barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

Features > Device Configurations & Restrictions

Configuration profiles

Updated on December 5th, 2023

Configuration profiles are intended for managing the settings or configurations of different device features in a remote and centralized way. Each configuration profile defines a range of settings concerning a specific feature. Each device can have multiple configuration profiles assigned to it.

For example, you can create a configuration profile that sets the device's Wi-Fi, data roaming, or email settings or prevents the user from using the platform-specific application store or certain unwanted applications on the device.

In the video below, we demonstrate how you can create a configuration profile with a list of contacts to be deployed on managed Android devices.

YouTube video

The benefit of configuration profiles is that you don't always have to configure the settings for each device again, but instead you can store the settings, and then deploy them to other devices as well - even automatically with business policies. You only need to select what settings you wish to deploy, and what are devices where the settings should be applied to. The configuration profiles provide an easy way to enforce company policies and standardize the settings considering different device features in all managed devices.

What can be configured with the configuration profiles?

The features which can be configured using the configuration profiles vary to some extent between the different device platforms (Android, iOS, macOS, Windows 10, and Windows 11). There can also be some minor differences in how the settings of some device features are configured on different platforms. Here's a shortlist of features that can be configured remotely using Miradore's configuration profiles.

 

Configuration profile Android iOS macOS Windows 10/11
Activation lock - Yes** - -
Application allowlist Yes* Yes** - -
Application blocklist Yes* Yes** - -
Application update policy Yes Yes Yes -
Contacts Yes - - -
Custom settings - Yes Yes Yes
Email Yes* Yes - -
Device encryption Yes - - -
Disk encryption - - Yes Yes
Kiosk mode Yes Yes** - -
Location tracking Yes Yes - -
Mail for Exchange Yes* Yes - Yes
Passcode Yes Yes - -
Password policy for local accounts - - Yes Yes
Restrictions Yes Yes Yes -
Roaming configuration Yes Yes - -
Shared iPad - Yes** - -
Storage card - - - -
System update policy Yes - - -
Wallpaper Yes Yes** - -
Web content filter - Yes** - -
Web shortcut Yes Yes - -
Wi-Fi Yes Yes - Yes
Windows Update - - - Yes
VPN - Yes Yes -

* Supported on Samsung's Android devices with Android 4.2 or later and Samsung KNOX.

** Supported on Supervised Apple iOS devices.

Details of the configurable device features for each device platform are explained below.

Configuration profiles for iOS

Activation lock

This controls whether the activation lock is enabled when users turn on Find My iPhone. Activation lock restricts anyone else from using the lost device.

For further details please see the Activation lock article.

Application blocklist

The Application blocklist (formerly known as blacklist) configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Further information about application block/allowlisting for iOS.

Please note that the profile requires that devices are Supervised. This is supported on iOS 9.3 and later. Application blocklisting also requires the Miradore Premium plan.

Application allowlist

The Application allowlist (formerly known as whitelist) configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Further information about application block/allowlisting for iOS.

Please note that the profile requires that devices are Supervised. This is supported on iOS 9.3 and later. Application allowlisting also requires the Miradore Premium plan.

Application update policy

The application update policy is a device-specific configuration profile that enables you to control the automatic updating of applications installed via the Apple App Store or Apple Business/School Manager.

For further details, please read Application update policy for iPhones and iPads.

Custom settings

You can extend and customize Miradore's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with Miradore.

For further details please read Custom configuration profiles for iOS devices.

Device encryption

iOS devices encrypt their memory automatically when a device passcode is activated.

Please note this is not an actual configuration profile.

Email configuration

The email configuration profile lets you define settings for POP or IMAP email accounts from many email providers, such as Gmail, iCloud, Office365, Outlook, Yahoo!, and many others. This requires the Miradore Premium plan

Kiosk mode

The kiosk mode can be used to force an iOS device to run in a single app mode. You can define the application operating and specify which device hardware buttons are active. Kiosk mode cannot be removed by the end-user. Read more about Kiosk mode for iOS.

Please note that the target device must be in Supervised mode.

Location tracking

The location tracking configuration profile can be used to enable location tracking in managed devices. This feature is only available to customers who have Miradore paid subscription plan.

When the location tracking profile is deployed to a device, the Miradore client is installed from the App Store and starts to collect and report location data to the Miradore server. The last known location of the device can be seen by opening the device page.

Mail for Exchange

The Mail for Exchange configuration profile allows you to define the settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.

Please note that when you make a modification to the Mail for Exchange configuration profile (for example: Changing the syncing intervals of past emails from 1 week to 1 month), the mail account will be returned to the default settings because of Apple's policy. Therefore, the end-user is prompted to re-input their password for the account by hand. Even if the device states "Cannot Get Mail" - The connection to the server failed". -- Press OK. It should work properly again after that message.

This requires the Miradore Premium plan.

Passcode

The passcode configuration profile can be used to control the use of the device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.

Restrictions

The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple iOS devices. These include the use of the camera, YouTube, the installation of applications, and many other features.

In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.

See Restrictions for iOS for further information.

Roaming

Use the roaming configuration profile to define whether device(s) are allowed to use data connections when roaming outside of the regular carrier’s network and when other local carrier network(s) are available.

Please note that this is only supported on iOS versions 5 and later.

Shared iPad

The Shared iPad configuration profile is meant for the supervised iOS devices in multi-user mode. With the profile you can limit the device use to temporary sessions (guest mode) and set timeout for inactive temporary and Managed Apple ID user sessions.

  • Available in iOS 14.5 and above.

Learn more about Shared iPads.

Virtual private network (VPN)

Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings. This requires the Miradore Premium plan.

Wallpaper

Use the wallpaper configuration profile to change the wallpaper of the devices.

Requirements:

  • Available in iOS 8.0 and later. Requires that devices are Supervised.

For further details, see iOS wallpaper documentation.

Web content filter

The web content filter configuration profile allows you to allowlist and blocklist specific web URLs and restrict users' access to configured web pages.

Requirements:

  • Requires that devices are Supervised.

For further details, see iOS web content filter documentation.

Web clip

The web clip configuration profile can be used to create bookmarks on the device's home screen.

Wi-Fi

Wi-Fi configuration profiles can be used to deploy wireless network settings to managed devices. This requires the Miradore Premium plan.

Configuration profiles for Android

Always-on VPN

Always-on VPN can be used to automate and force the VPN connection on a device. Further information can be found from Always on VPN for Android article considering the configuration profile.

Application blocklist (Samsung)

The Application blocklist configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Here is some further information about application block/allowlisting for Android.

Please note that this profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.

Application allowlist (Samsung)

The Application allowlist configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Here is some further information about the application block/allowlisting for Android.

Please note that this profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.

Application update policy

The application update policy is a device-specific configuration profile that enables you to control the automatic updating of enterprise-managed apps on an Android device. The application update policy affects all managed Google Play apps on the device.

For more details, please read the Application update policy for managed Android Google Play apps article.

Contacts configuration

Use the contacts configuration profile to import contacts to the managed Android devices.

Requirements:

  • Minimum Miradore Online client version 2.6.3.
  • The Miradore Premium plan.

For further details, see Contacts for Android.

Email (Samsung)

Use the email configuration profile to define settings for POP or IMAP email accounts. Please select the email service you want to configure. This requires the Miradore Premium plan.

Device encryption

The device encryption configuration profile can be used to enable encryption for the device storage. Here is some further information about device encryption for Android.

Please note that after the encryption is enabled, it cannot be disabled.

Kiosk mode (Samsung)

The kiosk mode configuration profile can be used to restrict the device user from leaving a specified home screen application. The device user will be unable to change device settings or run other applications. In addition, the use of some of a device's hardware buttons can be prevented.

Please note that the kiosk settings will function properly only on Samsung devices that run the Android operating system version 4.2 or later.

Location tracking

The location tracking configuration profile can be used to enable location tracking in managed devices. This feature is only available to Miradore paid plan customers.

When the location tracking profile is deployed to a device, it starts to collect and report location data to the Miradore server. The last known location of the device can be seen by opening the device page

Mail for Exchange

The Mail for Exchange configuration profile allows you to define the settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.

Please note that this configuration profile will function properly only on Samsung KNOX-enabled devices running Android operating system version 4.2 or later. This requires the Miradore Premium plan.

Passcode configuration

The Passcode configuration profile can be used to control the use of device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.

Restrictions

The restrictions configuration profile allows the administrator to disable certain device features altogether. When a feature is disabled, the end-user can no longer modify the state of the said feature without the administrator first removing the profile.

See Restrictions for Android for more information.

Please note that this configuration profile will function properly only on Samsung KNOX-enabled devices running Android operating system version 4.2 or later.

Roaming

For Android devices, use the Restrictions configuration profile to define roaming settings.

System update policy

With the Android system update policy, administrators can control the installation of system updates remotely. They can, for example, specify a maintenance window during which the devices are allowed to install the updates without user interaction.

For further details, see the Android system update policy.

Web shortcut

The web shortcut configuration profile can be used to create bookmarks on the device's home screen. Currently the recommended approach to deploying web shortcuts is to do it through the managed Google Play Store. See Managing web apps for Android Enterprise devices for further details.

Wi-Fi

The Wi-Fi configuration profiles can be used to deploy wireless network settings to managed devices. This requires the Miradore Premium plan.

Configuration profiles for macOS

Application update policy

The application update policy is a device-specific configuration profile that enables you to control the automatic updating of Mac software installed via Apple Business/School Manager.

For more details, please read the Application update policy for Mac software.

Custom settings

You can extend and customize Miradore's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with Miradore.

For more details, please read Custom configuration profiles for Macs.

Disk encryption

FileVault is a disk encryption program in macOS systems that can be used to encrypt the system disk on macOS devices on the fly. With the FileVault configuration profile, you can enforce the activation of FileVault disk encryption for Miradore-managed macOS devices.

For more details, please read FileVault disk encryption for macOS systems.

Password policy for local users

With the Password configuration profile, you can set standards for the use of the login password on the managed Macs.

For more details, please see the MacOS password policy for local users.

Restrictions

The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple macOS devices. These include the use of the camera, Game center, password auto-fill, fingerprint unlock, document sync with iCloud, and many others.

In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.

See Restrictions for macOS for more information.

Virtual private network (VPN)

Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings. This requires the Miradore Premium plan.

Configuration profiles for Windows 10 and Windows 11

Custom settings

You can extend and customize Miradore's management capabilities by building and deploying custom configuration service provider (CSP) policies with Miradore.

For more details, please read Custom policy configurations for Windows 10/11.

Disk encryption

Encryption is a way to protect your system against unauthorized access and keep your data safe and secure. With the BitLocker configuration profile, you can encrypt only the C drive or all fixed drives on your Windows computers.

For more details, please read the BitLocker disk encryption for Windows.

Mail for Exchange

Use the Mail for Exchange configuration profile to define the settings for creating Mail for Exchange accounts for devices running Windows 10/11. This requires the Miradore Premium plan.

Password policy for local accounts

With the Password configuration profile, you can set standards for the use of the login password on the Windows 10/11 computers managed by your organization.

For more details, please see the Windows 10 password policy for local accounts.

Wi-Fi

Use the Wi-Fi configuration profile to define the settings for connecting to known wireless local area networks. This requires the Miradore Premium plan.

Windows Update

Use the Windows Update configuration profile to deploy update policies and general update settings to your managed Windows 10/11 devices.

For further details, see How to deploy Windows update settings.

 

More information:

How to create a configuration profile

How to deploy configuration profile(s)

How to delete configuration profile(s)

  • This field is for validation purposes and should be left unchanged.

Next Article:
»