM is out of the budget, IT can rely on Apple Configurator 2 to create profiles that can be served from a web server, file share, or sent as email attachments, where the end user manages their devices while IT can still ensure that corporate policies are adhered to.

Before getting started creating your first configuration profile, there are a few requirements to make sure mobile management takes off without a hitch.

  • Mac computer with Apple Configurator 2 installed
  • Method to deliver configuration profiles (email, web server, network file share, or external USB drive)
  • Internet access (Optional; but recommended)

Creating your first configuration profile

  1. Log in to the Mac computer and launch Apple Configurator 2
  2. Click File | New Profile to open a blank template.
  3. The first screen you see is an administrative page that allows you to provide a name for the profile, including setting security permissions for it to allow or deny removal of the profile from a client device (Figure A).
Figure A

Note: Profiles may encompass multiple settings together (monolithic) or may be configured individually as separate files (thin). Regardless of your deployment preference, please take into consideration that if deploying these to end-user’s personal machines, it may be a good idea to allow the user’s themselves to remove the profiles. Company-owned devices; however, should be locked down where possible (Figure B).

Figure B

For this article, we’ll configure a Wi-Fi profile, which contains the network and security settings required to connect to a wireless network. Begin by clicking the Wireless network tab, and click the configure button (Figure C).

Figure C

Enter the relevant details, such as SSID, security type, and passphrase to connect to the wireless network. Once completed, you may click File | Save to name your profile and save it to a directory of your choosing (Figure D).

Figure D

While configuration profiles may be created to manage various settings on both iOS/macOS devices, with some being shared, and others being unique to the device type, most setting types are self-explanatory when choosing which types to effectively lockdown.

Deployment, as mentioned above, is as simple as executing the profile from the device’s interface and allowing it to be installed. The profiles may be emailed, shared as a link to cloud storage, provisioned via MDM, server share, or web server, such as self-service portal.