Detect non-managed profiles?

New Contributor II

How might I detect when profiles other than the profiles installed through MDM are present on a device?

For one example, Comcast users can install a profile from Comcast that includes keys for the encrypted Xfinity_Wifi hotspots. That profile is probably fine with me.

For another example, however, malware or adware is known to coerce users into installing profiles that do all kinds of things. In such a case, I would very much like to be alerted.

An extension attribute, I suppose? How might I separate MDM-installed profiles from user-installed profiles?

Thanks for any insight.


Contributor III

Just an concept, but you could try starting with the profiles show command:

#Show profiles installed | output organization, name and profileUUID | print the end of the output
sudo profiles show | grep -E 'attribute: organization:|attribute: name:|attribute: profileUUID:' | awk '{print $NF}'

You could then set the 3 outputs (output organization, name and profileUUID) to an array and loop through it to determine which array item does not include your organization name.

New Contributor II

Okay, that does give me something to work with. I was looking at it from a different angle. Thanks!