Home / Software / How-To
Working Mac

A primer in Profile Manager: Payloads for iOS devices part 1

Working Mac
By Jeffery Battersby, FEB 23, 2016 9:00 pm PST

This is episode 13 in our series on setting up and managing devices using Server’s Profile Manager service.

If you’re just tuning in now, you’ll want to look at:

Over the last several weeks we’ve only been working with Mac OS devices, we haven’t yet enrolled or pushed configurations out to an iOS devices, until today.

Setting up your iOS device to use Profile Manager

You may recall from episode eight in this series that we needed to make sure that your soon-to-be-managed devices needed to have access to your DNS servers in order for Profile Manager to work properly. If your wireless network DNS servers already know about your Profile Manager server, you can skip the following steps. But, if your Profile Manager server is the only server in your network that knows about your Profile Manager server, you’ll need to make some changes to DNS on your iOS device before you can enroll it in Profile Manager.

Change DNS on your iOS device

To change DNS on your iOS device:

  1. Open the Settings app.
  2. Tap the Wi-Fi setting.Verify that the Wi-Fi network you’re connected to is on the same network as your Profile Manager server.
  3. Tap the Info button that appears next to your connected Wi-Fi network.
    1
  4. Tap in the DNS field and change your DNS server to the server the has a DNS record for your Profile Manager server.
    3

Enroll your iOS device in Profile Manager

Now that DNS is correct, you can enroll your iOS device in Profile Manager.

  1. On your iOS device, open Safari and navigate to the My Devices portal for your Profile Manager server: yourserver.yourdomain.com/mydevices
  2. Authenticate as one of the users you created in Add Users, Enable Device Management.
    4
  3. Tap the Profiles tab in the My Devices portal.
    5
  4. Type Install in the resulting Install Profiles screen.
    6
  5. Enter your device passcode and click Done.
    7
  6. Click Install when you see the Warning screen.
    8
  7. Click Install when you see the Install Profile confirmation window.
    9
  8. Tap the Devices tab.
  9. Tap the Enroll button for your iOS device.
    10
  10. Tap the Install button when the Install Profile screen appears.
    11
  11. Enter your passcode and tap done.
  12. Tap Install when you see the warning window.
    13
  13. Tap Trust when the Remote Management confirmation appears.
    14
  14. Tap Done when the Profile Installed window appears.
    15
    When this process is complete, My Devices in Safari should now include your iOS device as one of your devices.
    16

Your device has been successfully enrolled in Profile Manager. To verify that the device is enrolled and assigned to the correct user:

  1. Log into Profile Manager as an administrative user.
  2. Select Users from the Profile Manager sidebar.
  3. Select the user whose device you just enrolled.
  4. Click the Devices tab for that user and verify that newly added device is associated with that user.
    17

Restrictions payload

As was the case with the Restrictions payload on the Mac, the Restrictions payload for iOS devices lets you control access to features of both iOS software and specific hardware features available in iOS devices. As you look through the list of available restrictions you should notice that many of these restrictions include a parenthetical supervised only. Supervised devices are devices you are also managing using Apple Configurator. Apple Configurator is designed for managing and configuring multiple devices simultaneously. Using Profile Manager and Apple Configurator together allows you to have more control over your iOS devices.

18

For this episode, we’ll lock down a few features so you can see how this works. But first, let’s take a look at the settings we’re going to lock down.

Camera and Siri

  1. On your managed iOS device, locate the Camera app and make sure it’s on iOS device’s first home screen.
  2. Tap it once to open it and make sure it works.
  3. Click and hold your Home button to see if Siri is working. (For giggles, feel free to ask Siri to open the Camera app.)If Siri isn’t on:
  4. Open your iOS device’s Settings app.
  5. Tap the General setting.
  6. Locate and tap the Siri setting.
  7. Slide the Siri switch to On.
    19
  8. Locate the iTunes Store app and make sure it’s on your managed device’s first Home screen.

Configure restrictions

  1. Log into Profile Manager using and administrative password by navigating to: yourserver.yourdomain.com/profilemanager
  2. Select Devices in the Profile Manager sidebar.
  3. Select the device you just enrolled in Profile Manager.
  4. Click the Settings tab.
  5. Click the Edit button.
  6. Locate and select Restrictions in the Payloads sidebar.
  7. Click the Configure button.Note that there are three tabs at the top of the settings: Functionality, Apps, and Media Content. We’ll makes changes to Functionality and Apps.
  8. Click the Functionality tab.
  9. Uncheck the box that says Allow use of Camera.
  10. Uncheck the box that says Allow Siri.
    20
  11. Click the Apps tab.
  12. Uncheck the box next to Allow use of iTunes Store.
  13. Unlock your managed iOS device and make sure you can see your first Home screen.
  14. In Profile Manager, click OK and click Save.Within a few seconds you should see both the Camera and iTunes apps disappear from your iOS device’s Home screen.
  15. Click and hold and Home button to open Siri.Note that Siri no longer works.

Remove Restrictions payload

To remove the Restrictions payload:

  1. Select the Restrictions payload for your device.
  2. Click the Edit button.
  3. Click the ”-” at the upper-right-hand side of the Restrictions payload window.
  4. Click OK and then Save.Note that the Camera and iTunes Store apps reappear on your Home screen. Now try to use Siri. Note that Siri still doesn’t work.
  5. Open the Settings app on your managed device.
  6. Select the General setting.
  7. Select the Siri setting.
  8. Turn Siri back on.

Next we’ll finish up with iOS-only restrictions.