Signs you may have conflicting MDM profiles in macOS

Jamf doesn’t currently let you easily separate out individual parts of a profile, so if you deploy a Restrictions profile, you have to enforce all the parts of the Restrictions profile. Sure, you can download the profile, un-sign it, modify it, re-sign it, and then re-upload it, but that’s not very easy to then modify going forward, and the re-signed profile won’t show you what’s actually being enforced.

You can—if you know what keys to use for what domains—create an “upload” profile with XML. You can also use a .json schema that creates the XML for you.

Just be careful not to mix and match a full templated profile from Jamf with a potentially conflicting XML “upload” profile.

One sign you may have conflicting profiles is if you notice the profile setting you want enforced is enforced… and then isn’t… and then is… and then isn’t. If you have conflicted enforced settings, macOS doesn’t know what profile to pay attention to, so it will use one or the other seemingly randomly.

Leave a comment

Your email address will not be published. Required fields are marked *