Help

Detect non-managed profiles?

jmbwell
New Contributor II

Posted on ‎07-07-2020 11:54 AM

How might I detect when profiles other than the profiles installed through MDM are present on a device?

For one example, Comcast users can install a profile from Comcast that includes keys for the encrypted Xfinity_Wifi hotspots. That profile is probably fine with me.

For another example, however, malware or adware is known to coerce users into installing profiles that do all kinds of things. In such a case, I would very much like to be alerted.

An extension attribute, I suppose? How might I separate MDM-installed profiles from user-installed profiles?

Thanks for any insight.

0 Kudos
Reply
2 REPLIES 2

shaquir
Contributor III

Posted on ‎07-08-2020 10:15 AM

Just an concept, but you could try starting with the profiles show command:

#Show profiles installed | output organization, name and profileUUID | print the end of the output
sudo profiles show | grep -E 'attribute: organization:|attribute: name:|attribute: profileUUID:' | awk '{print $NF}'

You could then set the 3 outputs (output organization, name and profileUUID) to an array and loop through it to determine which array item does not include your organization name.

Reply

jmbwell
New Contributor II

Posted on ‎07-08-2020 11:12 AM

Okay, that does give me something to work with. I was looking at it from a different angle. Thanks!

Reply