You use Profile Manager to configure and distribute settings to OS X and iOS devices in your organization, school, or business. You can use Profile Manager to quickly configure large numbers of devices with the settings, apps, and books your organization requires.
Note: Although Profile Manager is available with earlier versions of OS X and iOS, some features are only available for:
Mac computers with OS X Mavericks v10.9 or later
iOS devices with iOS 7 or later
You can decide who gets to use the service, and from which network. See Server access overview.
Manage settings and policies
Profile Manager creates and distributes configuration profiles. Configuration profiles are XML files that contain preconfigured system settings. You install them on a device to configure the settings. When the profile is installed on a user’s device, the settings it defines are applied. If the settings are applied to a user, those settings apply to any device associated with that user. If the settings are applied to a device, those settings are enforced regardless of who uses the device.
Each user, user group, device, and device group can have configuration profiles to provide a base level of settings. You can then assign additional configuration profiles to customize the settings to meet your needs.
In addition to general configuration settings, Profile Manager lets you enforce organization policies. For example, you can specify password policies, define the types of networks devices can connect to, and enforce restrictions such as preventing the use of cameras on iOS devices and disabling specific system preferences in OS X. If you’re managing the devices remotely, you can install updated policies, without user action or notification.
Distribute configuration profiles
After you define the settings for users and their devices, you can distribute the configuration profiles in the following ways:
Distributed upon activation
Settings can be automatically configured after the device has been activated over the Internet.
Remote device management
You can enable Profile Manager’s mobile device management service, which lets you remotely install, remove, and update configuration profiles on enrolled devices.
User self-service
Users can download and install the settings from Profile Manager’s built-in user portal. The user portal ensures that users receive the configuration profiles you assign to them or their group.
Manual distribution
You can download configuration profiles (.mobileconfig files) from Profile Manager’s administration portal, then send them to your users in a mail message or post them to a website you create. When users receive or download the files, they can install them on their device.
Remotely lock or wipe a lost device
You can remotely lock devices that you manage using Profile Manager. For a Mac, locking shuts down the Mac and installs an EFI passcode so it cannot be started up without providing the passcode. On iOS devices, locking invokes the Lock screen and enforces the passcode, if any, installed on the device.
Wiping a Mac removes all user data. Wiping an iOS device restores it to factory defaults.
For iOS devices, you can also reset a user’s forgotten passcode. This temporarily removes the device passcode (for 60 minutes). To unlock the device, the user is immediately required to enter a new passcode that meets the criteria specified by the configuration profiles installed on the device.
Components of Profile Manager
Profile Manager consists of three main parts that work together to let you specify when and how devices are enrolled and configured, and the apps and books are distributed.
Over-the-air configuration of devices: Streamline the configuration of institutionally-owned devices. Enroll devices in mobile device management (MDM) during activation and skip basic setup steps to get users up and running quickly.
Mobile device management service: Profile Manager provides a mobile device management service that lets you remotely manage enrolled devices. After a device is enrolled, you can update its configuration over the network without user interaction and perform other tasks. Mobile device management is supported on Mac computers with OS X Mountain Lion v10.8 or later installed, and on iOS devices with iOS 6 or later installed.
App and book distribution: Profile Manager can distribute apps and books purchased through the Volume Purchase Program (VPP). App and book assignment is supported on Mac computers with OS X Mavericks v10.9 or later installed, and on iOS devices with iOS 7.0 or later installed.