Home » Modern profile configuration

Configure MDM Profile for Windows and Mac

What is an MDM Profile?

An MDM Profile is an additional component for Endpoint Central Agent which can be installed to support complete management of the Laptops in Endpoint Central.

The following steps below illustrate how to deploy MDM profile for Windows and Mac separately.

Configuring MDM profile for Windows


  • Configuring NAT settings (Not required for Endpoint Central Cloud users)

To deploy the MDM profile for Windows, the only prerequisite is to configure the NAT settings.

You need to configure NAT settings to manage both desktop and roaming Users (laptops). This will ensure communication between the desktop and roaming users via internet and the Central server. NAT settings can be configured in this path: Admin tab > Server Settings > NAT Settings

Once this is done, MDM profile will be automatically installed on the Windows machines.

Configuring MDM profile for Mac devices


  • Configuring NAT settings (Not required for Endpoint Central Cloud users)
  • Uploading the APNS certificate 

After the above two prerequisites are configured, the end user will be able to install the MDM profile via a notification window that will be prompted from his/her machine.

Configuring NAT settings

You need to configure NAT settings to manage Desktop & Roaming Users (laptops) which might be out of the reach of your corporate network. This ensures the communication from Desktop & Roaming Users via internet reaches the Central server . NAT settings can be configured in this path: Admin tab > Server Settings > NAT Settings.

Uploading an APNS Certificate

All communication between the MDM Profile and Apple devices are routed through the APNS certificate. An APNS certificate is required to secure this communication. Assure a corporate ID is used to create a certificate, as it has to be renewed in a year. Learn more on creating and uploading a APNS certificate.

Configuring the notification window for the end user

If the above two prerequisites are met, the end user will be prompted via a notification window to install the MDM profile on their device. The end user has to approve to let Endpoint Central manage their Mac device.

Note: You can edit the message on the mac notification window by navigating to agent-> settings-> SoM Settings.

How does this Notification window work?

Notification window will pop-up on Endpoint Central agent machines to install the MDM Profile.

End-user needs to be an Administrator to install the MDM Profile.

If the end-user is a standard user, Endpoint Central Agent will promote the standard user as "Profiles Administrator" so that they can install the MDM profile. The 'Profiles Administrator' permission will be automatically revoked after 100 seconds.

DMD profile enrolment

    • The Notification window also provides a "Remind me Later" option that allows End-user to skip the installation for 90 minutes for a maximum of "reminder time(s)" specified by administrator.
    • If the end user doesn't install the MDM profile in those attempts, then it proceeds to a forced installation where the end user is bound to install the MDM profile without any options to ignore or close the notification window. On clicking 'Enroll Now' the following shows up:

Unverified profile

    • The administrator has to enter the credentials as shown below. This step will skipped for standard users.

Unverified credentials

    • Here's the preview upon successfully installing the MDM profile.

Verified profile and agent


The following are some of the frequently asked questions while configuring MDM profile in MAC.

1. Does MDM Profile installation consume Enterprise and Professional MDM Add-on License?

No. MDM Add-on has been removed for Endpoint Central. MDM Profile does not require any additional license. Refer this page for more details.