JumpCloud Community

JumpCloud has a bunch of preconfigured macOS and iOS MDM policies that lets you deploy profiles to enforce settings for varios configurations like granting Full Disk Access to apps, installing Certificates, pushing System or Kernel extensions, setting up restrictions etc. However there would be scenarios where you wish to deploy and enforce something specific, which is not available in the preconfigured policies.

In such situations, you could craft up a custom MDM configuration profile as per your requirement using tools like iMazing Profile Editor, Apple Configurator, ProfileCreator etc and deploy the profile via JumpCloud's Mac or iOS MDM Custom Configuration Profile policy.

In this article, we will see how you can create custom MDM profiles using iMazing Profile Editor. The process would be quite relevant for other tools too. As an example, let's say you'd like to deploy VPN settings via configuration profile. Here's how you can craft a custom configuration profile:

• Install and launch the iMazing Profile Editor.
• First start by filtering the OS from the top panel and choose the OS on which you're deploying the policy. Most of the time, it'd be 'macOS'. Once filtered, configurations only relevant to macOS will be displayed on the left panel.
• From the left panel, under 'Configured Domains', there'd be General tab added by-default. We configure this section to setup mandatory general settings like Payload Display Name, Identifier, UUID, Payload Organization, Payload Scope etc. Fill in the details as required but ensure payload name, payload scope and target device type are chosen correctly.
• Next comes the main part, where we select the required system domain from the left panel based on our requirement. In my example, I'm setting up VPN, so I would select VPN and click on '+ Add Configuration Payload' on the screen.
• This moves the VPN domain to my existing configured domains and on the right side, we have the payload setup wizard displaying all the available options.
• We see alot of settings available and referring the vendor documentation, for whom we're setting up the VPN, we fill in the relevant values like VPN name, VPN type, Remote Address, Authentication method etc.
• Likewise you could also add another domain like Web Content Filter from the left panel and configure its settings in same fashion, referring the vendor documentation. You can add multiple payloads in a single configuration profile. For e.g., if you're creating a configuration profile for pre-approving permissions for an Antivirus or EDR solution, you can add the System Extensions payload, Content Filter payload, Full Disk Access payload, VPN payload etc in a single profile.
• Once you're configured the profile as per your requirement, click on File in the Menu Bar and select 'Save As'.
• Enter a name for the profiles and save the .mobileconfig file on your Mac. When saving, you'd also see an option to sign the profile using a certification. You can simply chose 'Do not sign' as JumpCloud signs them off when deploying the profile.

Now your payload is ready to be deployed via JumpCloud Mac or iOS MDM Custom Configuration Profile policy. Based on the settings in the payload, your user may need to either restart their Mac or perform a device logout-login for the changes to kick in. The process is similar for iOS device profiles too.

References:

• Configuration Profile Reference
• Developer Device Management
• Getting started with iMazing Profile Editor
  
• Creating Custom Configuration Profiles using Apple Configurator
  
• ProfileCreator Wiki