Configurations & Accounts
Configurations allow an administrator to set up accounts, services, and other functionalities on devices. Some configurations can be shared between device groups, some are linked to just one device group, and others are created as accounts for individual devices.
SimpleMDM supports many configurations, including:
|Configuration Name||Allows you to define...|
|App restrictions||an app whitelist or blacklist to hide undesired apps from iOS. Requires supervision. Note: app restrictions are assigned to device groups under the "restrictions" tab.|
|AirPlay destination||an available destination to stream audio and video to.|
|AirPrint printer||an AirPrint-compatible printer for devices to utilize.|
|APN||an Access Point Name. This is also called a Cellular payload. Sometimes used in advanced deployments.|
|CalDAV||a WebDAV or CalDAV calendar account.|
|CardDAV||a WebDAV or CardDAV contacts account.|
|Certificates||deploy custom certificates to devices.|
|an Exchange, IMAP, or POP-based email account.|
|Filevault||requirements around using Filevault full disk encryption. Also supports escrowing and rotating personal recovery keys.|
|Firewall||Firewall settings on macOS devices.|
|Firmware password||Firmware password settings and saves password to SimpleMDM.|
|Global HTTP proxy||an HTTP proxy that all web traffic on the device will be forced to pass through. Requires supervision.|
|a Google account to use for email, contacts, and calendaring.|
|Home screen layout||an icon and folder layout on the iOS home screen and dock. Requires supervision.|
|Kernel Extensions||approvals for specific kernel extensions on macOS.|
|LDAP||an LDAP account, typically used to populate Contacts in iOS.|
|OS Auto Update Policy||settings to automatically download/install OS updates. Requires supervision.|
|Passcode Policy||complexity requirements for passcodes on iOS and macOS, as well as screen lock settings.|
|Privacy Preferences||accessibility permissions for specific applications on macOS.|
|Restriction||a list of iOS functionalities that should be disabled.|
|Single app lock||an app that is forced to run at all times on a device. Requires supervision.|
|Single sign-on account||a Kerberos account to be used to sign into websites and apps.|
|Subscribed calendar||a calendar subscription. These appear in the device's calendar list.|
|VPN||a VPN account, such as L2TP, PPTP, Cisco, or other popular technologies.|
|Wallpaper||an image to appear in the background of the home and/or lock screen. Requires supervision.|
|Web clip||an icon on the home screen that acts as a shortcut to a website.|
|Web content filter||a website whitelist or blacklist to control web access in the Safari app. Requires supervision.|
|Wireless network||a WiFi network that the device can access.|
This is not intended to be a comprehensive list. Refer to the SimpleMDM interface for the latest capabilities.
Custom Configuration Profiles
Sometimes an organization needs a feature available in Apple Configurator that isn't supported by SimpleMDM. Or, an organization may have previously built configurations in Apple Configurator that they are not ready to rebuild in SimpleMDM. In these cases, SimpleMDM allows configurations that have been exported by Apple Configurator to be uploaded and distributed to enrolled devices.
To upload a custom configuration to SimpleMDM, follow the instructions below for creating a configuration and choose "Custom Configuration Profile" as the configuration type.
Most configurations require first creating a shared configuration profile and then assigning it to device groups. To create a shared configuration profile:
- Click "Configs" on the left hand side of the screen and select the "Profiles" subsection, if needed.
- Click the "Add Profile" button in the upper right hand corner of the screen. Select the profile you would like to create.
- Complete the following configuration screen and click "Save".Your newly created configuration profile will appear listed on the configurations screen.
Assigning Configuration Profiles to Device Groups
A shared configuration profile will not be pushed to any of your devices until you have assigned it to at least once device group. To assign a configuration to a device group:
- Click "Groups" on the left-hand side of the screen.
- Click the name of the device group you would like to edit.
- In the "Configurations" tab, select the configurations that you would like to apply to the group and click "Save".
Once you click "Save", the configurations are automatically pushed to the devices in the device group.
Some configurations, like email accounts, can also be assigned directly to devices instead of device groups. To create an account for a device:
- Click "Devices" on the left hand side of the screen.
- Click on the name of the device you would like to create an account on.
- Click the "Accounts" tab.
- Click the "Add Account" button in the upper right hand side of the screen. Select the type of account you would like to create.
- Provide the required account information. When creating the account, you may have an option to create or select an applicable Provider (like an Exchange server).
When you click "Save", the configuration is automatically pushed to the device.