Starting from scratch (new Jamf instance), how do you establish a baseline for configuration profiles that will be pushed to iPhones and iPads. Do you keep them separate for each type of device and should there be a config profile for every setting/configuration?
Question
How to establish a baseline for configuration profiles?
+1
+9When it comes to configuration profiles, I highly recommend separating out your settings. For example, have a profile for networking, one for bluetooth, every app gets its own config, security restrictions, etc. Also, if you’re setting up from scratch, it’s best to set up SSO using OIDC. This will give you access to compliance benchmarks for CIS/NIST/etc. as well as blueprints which are DDM based and provide more versatility. Traditional config profiles, specifically when it comes to restrictions, are either on or off. There’s no “disregard”. However with blueprints there is an option to disregard the setting or “not do anything/ignore this”.
+9I second separating things out from the start. It is. bummer when you have to backtrack on that one.
+26Keep everything seperate. Unrelated payloads need to be in seperate configuration profiles.
+21I agree with the others, if you are using config profiles the rule of thumb has always been a separate config profile for each setting. However, as I learned while beta testing the new Blueprints feature, you do not have to keep the settings separate. Based on how DDM works, it’s recommended to merge the settings into one blueprint.
+20If you’re not Jamf SSO’d, Jamf Compliance Editor can help you. We’ve use this over the years for the CIS Benchmark, but it has other benchmarks too.
This will create configs based on your organization needs.
If you are using Jamf SSO, head towards the Compliance section in your Jamf Pro. We just flipped over to Jamf SSO, so we’ll be going in this direction.
• Link: https://github.com/Jamf-Concepts/jamf-compliance-editor
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.