MDM Configurations
Addigy MDM allows the installation of MDM Profiles or Payloads on macOS, iOS, and tvOS Devices. Addigy MDM supports all MDM Configuration types, allowing the ability to import ANY MDM configuration or using the User Interface to create pre-defined payloads.
- macOS MDM Configurations
- Custom Configuration
- Privacy Preferences Policy Control
- Kernel Extensions Policy
- System Extensions
- Software Update
- Associated Domains
- System Preferences
- Wi-Fi
- App Store
- Energy Savings
- Printing
- Security & Privacy
- Time Machine
- Login Window
- Login Items
- Finder
- Dock
- Restrictions
- Passcode
- VPN
- Lockscreen
- Single App Lock
- Networking Usage
- Notifications
- Web Clip
- Web Content Filter
macOS MDM Configurations
MDM Configurations (.mobileconfig file extensions) are supported within the Addigy Cloud. You can create or upload a unique MDM Configuration and deploy it to macOS, iOS, or tvOS devices.
Custom Configuration
Custom Configuration allows you to upload any MDM Configuration created in any tool, as long as its a properly formatted .mobileconfig file extension.
- Custom Configurations will be signed by Addigy
- Custom Configurations support device fact variables for dynamic information
- Custom Configurations can be signed
- Requires Addigy MDM
Privacy Preferences Policy Control
The Privacy Preferences payload is designated by specifying com.apple.TCC.configuration-profile-policy value as the PayloadType value. It controls the settings that are displayed in the ”Privacy” tab of the ”Security & Privacy” pane in System Preferences. This profile must be delivered via a user approved MDM server in a device profile.
- Requires macOS 10.14 and later.
- Requires User Approved MDM
- This profile must be delivered via a user approved MDM server.
- Requires Addigy MDM
Used to whitelist Privacy Prompts for users, this payload can whitelist everything except ScreenRecording, Microphone, and Camera.
Kernel Extensions Policy
The Kernel Extension Policy payload is designated by specifying com.apple.syspolicy.kernel-extension-policy as the PayloadType value.
- It is supported on macOS 10.13.2 and later.
- This profile must be delivered via a user approved MDM server.
- Requires Addigy MDM
Used to whitelist Kernel Extension Prompts in Gatekeeper. This payload must be installed prior to the execution of the software to avoid prompting the user.
System Extensions
The payload for configuring system extensions. Specify com.apple.system-extension-policy as the payload type. When multiple profiles are installed, the keys are combined as follows: AllowUserOverrides is false if any profile sets it to false. All the other values are combined together.
- Requires macOS 10.15+
- Requires User Approved MDM
- Requires Addigy MDM
Software Update
The payload for configuring the software update policy.
- Required macOS 10.7+
- Requires Addigy MDM
Associated Domains
The payload for configuring associated domains. Associated domains can be used with features such as Extensible AppSSO, universal links, and Password AutoFill.
- Required macOS 10.15+
- Requires Addigy MDM
System Preferences
The payload for configuring the preference panes. Preference Settings can be enabled, disabled, or hidden.
Wi-Fi
The payload for configuring Wi-Fi on the device.
- Requires iOS 4.0+, 10.7+, tvOS 9.0+
- User Channel: macOS
- Device Channel: iOS, macOS, Shared iPad, tvOS
- Allowed in User Enrollment: iOS, macOS
- Requires Addigy MDM
App Store
The payload for configuring macOS App Store restrictions.
- Requires macOS 10.9+
- Supports Device and User Channel
- Manual Installation Supported
- Requires Addigy MDM
Energy Savings
The payload for configuring energy-saver settings.
- Requires macOS 10.7+
- Supports Device Channel
- Manual Installation Supported
- Requires Addigy MDM
Printing
The payload for configuring printers.
- Requires macOS 10.7+
- Supports Device and User Channel
- Manual Installation Supported
- Requires Addigy MDM
Security & Privacy
Manages Gatekeeper, FileVault, and other Security configurations on a device. FileVault 2 performs full XTS-AES 128 encryption on the contents of a volume. Removing the FileVault payload does not disable FileVault.
- As of macOS 10.15 this payload requires User Approved MDM.
- Requires Addigy MDM
Time Machine
The payload for configuring Time Machine.
- Requires macOS 10.7+
- Supports Device Channel
- Manual Installation Supported
- Requires Addigy MDM
Login Window
The payload for configuring login window behavior.
- Requires macOS 10.7+
- Supports Device Channel
- Manual Installation Supported
- Allows Multiple Payloads
- Requires Addigy MDM
Login Items
The payload for configuring a device’s login items.
- Requires macOS 10.13+
- Supports Device and User Channel
- Manual Installation Supported
- Allows Multiple Payloads
- Allowed in User Enrollment
- Requires Addigy MDM
Finder
The payload for configuring Finder settings.
- Requires macOS 10.7+
- Supports Device and User Channel
- Manual Installation Supported
- Requires Addigy MDM
Dock
The payload for configuring the dock.
- Requires macOS 10.7+
- Supports Device and User Channel
- Manual Installation Supported
- Requires Addigy MDM
Restrictions
The payload for configuring the restrictions.
- Requires iOS 4.0+, macOS 10.7+, tvOS 9.0+
- Supports Device for iOS, macOS, Shared iPad, tvOS
- Support User Channel for macOS, Shared iPad
- Manual Installation Supported for iOS, macOS, tvOS
- Allowed in User Enrollment
- Allows Multiple Payloads
- Requires Addigy MDM
Passcode
The payload for configuring the passcode policy.
- Requires iOS 4.0+, macOS 10.7+
- Supports Device for iOS, macOS
- Manual Installation Supported for iOS, macOS
- Allowed in User Enrollment for iOS
- Requires Addigy MDM
VPN
The payload for configuring a VPN.
- Requires iOS 4.0+, macOS 10.7+
- Supports Device Channel for iOS, macOS
- Manual Installation Supported for iOS, macOS
- Allows Multiple Payloads
- Requires Addigy MDM
Lockscreen
The payload for configuring a Lock screen message.
- Requires iOS 9.3+
- Supports Device Channel for iOS
- Manual Installation Supported for iOS
- Requires Addigy MDM
Single App Lock
The payload for configuring a device to run a single app.
- Requires iOS 6.0+, tvOS 10.2+
- Supports Device Channel for iOS and tvOS
- Requires Supervision
- Requires Addigy MDM
Networking Usage
The payload for configuring a device to run a single app.
- Requires iOS 9.0+
- Supports Device Channel for iOS
- Requires Addigy MDM
Notifications
The payload for configuring a device to run a single app.
- Requires iOS 9.3+, macOS 10.15+
- Supports Device Channel for iOS and macOS
- Manual Installation Supported for iOS, macOS
- Requires Supervision for iOS
- Requires Addigy MDM
Web Clip
The profile for configuring web clips on the device.
Use this payload to add web clips to the Home screen of the user’s iOS device or to the Dock on a Mac. Web clips provide fast access to favorite webpages.
For iOS devices, if you prevent the user from removing the web clip, the only way to remove it is to remove the configuration profile that installed it. Also, for iOS devices it must have a display name and an icon URL for the payload to be valid.
A full-screen web clip on iOS devices opens the URL as a web app without a browser (there’s no URL or search bar, and no bookmarks).
For Shared iPad devices, this payload is supported on the user channel only.
- Requires iOS 4.0+, macOS 10.7+
- Supports Device Channel for iOS
- Supports User Channel for macOS and Shared iPad
- Supports Manual Installation
- Allows Multiple Payloads
- Requires Addigy MDM
Web Content Filter
The payload for configuring web content filters.
URLs are matched by using string-based root matching. A URL matches an allow list, deny list, or permitted list pattern if the exact characters of the pattern appear as the root of the URL. For example, if test.com/a isn’t allowed, then test.com, test.com/b, and test.com/c/d/e will all be blocked. Matching also discards subdomain prefixes, so if test.com/a isn’t allowed, m.test.com is also blocked.
- Requires iOS 7.0+, macOS 10.15+
- Supports Device Channel for iOS, Shared iPad, and macOS
- Manual Installation Supported for iOS, macOS
- Requires Supervision for iOS
- Requires Addigy MDM