Home » Modern profile configuration
Applicable For Desktop Central MSP 
 
 

Configure Modern Profile for Mac

Mac machines need end user approval to manage their devices. A modern profile is installed in the end user machine to support complete Mac management from deploying configurations to initiating remote sessions. A modern profile has to be deployed to all machines managed with Desktop Central after the following prerequisites are met.

Prerequisites (for Mac devices):

The following steps will explain you on how to deploy modern profiles to Mac devices.

Configuring NAT settings

You need to configure NAT settings to manage Desktop & Roaming Users (laptops) which might be out of the reach of your corporate network. This ensures the communication from Desktop & Roaming Users via internet reaches the Central server . NAT settings can be configured in this path: Admin tab > Server Settings > NAT Settings.

Uploading an APNS Certificate

All communication between the Modern Profile and Apple devices are routed through the APNS certificate. An APNS certificate is required to secure this communication. Assure a corporate ID is used to create a certificate, as it has to be renewed in a year. Learn more on creating and uploading a APNS certificate.

Installing modern profile

If the above prerequisites are met, the end user will be prompted via a notification window to install the modern profile on their device. The end user has to approve to let Desktop Central manage their Mac device.

How does this Notification window work?

  • Notification window will pop-up on Desktop central agent machines to install the Modern Profile.
  • End-user needs to be an Administrator to install the Modern Profile.
  • If the end-user is a standard user, Desktop central Agent will promote the standard user as "Profiles Administrator" so that they can install the modern profile. The 'Profiles Administrator' permission will be automatically revoked after 100 seconds.

    • Modern profile enrolment

  • The Notification window also provides a "Remind me Later" option that allows End-user to skip the installation for 90 minutes for a maximum of 3 time(s).
  • If the end user doesn't install the modern profile in those 3 attempts, then it proceeds to a forced installation where the end user is bound to install the modern profile (MDM profile) without any options to ignore or close the notification window. On clicking 'Enroll Now' the following shows up:

    • Unverified profile

  • The administrator has to enter the credentials as shown below. This step will skipped for standard users.

    • Unverified credentials

  • Here's the preview upon successfully installing the modern profile.

    • Verified profile and agent