Configuration Profiles scoped by subnet location.

Contributor II

Does anyone have suggestions on how to scope a configuration profile by network location?
For example; 

We have a configuration profile to bind to our Active directory and it fails when these devices can not reach the domain controller.    Not a great example as most of us are moving away from binding.

Another example would be to allow Bonjour (mDNS) on a home network and disable it on the enterprise and public networks.     We have disabled Bonjour for a long time to reduce the visibility of our devices and their services, however when these devices go home disabling Bonjour may break features like finding shared disks, using screen sharing, and printing.


New Contributor III

You can use Network Segments and either use the Exclusion or Limitation in the scope and specify the network segments there.
Network Segments need to be defined upfront at the Jamf Settings > Network > Network Segments

Esteemed Contributor II

@burdett You don't have to use a Configuration profile to bind. When we were still binding Macs to AD my approach for ensuring the bind attempt only happened when connected to the company network was was to have a policy scoped to un-bound Macs that ran a script during the periodic checkin to see if the Mac could reach a server that was only internally accessible (network segments weren't an option due to some peculiar IP ranges in use for some sites) and if it was the script would trigger a 2nd policy with a Directory Bindings payload to bind the Mac.