- Jamf Nation Community
- Products
- Jamf Pro
- Multiple config profiles. Configuration Creep?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2024 04:15 AM
Looking after iOS devices for a large IT company.
We have a 'default' set of restrictions; every newly setup device gets this. There are other profiles as well that look after things for all devices (passcodes are a good example). Restrictions, though, are the main concern.
So, there are manually created restriction profiles for managers. Another set for those in comms. Another set for interns, another set for something else, and so on. Things are now a little arbitrary.
TLDR managers can use WhatsApp and USB (for Carplay) connections. Comms are allowed to use WhatsApp, and interns are allowed to use only critical apps (for example, only Outlook, Teams, and MS Authenticator). Everybody else just gets the Default (automatically) and can play with the Calander and other not-so-important stuff. But not WhatsApp! GDPR laws in Europe.
A static group based on serial is used to 'map' each device to each set of restrictions.
What is starting to get on my nerves is the 'configuration creep'. In essence, I have to create more and more static groups and then add these static groups as the scope' of each profile, and then add all the others to the exclusion list. A kind of mutual arrangement. Almost exponential growth!
So, let's say for management, I must exclude communications and interns. For communication, I must exclude management and interns. For interns, I must exclude management and communication. AND for the "default" profile, I must exclude all the groups listed already.
On top of this I can sometimes get a warning that configuration is already installed on a device when I try to put it in a special config profile group. So, some removing and re-adding must be done to get things right.
Is this normal (or is there an easier way of doing things)?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2024 05:35 AM
There's an easier way.
Is your Jamf set up with LDAP? You could create Smart Groups of departments and cluster devices into groups dynamically. As your users fall into these groups, you could assign specific profiles to them automatically.
This will allow you to abandon Static Groups and let Jamf do the work for you. I tend to use Static Groups for my specific test devices and users.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2024 05:35 AM
There's an easier way.
Is your Jamf set up with LDAP? You could create Smart Groups of departments and cluster devices into groups dynamically. As your users fall into these groups, you could assign specific profiles to them automatically.
This will allow you to abandon Static Groups and let Jamf do the work for you. I tend to use Static Groups for my specific test devices and users.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2024 06:11 AM
Thanks for the tip!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2024 06:30 AM
Sounds like a way forward. Is there still a way that a user (and therefore their device) could fall into two smart groups and I find myself back at the battle of wits that is mutual restrictions? JAMF is almost 'too' customisable! Conflicts and ambiguities can then emerge.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-29-2024 06:32 AM
Sorry, I meant mutual exclusions (in the context of restrictions).
