Jamf School - Best practice for setting up the various policies/restrictions

einchewon
New Contributor

Below is a screenshot of the Jamf School Profile/Settings interface.

I am confused about how to do this overall. Is the idea that you basically create holistic settings that are all encompassing for a type of device, and you put all of the things and stuff in one, and only apply "one per device" or is the idea to be granular and only for example configure the WiFi, Certificates, DNS Proxy if needed, and that's it.

If the idea is to be more modular, is there any type of guide that covers which policies can conflict in which case it's a race condition to determine which profile is applied if there are conflicting settings that would prevent the other profile from applying?

If I had to guess it should kinda look like this.

Modular profile 1 - Connectivity related settings only. So WiFi, Certs, and anything needed to get your content filter to work on the device.

 

Beyond that, I don't know. How should these things be chunked up, or should it be that beyond the connectivity profile, that it should be "monolithic" to help protect against race conditions?

 

Thanks in advance.

2 REPLIES 2

rekekabaret
New Contributor II

We have seperated the profiles this way (for iPads):

- SCEP, wifi and certificates
- Restrictions for everyone
- Restrictions for students
- Restrictions for staff
- Passcode policy
- Background and footnote policy

In addition we have different profiles for webclips, fonts and some profiles that are only scoped temporarily during tests, to block airdrop and add webclips to relevant websites for the tests.

GregBobbett
Contributor II

We run our profile sets pretty much the same way as Rekekabaret. The only exception I see between us is that I do separate out Wi-Fi between Student and Teacher/staff due to specific network needs.

It works relatively well, and you can use Device groups more effectively. 

Greg Bobbett