The Apple profile page allows you to define security profile properties for your MDM profiles. You can optionally select to sign and encrypt profiles here. You can configure these settings during your initial set-up.

The path to the Automated Enrollment page on the UEM console is Groups & Settings > All Settings > Device & Users > Apple > Profiles.

What can you do with the Apple Profile settings page?

With Apple Profile settings, you can:

  • Encrypt the profiles.
  • Sign in the profiles.
  • Prompt devices to update MDM profile for iOS 5 permissions.

Determine your Organization group hierarchy

Before you review and modify the settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choice. For more information about these settings, see Override Versus Inherit Setting for Organization Groups.
  • Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.

Enter the profile settings information in the Apple Profiles page.

Setting Description
Encrypt Profiles Select Enabled option to encrypt all MDM and device profiles that are installed on the devices.
Sign Profiles (Requires Server SSL Certificate) Select this option to sign MDM and device profiles with a SSL certificate that is used to establish trust with the device services server.
Prompt devices to update MDM profile for iOS 5 Permissions This is a legacy setting used to provide compatibility with iOS 5. This checkbox does not need to be selected unless you are working with an iOS 5 device.
Signing Certificate Use the Upload button to upload a third-party SSL certificate to sign the profile. The SSL certificate should be the same one used on the device services end point.
Note: Workspace ONE UEM only supports digital certificates with RSA keys.