Profile Editor Command Policy

What

The Command Policy in the Profile Editor is unique; the contents of a Command Policy is not a profile payload, but instead MDM commands.

When/Why

Some commands are available from the right click context menu, e.g. Wipe Device…. However, some commands would be unwieldy in this manner e.g. iOS Wallpaper. Imagine having hundreds or thousands of devices or if you wanted different Wallpaper based upon location, department, etc.

To provide this flexible working, some commands have been placed inside the Profile Editor and all these commands exist within the Command Policy view. This method allows the association of such commands based upon Smart Groups, for example, and allows easy association across many devices.

Since these are commands and not Profile Payloads, there will be:

  • No request type of ‘InstallProfile’ listed in the Command History

  • These will not be listed in the ‘Installed Profiles’ view.

  • There will be no Fileset Report for these Command Policies

  • The Fileset Status will remain grey and only ever report Associated

However, any commands sent should be seen in the Command History view with a request type of ‘Settings’

Additional Consideration

Some command options allow for enabling or disabling a setting, for example Remote Desktop. In this instance, if a currently associated Command Policy included a setting to enable this feature, a disassociation event should automatically send a command to disable the setting.

Some commands are resent periodically, e.g. Wallpaper. This command will be resent in case the user has changed the Wallpaper, but only resent every 24 hours by default, to alleviate undue load on the server. Other commands may be resent with a manual Verify.

How

  • Open the Profile Editor

  • Select Command Policy

  • Edit as desired

  • Associate to test device(s) first before deploying across many devices

Example Command History view for a setting to alter the Wallpaper: