Configuration profiles are intended for managing the settings or configurations of different device features in a remote and centralized way. Each configuration profile defines a range of settings concerning a specific feature. Each device can have multiple configuration profiles assigned to it.
For example, you can create a configuration profile that sets the device's Wi-Fi, data roaming, or email settings or prevents the user from using the platform-specific application store or certain unwanted applications on the device.
In the video below, we demonstrate how you can create a configuration profile with a list of contacts to be deployed on managed Android devices.
The benefit of configuration profiles is that you don't always have to configure the settings for each device again, but instead you can store the settings, and then deploy them to other devices as well - even automatically with business policies. You only need to select what settings you wish to deploy, and what are devices where the settings should be applied to. Therefore, the configuration profiles provide an easy way to enforce company policies and to standardize the settings considering different device features in all managed devices.
What can be configured with the configuration profiles
The features which can be configured using the configuration profiles vary to some extent between the different device platforms (Android, iOS, macOS, Windows 10, Windows 11). There can also be some minor differences in how the settings of some device features are configured on different platforms. Here's a shortlist of features that can be configured remotely using Miradore's configuration profiles.
Configuration profile | Android | iOS | macOS | Windows 10/11 |
Activation lock | - | Yes** | - | - |
Application allowlist/whitelist | Yes* | Yes** | - | - |
Application blocklist/blacklist | Yes* | Yes** | - | - |
Application update policy | Yes | Yes | Yes | - |
Contacts | Yes | - | - | - |
Custom settings | - | Yes | Yes | Yes |
Yes* | Yes | - | - | |
Device encryption | Yes | - | - | - |
Disk encryption | - | - | Yes | Yes |
Kiosk mode | Yes | Yes** | - | - |
Location tracking | Yes | Yes | - | - |
Mail for Exchange | Yes* | Yes | - | Yes |
Passcode | Yes | Yes | - | - |
Password policy for local accounts | - | - | Yes | Yes |
Restrictions | Yes | Yes | Yes | - |
Roaming configuration | Yes | Yes | - | - |
Storage card | - | - | - | - |
System update policy | Yes | - | - | - |
Wallpaper | Yes | Yes** | - | - |
Web content filter | - | Yes** | - | - |
Web shortcut | Yes | Yes | - | - |
Wi-Fi | Yes | Yes | - | Yes |
Windows Update | - | - | - | Yes |
VPN | - | Yes | Yes | - |
* Supported on Samsung's Android devices with Android 4.2 or later and Samsung KNOX.
** Supported on Supervised Apple iOS devices.
Details of the configurable device features per each device platform are explained below.
Configuration profiles for iOS
Activation lock
This controls whether the activation lock is enabled when users turn on Find My iPhone. Activation lock restricts anyone else using the lost device.
For further details, see Activation lock documentation.
Application blacklist
The Application blacklist configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Here is some further information about application black/whitelisting for iOS.
Note: This profile requires that devices are Supervised. This is supported on iOS 9.3 and later. Application blacklisting also requires the Miradore Premium Plan.
Application whitelist
The Application whitelist configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Here is some further information about application black/whitelisting for iOS.
Note: This profile requires that devices are Supervised. This is supported on iOS 9.3 and later. Application whitelisting also requires the Miradore Premium Plan.
Application update policy
The application update policy is a device-specific configuration profile that enables you to control the automatic updating of applications installed via the Apple App Store or Apple Business/School Manager.
For more details, please read the Application update policy for iPhones and iPads.
Custom settings
You can extend and customize Miradore's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with Miradore.
For more details, please read Custom configuration profiles for iOS devices.
Device encryption
iOS devices encrypt their memory automatically when a device passcode is activated.
Note: This is not an actual configuration profile.
Email configuration profile lets you define settings for POP or IMAP email accounts from many email providers, such as Gmail, iCloud, Office365, Outlook, Yahoo!, and many others.
Kiosk
Kiosk mode can be used to force an iOS device to run in a single app mode. You can define the application to be run and specify which device hardware buttons are active. Kiosk mode cannot be removed by the end-user. You can read more from: Kiosk mode for iOS.
Note: The target device must be in Supervised mode.
Location tracking
The location tracking configuration profile can be used to enable location tracking in managed devices. This feature is only available to customers who have Miradore paid subscription plan.
When the location tracking profile is deployed to a device, the Miradore client is installed from the App Store and starts to collect and report location data to the Miradore server. The last known location can be seen by opening the device page.
Mail for Exchange
The Mail for Exchange configuration profile allows to define settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.
Note! When you make a modification to the Mail for Exchange configuration profile (for example: Changing the syncing intervals of past emails from 1 week to 1 month), the mail account will be returned to the default settings because of Apple's policy. Therefore, the end-user is prompted to re-input their password for the account by hand. Even if the device states "Cannot Get Mail" - The connection to the server failed". – press OK. It should work properly again after that message.
Passcode
The passcode configuration profile can be used to control the use of the device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.
Restrictions
The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple iOS devices. These include the use of the camera, YouTube, installation of applications, and many others.
In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.
See Restrictions for iOS for more information.
Roaming
Use the roaming configuration profile to define whether device(s) are allowed to use data connections when roaming outside of the regular carrier’s network and when other local carrier network(s) are available.
Note: Supported on iOS versions 5 and newer.
VPN
Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings.
Wallpaper
Use the wallpaper configuration profile to change the wallpaper of the devices.
Requirements:
- Available in iOS 8.0 and later. Requires that devices are Supervised.
For further details, see iOS wallpaper documentation.
Web content filter
The web content filter configuration profile allows you to whitelist and blacklist specific web URLs and restrict user's access to configured web pages.
Requirements:
- Requires that devices are Supervised.
For further details, see iOS web content filter documentation.
Web clip
The web clip configuration profile can be used to create bookmarks on the device's home screen.
Wi-Fi
Wi-Fi configuration profiles can be used to deploy wireless network settings to managed devices.
Configuration profiles for Android
Always-on VPN
Always-on VPN can be used to automate and force the VPN connection on a device. Further information can be found from the article considering the configuration profile.
Application blacklist (Samsung)
The Application blacklist configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Here is some further information about application black/whitelisting for Android.
Note: This profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.
Application whitelist (Samsung)
The Application whitelist configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Here is some further information about the application black/whitelisting for Android.
Note: This profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.
Application update policy
The application update policy is a device-specific configuration profile that enables you to control the automatic updating of enterprise-managed apps on an Android device. The application update policy affects all managed Google Play apps on the device.
For more details, please read the Application update policy for managed Android Google Play apps.
Contacts
Use the contacts configuration profile to import contacts to the managed Android devices.
Requirements:
- Minimum Miradore Online client version 2.6.3.
For further details, see documentation.
Email (Samsung)
Use the email configuration profile to define settings for POP or IMAP email accounts. Please select the email service you want to configure.
Device encryption
The device encryption configuration profile can be used to enable encryption for the device storage. Here is some further information about device encryption for Android.
Note: After encryption is enabled, it cannot be disabled.
Kiosk mode (Samsung)
The kiosk mode configuration profile can be used to restrict the device user from leaving a specified home screen application. The device user will be unable to change device settings or run other applications. In addition, the use of some of a device's hardware buttons can be prevented.
Note: The kiosk settings will function properly only on Samsung devices that run the Android operating system version 4.2 or later.
Location tracking
The location tracking configuration profile can be used to enable location tracking in managed devices. This feature is only available to Miradore paid plan customers.
When the location tracking profile is deployed to a device, it starts to collect and report location data to the Miradore server. The last known location can be seen by opening the device page
Mail for Exchange
The Mail for Exchange configuration profile allows to define settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.
Note: This configuration profile will function properly only on Samsung KNOX enabled devices running Android operating system version 4.2 or later.
Passcode
The Passcode configuration profile can be used to control the use of device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.
Restrictions
The restrictions configuration profile allows the administrator to disable certain device features altogether. When a feature is disabled, the end-user can no longer modify the state of the said feature without the administrator first removing the profile.
See Restrictions for Android for more information.
Note: This configuration profile will function properly only on Samsung KNOX enabled devices running Android operating system version 4.2 or later.
Roaming
For Android devices, use the Restrictions configuration profile to define roaming settings.
System update policy
With the Android system update policy, administrators can control the installation of system updates remotely. They can, for example, specify a maintenance window during which the devices are allowed to install the updates without user interaction.
For further details, see the Android system update policy.
Web shortcut
The web shortcut configuration profile can be used to create bookmarks on the device's home screen. Nowadays, however, the more recommended approach to deploy web shortcuts is to do it through the managed Google Play Store. See Managing web apps for Android Enterprise devices for more details.
Wi-Fi
Wi-Fi configuration profiles can be used to deploy wireless network settings to managed devices. Wi-Fi configuration profile is not supported for legacy-enrolled (light enrollment) Android 10 devices which are managed using the device administrator method.
Configuration profiles for macOS
Application update policy
The application update policy is a device-specific configuration profile that enables you to control the automatic updating of Mac software installed via Apple Business/School Manager.
For more details, please read the Application update policy for Mac software.
Custom settings
You can extend and customize Miradore's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with Miradore.
For more details, please read Custom configuration profiles for Macs.
Disk encryption
FileVault is a disk encryption program in macOS systems that can be used to encrypt the system disk on macOS devices on the fly. With the FileVault configuration profile, you can enforce the activation of FileVault disk encryption for Miradore-managed macOS devices.
For more details, please read FileVault disk encryption for macOS systems.
Password policy for local users
With the Password configuration profile, you can set standards for the use of the login password on the managed Macs.
For more details, please see the MacOS password policy for local users.
Restrictions
The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple macOS devices. These include the use of the camera, Game center, password auto-fill, fingerprint unlock, document sync with iCloud, and many others.
In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.
See Restrictions for macOS for more information.
VPN
Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings.
Configuration profiles for Windows 10 and Windows 11
Custom settings
You can extend and customize Miradore's management capabilities by building and deploying custom configuration service provider (CSP) policies with Miradore.
For more details, please read Custom policy configurations for Windows 10/11.
Disk encryption
Encryption is a way to protect your system against unauthorized access and keep your data safe and secure. With the BitLocker configuration profile, you can encrypt only the C drive or all fixed drives on your Windows computers.
For more details, please read the BitLocker disk encryption for Windows.
Mail for Exchange
Use the Mail for Exchange configuration profile to define the settings for creating Mail for Exchange accounts to devices running Windows 10/11.
Password policy for local accounts
With the Password configuration profile, you can set standards for the use of the login password on the Windows 10/11 computers managed by your organization.
For more details, please see the Windows 10 password policy for local accounts.
Wi-Fi
Use the Wi-Fi configuration profile to define the settings for connecting to known wireless local area networks.
Windows Update
Use the Windows Update configuration profile to deploy update policies and general update settings to your managed Windows 10/11 devices.
For further details, see How to deploy Windows update settings.
More information:
How to create a configuration profile
How to deploy configuration profile(s)
How to delete configuration profile(s)
Have feedback on this article? Please share it with us!
Next Article:
Creating a Configuration Profile »