Profiles are very powerful and can do a variety of tasks. The most basic, and probably one of the most used tasks, is to join a wireless network. In this task, we'll look at configuring this basic profile and then deploying that profile to a device.
Before configuring a profile that provides access to a Wi-Fi network, you should first have a Wi-Fi network up and running and ready. If the network is 802.1x (Network Access Control or Certificate-based Authentication), then you should also have a certificate or other requirements to join the network on hand to be added to the profile prior to getting the profile configured.
Once the wireless network is ready, follow the given steps:
Open Apple Configurator.
Click on Prepare.
From the main screen, click on the plus sign to create a new profile.
From the list of options, click on Create New Profile.
At the General screen, provide a name for the profile. This is often something like
Wireless Profileor802.1x Profile. Additionally, the profile can have the name of the organization filled in using the Organization field and a brief description in the Description field.The Security field is used to configure whether the profile can be removed. This includes options for Always, With Authorization, and Never, which allow the profile to be removed, to be removed if the password for the profile is provided, and to never be removed (except for with a device reset) respectively.
Fields that initially say [required] and with a red circle with an arrow are required and fields that say [optional] are not.
Click on Wi-Fi to configure the wireless networks the iOS device will automatically join. Here, click on Configure to enable the payload. At the Wi-Fi screen you have the following options:
Plus (+) and minus (-) buttons: Add additional wireless networks the iOS device will join
Service Set Identifier (SSID): Defines the wireless network the iOS device will join
Hidden Network: If the SSID is suppressed, use this option
Auto Join: If the device should join the network automatically without prompting end users, check this box
Proxy Setup: Allows administrators to define the path to a PAC file (using the Automatic option) or manually enter profile information (using the Manual option)
Security Type: Set to WEP, WPA / WPA2, Any (Personal) networks, which simply use a password or WEP Enterprise, WPA / WPA2 Enterprise or Any (Enterprise), which require a second factor of authentication (802.1x)
Password: The password to join the WEP, WPA, or WPA2 network
Configure the wireless network as is appropriate and click on Save to save the profile. We don't go through all of the options in this book for 802.1x as most will require input from the administrators of these types of wireless networks.
Once the profile is created, click on Save to save the profile. Click on the checkbox for the profile to enable it (multiple profiles can be enabled concurrently).
Clicking on Prepare or Refresh (under Supervision) enables the profile for devices that are then plugged in.
Once the installation of a profile begins, someone will need to accept the profile on the devices the profile is being installed on. Finally, if any profiles automatically enroll devices into SCEP servers or MDM servers, the server in which the device is being enrolled must be online at the time of enrollment.
Profiles can be installed as a unique step or as part of a larger workflow where devices are being updated, getting backups restored to them, erased, and even having apps installed. The profile installation itself requires interaction with the device as Apple has made a decision that rather than have policies enforced without an end user's choice in the matter, profiles must be accepted by end users. MDM servers can make changes without devices accepting each change because doing so is trusted by the enrolment profile.
Once a device accepts a profile, the profile can easily be removed using the Remove button, provided the profile is removable. If using an MDM server, then a few other items should be installed other than the automated enrolment profile and a Wi-Fi network so the device can actually reach the MDM server. However, if no MDM server is available then there are a number of options available to administrators for controlling devices; however, updating devices must then be done physically by connecting via USB.
Profiles in iOS work much the same as profiles in OS X, just without the manual, programmatic interfaces. Obviously, not all options are supported in both; however, one should understand each. For more information on processing profiles in OS X, check out http://krypted.com/iphone/profile-manager-and-profiles.
Apple Configurator has the ability to configure a number of different settings. But some might not be known to administrators. These are primarily password fields. In the event that you do not know a username or a password, then fields can be left blank and end users will be prompted for whatever credentials are missing at the time the profile is installed.