Skip to main content
Matrix42 Self-Service Help Center

Configure VPP Apps for macOS via Managed Preferences

  1. Last updated
  2. Save as PDF

Overview

In this article, we will show you how to use Silverback to configure macOS applications that you have purchased through the Volume Purchase scheme. You have probably already seen the Managed Preferences feature when configuring enterprise applications for macOS in Silverback when you configured an App Config when uploading enterprise applications. Technically, configuring applications and installing them on macOS are two separate processes. First, a command is sent to the macOS device to install the desired application. To configure the application, a Managed Preferences profile is also created, which is located in the MDM profile on the macOS device and this article describes how to create and deploy your own Managed Preference Profile for any VPP application that supports configuration via XML, using Microsoft Outlook and Google Chrome as examples.

Outlook Managed Preference Preparation

Review Developer Documentation

The first step is to determine if your application can be configured via XML. The best way to do this is to contact the application vendor to find out what configuration options are available. In our case, for example, a Google search for Outlook Managed Preferences returns the official Microsoft description of how to configure Outlook on macOS devices.

clipboard_e43de66bdc375740db976f09e41063512.png

If you follow the link to Set preferences for Outlook for Mac - Deploy Office, you will find a list of the available preferences. In this guide, we will focus on configuring the following configuration keys:

  • Specify calendar first day of week
  • Allow only corporate mailboxes to be added
  • Disable Signatures
  • Disable Pride theme
  • Disable SMIME
  • Specify default weather location
  • Enable new Outlook

According to the documentation you will find for each configuration the following important information about the specific domain, the specific key, the available data type and the possible values. It also shows the required configuration profile, which is what we are going to do in this guide, and you can check the supported Outlook version for the configuration. Please note that some keys have an additional comment that they only apply to new Outlook, so keep this in mind.

Category Details
Domain com.microsoft.Outlook
Key CalendarFirstDayOfWeek
Data Type Integer
Possible values 1 = Sunday (default)
2 = Monday
3 = Tuesday
4 = Wednesday
5 = Thursday
6 = Friday
7 = Saturday
Requires Configuration Profile No
Availability 16.19

Adjust Managed Preference Template

In the Apple MDM Developer documentation you will find a template for the Managed Preferences profile and the structure of this payload is always the same, so you can use it as a template and the inserted content is what you need to customize for your application. In this guide, we want to configure Microsoft Outlook and the first step is to use the specific PayloadContent key com.microsoft.Outlook, which is the same as the Domain field in the documentation, but can also be the Bundle ID.

To get a Bundle ID you can install the application first and then run Terminal and execute osascript -e 'id of app "Microsoft Outlook"' for receiving the bundle ID for Outlook.

The second focus part is the mcx_preference_settings, where you can add your specific XML configuration for the application. To make your life easier, we have already added all the above mentioned configurations as examples to the template. The third part is the PayloadIdentifier where it is important to adjust at least one character in case you want to deploy multiple Managed Preference profiles. The last point of focus is the Payload Display Name and we recommend to adapt it to the naming convention like in the example for any application you want to configure. Now all you need to do now is to press the view source button in the XML below and copy it to your clipboard and proceed with Create Managed Preference Profile.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
    <key>com.microsoft.Outlook</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
    <key>AllowedEmailDomains</key>
    <array>
    <string>imagoverum.com</string>
    </array>
    <key>CalendarFirstDayOfWeek</key>
    <integer>5</integer>
    <key>DisableSignatures</key>
    <true/>
    <key>DisablePrideTheming</key>
    <true/>
    <key>DisableSMIMECompose</key>
    <true/>
    <key>DefaultWeatherLocation</key>
    <string>Berlin, Germany</string>
    <key>EnableNewOutlook</key>
    <integer>3</integer>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadIdentifier</key>
<string>com.example.mymanprefpayload</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>83c9f6e8-ef4b-4974-b83b-b2e7fe79b75c</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
    <string>Silverback Managed Preference: com.microsoft.Outlook</string>
<key>PayloadIdentifier</key>
    <string>macBook-Pro.CBC831CC-1B82-4FBE-B2E7-DBD1C959CE80</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>AED723D7-8DE0-45FC-BFA3-1F40FA17C5E1</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

Create Managed Preference Profile

Create a new Tag 

  • Open your Silverback Management Console
  • Navigate to Tags
  • Press New Tag
  • Enter a name, e.g. Managed Preference
  • Enter a description, e.g. Microsoft Outlook Configuration (optional)
  • Enable Profile at Enabled Features
  • Enable macOS as device type 
  • Press Save 

Create a new Profile 

  • Navigate to Profile
  • Select Custom Profiles
  • Press New Custom Profile
  • Enter a Name, e.g. Managed Preference for Outlook
  • Enter a Description, e.g. Microsoft Outlook Configuration
  • Enable the Use XML button
  • Paste the payload content from your Clipboard
  • Press Save
  • Confirm with OK

Deploy Managed Preference Profile

Assign Tag

  • Navigate to Devices
  • Locate one of your target devices
  • Press the Assign Tag button
  • Select the previously created Managed Preference Tag
  • Press Save
  • Confirm with OK
  • Now ensure that your device is connected to the internet 
  • Open the Device Overview
  • Press Refresh and select Pending Commands
  • Locate the InstallProfile command that contains Custom Profile and ensure that there is no Error in the Status column

clipboard_eae375aa102245f87d460ebd8b1687ded.png

Review Profile Installation 

  • Head over to your macOS device
  • Open System Settings
  • Navigate to Privacy & Security
  • Scroll Down and press Profiles
  • Select Silverback MDM Profile
  • Review the Silverback Managed Preference: com.microsoft.Outlook profile 
  • Perform a double-click on this profile
  • Review the Custom Settings area

Review Application Behavior

If Microsoft Outlook is already installed on your macOS device, close and re-open it and note that the following description of behaviour changes has been verified with Microsoft Outlook version 16.74.1 with a mailbox already connected:

  • Press Help and you will not see the Revert to Legacy Outlook option
  • Press Outlook and Settings and select Signatures and you should not be able to add or change any signature settings
  • Press Show All and navigate to General, the Pride Themes should no longer be visible and if a Pride Theme was previously selected, it performed a switch to a non-Pride Theme
  • Press Show All and navigate to Calendar, the first day of the week should be greyed out and set to Thursday
  • Close Outlook Settings and select Tools and Accounts, press the + Add an Account button and enter anything other than your added Allowed Email Domains domain as the email address, e.g. tim.tober@matrix42.com. You should receive a message that your organization doesn't allow personal email accounts. If you try again with an Allowed Email Domain account, such as tim.tober@imagoverum.com, you should be able to proceed
  • Close the Add Account window and check that the Security button is missing between Delegation and Sharing and Directory Service. 
  • Close the Accounts window and navigate to the Calendar and check that the weather for Berlin, Germany is displayed

Adjust Configuration

  • In case you want to add or modify any settings, navigate back to your Tag
  • Select Profile and Custom Profiles
  • Press Edit
  • Adjust the XML Text and press Save and Ok
  • Confirm with Ok
  • Navigate to Definition
  • Press Push to Devices
  • Wait until the profile will be updated on your devices
  • Restart Outlook and review the behavior changes

Additonal Managed Preference for CHrome

  • Navigate back to Custom Profiles in your Tag
  • Click New Custom Profile
  • Enter as Name Google Chrome
  • Enter a Name, e.g. Managed Preference for Google Chrome
  • Enter a Description, e.g. Google Chrome Configuration
  • Enable Use XML and paste again the Managed Preference Template
  • Open https://chromeenterprise.google/policies/ and review available policies
    • e.g. Search for IncognitoMode and open IncognitoModeAvailability
    • Review the Mac/Linux preference name and the Example value (Mac) and review the Description for possible values
    • Locate and review additional policies and update the mcx_preference_settings dict section with your new keys.
    • The example below shows several easy to check configurations:
<dict>
<key>IncognitoModeAvailability</key> 
<integer>1</integer> 
 <key>HomepageIsNewTabPage</key>
    <false/>
    <key>HomepageLocation</key>
    <string>https://google.com</string>
    <key>RestoreOnStartup</key>
    <integer>4</integer>
    <key>RestoreOnStartupURLs</key>
    <array>
        <string>https://matrix42.com</string>
        <string>https://marketplace.matrix42.com</string>
</array>
</dict>
  • Replace the PayloadContent key com.microsoft.Outlook with com.google.Chrome
  • Update the PayloadDisplayName to Silverback Managed Preference: com.microsoft.Chrome
  • Press Save
  • Confirm with OK
  • You will get now the information that A profile with this identifier already exists. As mentioned above, the payload identifier must be unique, so you need to change one character 
  • Press Cancel
  • Change one character in the PayloadIdentifier and press again save
  • Confirm with OK
  • Navigate to Definition and press Push to Devices
  • Review again the profile installation via Pending commands and on the device under Privacy & Security
  • Close and re-open Chrome and review your configuration.