Assignment is exactly the same for config profiles as it is for policies, when creating your configuration profile, go to the Scope tab and select the computer or group of computers you wish to apply it to.

i'm assuming your using version 9.x
you will need certificate based authentication enabled and push notifications enabled and configured if that is all set up correctly then you just create a configuration profile from the configuration profiles menu on the left.
its pretty straight forward
when it doubt
http://www.jamfsoftware.com/resources/casper-suite-administrators-guide-version-9-4/

Thanks for the replies.
I have both push notifications and cert based authentication enabled.
My policies all kick off no problems and I believe my configurations are all correct and are scoped the same way as my policies but they do not run.
Do i need to open any ports on the firewall?

Yep. Go get some coffee, candy, beer or (maybe bacon) and make nice with the network and security folks...

Ask for ports 2195, 2196 and 5223 open outbound to 17.0.0.0/8

All of my favorite things.

I spoke to our Jamf guy who gave me a script to run to confirm ports are open. So I can confirmed we're good there.
Still not able to get any configs to push. Only my policies will run but no profiles.
Anyone got any ideas here?

@mjohnston port 443 open to 17.0.0.0/8?

@bentoms according to the script our Jamf guy gave me, yes "connected to apple on port 443"

@mjohnston, do they show as MDM capable in the JSS?

This is also an awesome app to help diagnose: http://twocanoes.com/push-diagnostics

No all my registered machines are not MDM capable.
I'll take a look thanks.

Right, it's the port 443 communication with Apple that Macs get their MDM token, this is different to iOS.

I guess the script also checked port 2195, 2196 & 5223.

Once the token is received, a secure tunnel is opened to apple on port 5223. This is what push notifications run down.

Double check that all is allowed, with the correct incoming & outdoing as needed.

I can't remember it off the top of my head, but this should help: https://jamfnation.jamfsoftware.com/article.html?id=34

Although there is no mention of 443 for APNS/MDM on OSX.

@mike.paul can you chime in?

Howdy, All things mentioned previously are correct. You need outbound persistent communication from your JSS to Apple's Push Notification servers on 2195 and 2196. Client devices need to be able to communicate to Apples Push Notification Servers on 5223. For MDM enrollment to work on OSX the devices also need to be able to reach the APN servers on 443 to get a token at enrollment, as Ben mentioned, this isn't needed on iOS. Typically 443 is open in firewalls as it is needed for basic https web access.

The big thing to understand that even if you have firewalls open on those ports, if you are using any content filtering on any of those ports this could impede the communication and make it so the devices cant MDM enroll.

A valid SSL cert is also needed for MDM to work. By default on a new JSS install you get a Self-Signed cert to enable SSL communication but it doesnt meet the requirements for MDM. Either use the JSS built in functionality to create an SSL (Settings->Apache Tomcat Settings->Edit->Change the SSL certificate used for HTTPS) or purchase a third Party SSL cert.

Try enrolling an iOS device and see what it says about the enrollment process, that may help shed some light as well since all that does is MDM enrollment.

Thanks @mike.paul