Configuration profiles are intended for managing the settings or configurations of different device features in a remote and centralized way. Each configuration profile defines a range of settings concerning a specific feature. Each device can have multiple configuration profiles assigned to it.
For example, you can create a configuration profile that sets the device's Wi-Fi, data roaming, or email settings or prevents the user from using the platform-specific application store or certain unwanted applications on the device.
In the video below, we demonstrate how you can create a configuration profile with a list of contacts to be deployed on managed Android devices.
The benefit of configuration profiles is that you don't always have to configure the settings for each device again, but instead you can store the settings, and then deploy them to other devices as well - even automatically with business policies. You only need to select what settings you wish to deploy, and what are devices where the settings should be applied to. The configuration profiles provide an easy way to enforce company policies and standardize the settings considering different device features in all managed devices.
What can be configured with the configuration profiles?
The features which can be configured using the configuration profiles vary to some extent between the different device platforms (Android, iOS, macOS, Windows 10, and Windows 11). There can also be some minor differences in how the settings of some device features are configured on different platforms. Here's a shortlist of features that can be configured remotely using Miradore's configuration profiles.
| Configuration profile | Android | iOS | macOS | Windows 10/11 |
| Activation lock | - | Yes** | - | - |
| Application allowlist | Yes* | Yes** | - | - |
| Application blocklist | Yes* | Yes** | - | - |
| Application update policy | Yes | Yes | Yes | - |
| Contacts | Yes | - | - | - |
| Custom settings | - | Yes | Yes | Yes |
| Yes* | Yes | - | - | |
| Device encryption | Yes | - | - | - |
| Disk encryption | - | - | Yes | Yes |
| Kiosk mode | Yes | Yes** | - | - |
| Location tracking | Yes | Yes | - | - |
| Mail for Exchange | Yes* | Yes | - | Yes |
| Passcode | Yes | Yes | - | - |
| Password policy for local accounts | - | - | Yes | Yes |
| Restrictions | Yes | Yes | Yes | - |
| Roaming configuration | Yes | Yes | - | - |
| Shared iPad | - | Yes** | - | - |
| Storage card | - | - | - | - |
| System update policy | Yes | - | - | - |
| Wallpaper | Yes | Yes** | - | - |
| Web content filter | - | Yes** | - | - |
| Web shortcut | Yes | Yes | - | - |
| Wi-Fi | Yes | Yes | - | Yes |
| Windows Update | - | - | - | Yes |
| VPN | - | Yes | Yes | - |
* Supported on Samsung's Android devices with Android 4.2 or later and Samsung KNOX.
** Supported on Supervised Apple iOS devices.
Details of the configurable device features for each device platform are explained below.
Configuration profiles for iOS
Activation lock
This controls whether the activation lock is enabled when users turn on Find My iPhone. Activation lock restricts anyone else from using the lost device.
For further details please see the Activation lock article.
Application blocklist
The Application blocklist (formerly known as blacklist) configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Further information about application block/allowlisting for iOS.
Please note that the profile requires that devices are Supervised. This is supported on iOS 9.3 and later. Application blocklisting also requires the Miradore Premium Plan.
Application allowlist
The Application allowlist (formerly known as whitelist) configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Further information about application block/allowlisting for iOS.
Please note that the profile requires that devices are Supervised. This is supported on iOS 9.3 and later. Application allowlisting also requires the Miradore Premium Plan.
Application update policy
The application update policy is a device-specific configuration profile that enables you to control the automatic updating of applications installed via the Apple App Store or Apple Business/School Manager.
For further details, please read Application update policy for iPhones and iPads.
Custom settings
You can extend and customize Miradore's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with Miradore.
For further details please read Custom configuration profiles for iOS devices.
Device encryption
iOS devices encrypt their memory automatically when a device passcode is activated.
Please note this is not an actual configuration profile.
Email configuration
The email configuration profile lets you define settings for POP or IMAP email accounts from many email providers, such as Gmail, iCloud, Office365, Outlook, Yahoo!, and many others.
Kiosk mode
The kiosk mode can be used to force an iOS device to run in a single app mode. You can define the application operating and specify which device hardware buttons are active. Kiosk mode cannot be removed by the end-user. Read more about Kiosk mode for iOS.
Please note that the target device must be in Supervised mode.
Location tracking
The location tracking configuration profile can be used to enable location tracking in managed devices. This feature is only available to customers who have Miradore paid subscription plan.
When the location tracking profile is deployed to a device, the Miradore client is installed from the App Store and starts to collect and report location data to the Miradore server. The last known location of the device can be seen by opening the device page.
Mail for Exchange
The Mail for Exchange configuration profile allows you to define the settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.
Please note that when you make a modification to the Mail for Exchange configuration profile (for example: Changing the syncing intervals of past emails from 1 week to 1 month), the mail account will be returned to the default settings because of Apple's policy. Therefore, the end-user is prompted to re-input their password for the account by hand. Even if the device states "Cannot Get Mail" - The connection to the server failed". -- Press OK. It should work properly again after that message.
Passcode
The passcode configuration profile can be used to control the use of the device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.
Restrictions
The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple iOS devices. These include the use of the camera, YouTube, the installation of applications, and many other features.
In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.
See Restrictions for iOS for further information.
Roaming
Use the roaming configuration profile to define whether device(s) are allowed to use data connections when roaming outside of the regular carrier’s network and when other local carrier network(s) are available.
Please note that this is only supported on iOS versions 5 and later.
Shared iPad
The Shared iPad configuration profile is meant for the supervised iOS devices in multi-user mode. With the profile you can limit the device use to temporary sessions (guest mode) and set timeout for inactive temporary and Managed Apple ID user sessions.
- Available in iOS 14.5 and above.
Learn more about Shared iPads.
Virtual private network (VPN)
Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings.
Wallpaper
Use the wallpaper configuration profile to change the wallpaper of the devices.
Requirements:
- Available in iOS 8.0 and later. Requires that devices are Supervised.
For further details, see iOS wallpaper documentation.
Web content filter
The web content filter configuration profile allows you to allowlist and blocklist specific web URLs and restrict users' access to configured web pages.
Requirements:
- Requires that devices are Supervised.
For further details, see iOS web content filter documentation.
Web clip
The web clip configuration profile can be used to create bookmarks on the device's home screen.
Wi-Fi
Wi-Fi configuration profiles can be used to deploy wireless network settings to managed devices.
Configuration profiles for Android
Always-on VPN
Always-on VPN can be used to automate and force the VPN connection on a device. Further information can be found from Always on VPN for Android article considering the configuration profile.
Application blocklist (Samsung)
The Application blocklist configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Here is some further information about application block/allowlisting for Android.
Please note that this profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.
Application allowlist (Samsung)
The Application allowlist configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Here is some further information about the application block/allowlisting for Android.
Please note that this profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.
Application update policy
The application update policy is a device-specific configuration profile that enables you to control the automatic updating of enterprise-managed apps on an Android device. The application update policy affects all managed Google Play apps on the device.
For more details, please read the Application update policy for managed Android Google Play apps article.
Contacts configuration
Use the contacts configuration profile to import contacts to the managed Android devices.
Requirements:
- Minimum Miradore Online client version 2.6.3.
For further details, see Contacts for Android.
Email (Samsung)
Use the email configuration profile to define settings for POP or IMAP email accounts. Please select the email service you want to configure.
Device encryption
The device encryption configuration profile can be used to enable encryption for the device storage. Here is some further information about device encryption for Android.
Please note that after the encryption is enabled, it cannot be disabled.
Kiosk mode (Samsung)
The kiosk mode configuration profile can be used to restrict the device user from leaving a specified home screen application. The device user will be unable to change device settings or run other applications. In addition, the use of some of a device's hardware buttons can be prevented.
Please note that the kiosk settings will function properly only on Samsung devices that run the Android operating system version 4.2 or later.
Location tracking
The location tracking configuration profile can be used to enable location tracking in managed devices. This feature is only available to Miradore paid plan customers.
When the location tracking profile is deployed to a device, it starts to collect and report location data to the Miradore server. The last known location of the device can be seen by opening the device page
Mail for Exchange
The Mail for Exchange configuration profile allows you to define the settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.
Please note that this configuration profile will function properly only on Samsung KNOX-enabled devices running Android operating system version 4.2 or later.
Passcode configuration
The Passcode configuration profile can be used to control the use of device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.
Restrictions
The restrictions configuration profile allows the administrator to disable certain device features altogether. When a feature is disabled, the end-user can no longer modify the state of the said feature without the administrator first removing the profile.
See Restrictions for Android for more information.
Please note that this configuration profile will function properly only on Samsung KNOX-enabled devices running Android operating system version 4.2 or later.
Roaming
For Android devices, use the Restrictions configuration profile to define roaming settings.
System update policy
With the Android system update policy, administrators can control the installation of system updates remotely. They can, for example, specify a maintenance window during which the devices are allowed to install the updates without user interaction.
For further details, see the Android system update policy.
Web shortcut
The web shortcut configuration profile can be used to create bookmarks on the device's home screen. Currently the recommended approach to deploying web shortcuts is to do it through the managed Google Play Store. See Managing web apps for Android Enterprise devices for further details.
Wi-Fi
The Wi-Fi configuration profiles can be used to deploy wireless network settings to managed devices. Wi-Fi configuration profile is not supported for legacy-enrolled (light enrollment) Android 10 devices which are managed using the device administrator method.
Configuration profiles for macOS
Application update policy
The application update policy is a device-specific configuration profile that enables you to control the automatic updating of Mac software installed via Apple Business/School Manager.
For more details, please read the Application update policy for Mac software.
Custom settings
You can extend and customize Miradore's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with Miradore.
For more details, please read Custom configuration profiles for Macs.
Disk encryption
FileVault is a disk encryption program in macOS systems that can be used to encrypt the system disk on macOS devices on the fly. With the FileVault configuration profile, you can enforce the activation of FileVault disk encryption for Miradore-managed macOS devices.
For more details, please read FileVault disk encryption for macOS systems.
Password policy for local users
With the Password configuration profile, you can set standards for the use of the login password on the managed Macs.
For more details, please see the MacOS password policy for local users.
Restrictions
The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple macOS devices. These include the use of the camera, Game center, password auto-fill, fingerprint unlock, document sync with iCloud, and many others.
In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.
See Restrictions for macOS for more information.
Virtual private network (VPN)
Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings.
Configuration profiles for Windows 10 and Windows 11
Custom settings
You can extend and customize Miradore's management capabilities by building and deploying custom configuration service provider (CSP) policies with Miradore.
For more details, please read Custom policy configurations for Windows 10/11.
Disk encryption
Encryption is a way to protect your system against unauthorized access and keep your data safe and secure. With the BitLocker configuration profile, you can encrypt only the C drive or all fixed drives on your Windows computers.
For more details, please read the BitLocker disk encryption for Windows.
Mail for Exchange
Use the Mail for Exchange configuration profile to define the settings for creating Mail for Exchange accounts for devices running Windows 10/11.
Password policy for local accounts
With the Password configuration profile, you can set standards for the use of the login password on the Windows 10/11 computers managed by your organization.
For more details, please see the Windows 10 password policy for local accounts.
Wi-Fi
Use the Wi-Fi configuration profile to define the settings for connecting to known wireless local area networks.
Windows Update
Use the Windows Update configuration profile to deploy update policies and general update settings to your managed Windows 10/11 devices.
For further details, see How to deploy Windows update settings.
More information:
How to create a configuration profile
How to deploy configuration profile(s)
How to delete configuration profile(s)
Have feedback on this article? Please share it with us!
Next Article:
Creating a configuration profile »