Mobile device profile properties
Important Update: Please read our release note about important updates and limited functionality of our Mobile Device Management solution with the launch of our new Device Management for Apple (DMA). We recommend you enroll your iOS devices with DMA. Read more about migrating from MDM to DMA.
Configure the mobile device properties in N-able N-central to montior and connect with mobile devices.
- Click Configuration > Mobile Devices > Profiles.
- Click Add and select a profile type from the drop-down menu.
- When done configuring a profile, click Save.
Credentials MDM profiles
Credentials Profiles provide device authentication through two different types of certificates: Trusted Certificate or Personal Identity. The certificate type is determined by the file extension as described below. All other file types will be identified by N-able N-central as Unknown and are unavailable for selection in other MDM Profiles.
| Property | Property Description | Supported OS | |
|---|---|---|---|
|
|
||
|
Credential Name |
A user-defined identifier for the credentials to be used by the Profile. |
|
|
|
Credential Type |
Identifies the type of credential used by the Profile as one of the following:
|
n/a | n/a |
|
Certificate |
The file name of the certificate. |
|
|
|
Password |
The security password required to use the certificate. Select Show Password to reveal the password as it is typed. |
|
|
Email MDM profiles
Configure POP or IMAP email accounts for the user. Mobile devices support industry-standard IMAP4 and POP3 mail solutions on a range of server platforms including macOS, Windows, UNIX, and Linux.
| Property | Property Description | Supported OS | |
|---|---|---|---|
|
|
|
||
|
Account Description |
A user-defined description of the email account. This will be displayed in Mail and Settings applications. |
|
|
|
Account Type |
Select the type of email account. |
|
|
|
Path Prefix |
IMAP configuration used to synchronize email folders. |
|
|
|
User Display Name |
The user name for the email account. |
|
|
|
Email Address |
The full email address for the account. |
|
|
|
Allow Move |
Select to give permission for messages to be moved out of this email account to another account. This setting also prevents forwarding or replying from a different account than the account from which the message was originated. |
|
|
|
Use S/MIME |
Select if the email account supports the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for public key encryption and signing. |
|
|
|
Configure the following settings, except where indicated, for both the Incoming Mail and Outgoing Mail server. To configure a setting for both types of mail server, select the appropriate tab. |
|
|
|
|
Mail Server |
The host name or IP address of the mail server. |
|
|
|
Port |
The port number for the mail server. If no port number is configured, N-able N-central uses the default port value for the protocol. |
|
|
|
User Name |
The user name for the email account. |
|
|
|
Authentication Type |
Select an authentication method. |
|
|
|
Password |
The security password for the email account. Select Show Password to reveal the password as it is typed. |
|
|
|
Use SSL |
Select to use SSL for authentication on the email server. |
|
|
|
Outgoing Password Same As Incoming |
Select to use the same security password for the email account for the outgoing and incoming mail server. This property is only available on the Outgoing Mail tab. |
|
|
|
Use Only in Mail |
Select to enable an Exchange ActiveSync security feature. This prevents third-party applications from sending messages from this email account. This property is only available on the Outgoing Mail tab. |
|
|
Exchange MDM profiles
Configure a user's properties for Microsoft Exchange servers. You can create a profile for a specific user by configuring the user name, host name, and email address, or you can configure just the host name which will prompt users to configure the other properties when they install the profile on their mobile device.
| Property | Property Description | Supported OS | |
|---|---|---|---|
|
|
|
||
|
Account Name |
The identifying name of the email account. |
|
|
|
Exchange ActiveSync Host |
The host name or IP address of the Exchange ActiveSync Host. |
|
|
|
Allow Move |
Select to give permission for messages to be moved out of this email account and into another account. This property also prevents forwarding or replying from a different account than the account from which the message was originated. |
|
|
|
Use Only in Mail |
Select to enable an Exchange ActiveSync security feature which prevents third-party applications from sending messages from this email account. |
|
|
|
Use SSL |
Select to use SSL for authentication on the Exchange ActiveSync Host. |
|
|
|
Use S/MIME |
Select if the email account supports the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for public key encryption and signing. |
|
|
|
Domain and Username |
The domain name and user identification. |
|
|
|
Email Address |
The full email address for the account. |
|
|
|
Password |
The security password for the email account that will be used by the Exchange ActiveSync Host. Select Show Password to reveal the password as it is typed. |
|
|
|
Past Days of Mail to Sync |
Select the value to determine how many email messages appear in the Exchange mail account. |
|
|
|
Identity Certificate |
Select the .p12 Identity Certificate tor accounts that allow authentication using a certificate. |
|
|
|
Make Identity Certificate Compatible with iOS 4 |
Select to provide compatibility for iOS 4 device certificate handling. This feature should not be enabled for iOS 5 and higher devices. |
|
|
Passcode MDM profiles
Configure device policies when Microsoft Exchange passcode policies are not being used. You can determine whether passcodes are required to use devices, and you can also configure the characteristics of passcodes and how often they must be changed. When the Passcode Profile is installed, the user is immediately required to enter a passcode that meets the configured policies. Without a valid passcode, the profile will not be installed.
| Property | Property Description | Supported OS | |
|---|---|---|---|
|
|
|
||
|
Allow simple value |
Select to allow simple passcodes. A simple passcode is defined as containing repeated characters or characters that increase or decrease. For example, 123 or ABC. |
|
|
|
Require alphanumeric value |
Select to require users to type alphabetic characters, for example, abcd. If not selected, only numeric values are acceptable as passcodes. |
|
|
|
Minimum passcode length |
Select the minimum number of characters that valid passcodes are limited. |
|
|
|
Minimum number of complex characters |
Select the minimum number of complex characters that must be used in a valid passcode. Complex characters are non-alphanumeric characters including the ampersand (&), percent (%), dollar sign ($), and number sign (#). |
|
|
|
Maximum passcode age (in Days) |
Select the maximum number of days that a passcode can remain valid without being changed. After the time limit has expired, the user will be forced to change the passcode before the mobile device can be unlocked. The maximum is 730 days. |
|
|
|
Auto-Lock |
Select the number of minutes that a mobile device can be idle, without being unlocked by the user, before it is locked. Once the time limit expires, the device is locked and the passcode must be used to unlock the device. |
|
|
|
Passcode history |
Select the minimum number of unique passcodes that can be configured before a previously-used passcode is allowed to be re-used. |
|
|
|
Grace period for device lock |
Select the maximum number of minutes a mobile device can be locked before a passcode is required to unlock the device. |
|
|
|
Maximum number of failed attempts |
Select the maximum number of failed attempts to enter the passcode that are allowed. Once this limit is exceeded, user data on the device is erased and the designated backup (located on iTunes for iOS devices) must be restored in order for the mobile device to be unlocked. |
|
|
Restrictions MDM profiles
Restrictions Profiles allow you to enforce mobile device usage policies by restricting users from performing specific functions with the devices.
For more information on the specific functions of the mobile device that can be controlled using a Restrictions Profile, refer to the technical documentation for the device.
| Property | Property Description | Supported OS | |
|---|---|---|---|
|
|
|
||
| DEVICE FUNCTIONALITY - Select the restrictions you want to place on physical functions of the mobile device. | |||
|
Allow installing apps |
Select this feature to disable the App Store and remove its icon from the Home screen. Users will not be able to install or update apps using the App Store or iTunes. |
|
|
|
Allow use of camera |
Select this feature to completely disable cameras and remove the Camera icon from the Home screen. Users will not be able to take photographs or videos, or use FaceTime with iOS devices. Note that this feature is only supported on Android devices using Android 4.0.x and later. |
|
|
|
Allow FaceTime |
Select this feature to prevent users from placing or receiving FaceTime video calls. |
|
|
|
Allow screen capture |
Select this feature to prevent users from saving a screenshot of the display. |
|
|
|
Allow automatic sync while roaming |
Select this feature to force devices that are roaming to sync only when an account is accessed by the user. |
|
|
|
Allow Siri |
Select this feature to prevent users from using Siri, voice commands, or dictation. |
|
|
|
Allow Siri while device locked |
Select this feature to force users to unlock the device with their passcode before using Siri. |
|
|
|
Allow voice dialing |
Select this feature to prevent users from dialing their phone using voice commands. |
|
|
|
Allow In-App Purchase |
Select this feature to prevent users from making purchases while using applications. |
|
|
|
Force user to enter iTunes Store password for all purchases |
Select this feature to force users to enter their Apple ID password before making any purchase. |
|
|
|
Allow multiplayer gaming |
Select this feature to prevent users from playing multi-player games in the Game Center. |
|
|
|
Allow adding Game Center friends |
Select this feature to prevent users from adding friends in the Game Center. |
|
|
| APPLICATIONS - Select the restrictions you want to place on the use of applications with the mobile device. | |||
|
Allow use of YouTube |
Select this feature to disable the YouTube application and remove its icon from the Home screen. Note that the YouTube application is included with iOS 5 and earlier. |
|
|
|
Allow use of iTunes Store |
Select this feature to disable the iTunes Store and remove its icon from the Home screen. Users will not be able to preview, purchase, or download content. |
|
|
|
Allow use of Safari |
Select this feature to disable the Safari web browser and remove its icon from the Home screen. Users will not be able to open web clips. |
|
|
|
Enable autofill |
Select this feature to disable the capability for Safari to cache entries that users make in common web forms. |
|
|
|
Force fraud warning |
Select this feature for Safari to attempt to prevent the user from visiting websites identified as being fraudulent or compromised (through a fraud warning pop-up message). |
|
|
|
Enable JavaScript |
Select this feature to prevent Safari from recognizing JavaScript on web sites. |
|
|
|
Block pop-ups |
Select this feature to disable Safari's blocking of pop-up advertising. |
|
|
|
Accept Cookies |
You can choose to accept all cookies, accept no cookies, or reject cookies from sites that have not been directly accessed. |
|
|
| iCLOUD - Select the restrictions you want to place on iCloud functionality of the mobile device. | |||
|
Allow backup |
Select this feature to disable the capability for users to back up their mobile device to iCloud. |
|
|
|
Allow document sync |
Select this feature to disable the capability for users to store documents in iCloud. |
|
|
|
Allow Photo Stream |
Select this feature to disable the capability to use Photo Stream. Installing a configuration profile with this restriction will erase Photo Stream photos from the user's mobile device and prevent photos in the Camera Roll from being sent to Photo Stream. If there are no other copies of these photos, the files may be lost. |
|
|
| SECURITY AND PRIVACY - Select the restrictions you want to place on security and privacy functions of the mobile device. | |||
|
Allow diagnostic data to be sent to Apple |
Select this feature to disable the capability for iOS diagnostic information to be sent to Apple. |
|
|
|
Allow user to accept untrusted TLS certificates |
Select this feature to disable the capability for users to be prompted to trust certifications that cannot be verified. This setting applies to Safari and to Mail, Contacts, and Calendar accounts. |
|
|
|
Force encrypted backups |
Select this feature to ensure that backups performed by users in iTunes are stored in an encrypted format on their computer. If any profile is encrypted OR this feature is selected, encryption of backups is required and enforced by iTunes. |
|
|
| CONTENT RATINGS - Select the restrictions you want to place on ratings functions of the mobile device. | |||
|
Allow explicit music and podcasts |
Select this feature to disable explicit music or video content in the iTunes Store. Explicit content is flagged by content providers (for example, record labels) when it is listed on the iTunes Store. |
|
|
|
Ratings Region |
Select the region to be used for applying ratings. Content ratings systems differ between countries and regions. |
|
|
|
Movies |
Select the maximum rating to be allowed for movies viewed on the mobile device (ratings system based on the Ratings Region selected). |
|
|
|
TV Shows |
Select the maximum rating to be allowed for television programs viewed on the mobile device (ratings system based on the Ratings Region selected). |
|
|
|
Apps |
Select the maximum rating to be allowed for applications installed on the mobile device (ratings system based on the Ratings Region selected). |
|
|
VPN MDM profiles
Configure virtual private network settings for connecting mobile devices to your network.
The properties configured in a VPN Profile cannot be modified by the mobile device user.
| Property | Property Description | Supported OS | |
|---|---|---|---|
|
|
|
||
|
Connection Name |
The identifying name of the VPN connection. This name will be displayed on the device when VPN connections are established. |
|
|
|
Connection Type |
Select the type of VPN connection. |
|
|
|
Server |
The host name or IP address of the VPN server. |
|
|
|
Account |
The name of the user account to be used for the VPN connection. |
|
|
|
User Authentication |
Select the authentication type for establishing a VPN connection. This is not used for PPTP or IPSec VPN connections. |
|
|
|
Shared Secret |
The pre-shared key (PSK) or shared secret to be used for this VPN account. This is only used for L2TP and IPSec (Cisco) VPN connections. |
|
|
|
Encryption Level |
Select the level of data encryption to be applied to the VPN connection. This is only used for PPTP VPN connections. |
|
|
|
Machine Authentication |
Select the authentication type for establishing a VPN connection. This is only used for IPSec (Cisco) VPN connections. |
|
|
|
Group Name |
The group identifier to be used for the VPN connection. This is only used for IPSec (Cisco) VPN connections. |
|
|
|
Use Hybrid Authentication |
Select to authenticate the VPN connection using a Shared Secret, the User Name, and a server-side certificate. This is only used for IPSec (Cisco) VPN connections. |
|
|
|
Prompt for Password |
Select to prompt the user to type a password when establishing a VPN connection. This is only used for IPSec (Cisco) VPN connections. |
|
|
|
Password |
The security password for the account that will used to establish the VPN connection. Select Show Password to reveal the password as it is typed. This is not used for L2TP, PPTP, and IPSec (Cisco) VPN connections. |
|
|
|
Realm |
The user realm to be used to authenticate a Juniper SSL VPN connection. This is only used for Juniper SSL VPN connections. |
|
|
|
Role |
The user role to be used to authenticate a Juniper SSL VPN connection. This is only used for Juniper SSL VPN connections. |
|
|
|
Login Group or Domain |
The SonicWALL Mobile Connect Login Group or Domain that will be used for the VPN connection. This is only used for SonicWALL Mobile Connect VPN connections. |
|
|
|
Custom Data |
Click + to configure user-defined keys and values for customized SSL VPN connections. This is only used for Custom SSL VPN connections. |
|
|
|
Send All Traffic |
Select to route all network traffic through the VPN connection. |
|
|
|
Proxy |
Select the type of proxy configuration to use for the VPN connection. If Manual is selected, the Server host name or IP address, Port, Authentication, and Password must all be configured to allow VPN connections to be made. If Automatic is selected, the Proxy Server URL must be configured. |
|
|
WiFi MDM profiles
Configure how mobile devices connect to wireless networks. For the mobile device user to initiate a WiFi connection, these configure these properties to t match the requirements of the WiFi network.
| Property | Property Description | Supported OS | |
|---|---|---|---|
|
|
|
||
|
Service Set Identifier (SSID) |
The public identifier of the wireless network mobile devices connect to. |
|
|
|
Auto Join |
Select to cause the mobile device to automatically connect to the target network. |
|
|
|
Hidden Network |
Select to indicate that the target network is not open or broadcasting. |
|
|
|
Security Type |
Select the type of encryption to use when connecting to the target network. Android devices support WEP, WPA or Any encryption secured with a Password but do not support Enterprise Encryption. |
see note |
|
|
Enterprise Encryption |
Select to enable the configuration of protocols, authentication and trust for connecting to enterprise-level Wifi networks. Selecting this property will display the tabs:
|
|
|
|
Password |
The security password for the account to establish the WiFi connection. Select Show Password to reveal the password as it is typed. |
|
|
|
Proxy |
Select the type of proxy configuration to use for the WiFi connection. If Manual is selected, the Server host name or IP address, Port, Authentication, and Password must all be configured to allow VPN connections to be made. If Automatic is selected, the Proxy Server URL must be configured. |
|
|