Skip to main content
Matrix42 Self-Service Help Center

Tags Guide Part V: MacOS

Profile

Profiles for each device type are managed independently allowing separate configuration and management of profiles for each device type. When a device is provisioned, it will be provisioned with the profile configuration at the time the device was enrolled. When a profile change is made, new devices will receive the new configuration as well as devices that are currently managed and/or blocked. When any Profiles are changed, ensure the settings are correct as these will be applied immediately to all applicable devices. Please ensure you click on the Save or Save & Close button on the bottom right of the screen to commit your changes before selecting another page.

Exchange ActiveSync

Setting OSX Description
Exchange ActiveSync Settings Enabled or Disable Enables Profile
Label e.g. Imagoverum Exchange The Label for the Email Account as it appears on the device.
Server Name e.g. outlook.office365.com  External Exchange Active Sync address 
Past Days of Mail to Sync
  • Unlimited
  • One Day
  • Three days
  • One week
  • Two weeks
  • One Month
Period of mail to synchronize to the device
Use SSL Enabled or Disabled If the URL for the External Mail Server is protected by an SSL Certificate then use SSL.
Use oAuth Enabled or Disabled Enables and uses oAuth Authentication for Identity Providers on native mail client
Use Custom Username Variable e.g. {CustLdapVar0} or support@imagoverum.com Define a Custom Variable Attribute for the Username for the EAS Profile.
Use Custom Email Variable e.g. {CustLdapVar0} or tim.tober@imagoverum.com Define a Custom Variable Attribute for the Email Address for the EAS Profile.
Use Custom Password Variable e.g. {UserPassword} or Pa$$w0rd  Define a Custom Variable Attribute for the Email Password for the EAS Profile.
Enterprise Certificate Choose File Upload a certificate for certificate based authentication with one certificate
Certificate Password e.g. Pa$$w0rd Password for the certificate
Path   Specifies a different path for the Exchange client to connect
Port   Specifies a different port for the Exchange client to connect to
External Host   If the external network address is different, you can specify this. This ensures the user will sync mail in the office and at home when the URLs are different
External SSL   Determines if the external connection should use SSL
External Port   Sets the external TCP port the Exchange Client should use
External Path   Sets the external path for the Exchange client

Email

Setting OSX Description
Email Settings Enabled or Disabled Enables Email Settings
Email Address e.g. {UserEmail} or support@imagoverum.com Defines Email Address of the Account
User Display Name e.g. {UserName} or Tim Tober Defines  Display Name of the User for this Email Account
Account Description e.g. Imagoverum Mail Defines Friendly Name of this Email Account
Account Type
  • IMAP
  • POP
Toggles between IMAP and POP Account Types
IMAP Path Prefix e.g. INBOX Defines where to look for mail 
Incoming Mail
Incoming Mail Server e.g. imap-mail.outlook.com or pop-mail.outlook.com  
Incoming Mail Port e.g. 995  
Incoming Mail Username    
Authentication
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
 
Embed User Password Enabled or Disabled  
Use SSL Enabled or Disabled  
Outgoing Mail
Outgoing Mail Server e.g. imap-mail.outlook.com or pop-mail.outlook.com  
Outgoing Mail Port e.g. 995  
Outgoing Mail Username    
Authentication
  • None
  • Password
  • MD5 Challenge-Response
  • NTLM
  • NTTP MD5 Digest
 
Embed User Password Enabled or Disabled  
Use SSL Enabled or Disabled  

Passcode

Setting OSX Description
Passcode Settings Enabled or Disabled Enables Passcode Settings
Allow Simple Enabled or Disabled Permit the use of repeating, ascending or descending characters
Require Alpha Numeric Enabled or Disabled Require passcode to contain at least one letter
Minimum Length 4-19 The smallest number of passcode characters allowed
Minimum Complex characters 1-4 Smallest number of non-alphanumeric characters allowed. If ‘Allow Simple’ is checked, then this configuration is disabled.
Maximum Passcode Age - 1-730 days or none 1-730 or empty How often passcode must be changed
Auto-lock (minutes) 2,5 Device automatically locks due to inactivity after this time period
Passcode history (1-50 passcodes, or none) 1-50 or empty Number of unique passcodes required before reuse
Grace Period for Device Lock
  • Immediately
  • 1 Minute
  • 5 Minutes
  • 15 Minutes
Amount of time device screen can sleep before device locks
Maximum Failed Attempts 4-16 Number of passcode entry attempts allowed before the device is reset to factory settings

Restrictions

Setting OSX
Allow Game Center Friends Enabled or Disabled
Allow Multiplayer Gaming Enabled or Disabled
Allow Game Center Enabled or Disabled
Allow AirDrop Enabled or Disabled
Allow Game Center account modification Enabled or Disabled
Allow App Store App adoption Enabled or Disabled
Require admin password to install or update apps Enabled or Disabled
Restrict App Store to software updates only Enabled or Disabled
Automatically enable new shared services Enabled or Disabled
Allow Aperture Sharing Enabled or Disabled
Allow AirDrop Sharing Enabled or Disabled
Allow Facebook Sharing Enabled or Disabled
Allow Twitter Sharing Enabled or Disabled
Allow Mail Sharing Enabled or Disabled
Allow Messages Sharing Enabled or Disabled
Allow Video Sharing Enabled or Disabled
Allow Sina Weibo Sharing Enabled or Disabled
Allow Add to iPhoto Enabled or Disabled
Allow Add to Reading List Enabled or Disabled
Allow Users Preference Enabled or Disabled
Allow General Preference Enabled or Disabled
Allow Universal Access Preference Enabled or Disabled
Allow Appstore Preference Enabled or Disabled
Allow Software Update Preference Enabled or Disabled
Allow Bluetooth Preference Enabled or Disabled
Allow CDs & DVDs Preference Enabled or Disabled
Allow Datetime Preference Enabled or Disabled
Allow Desktop and Screen Saver Preference Enabled or Disabled
Allow Displays Preference Enabled or Disabled
Allow Dock Preference Enabled or Disabled
Allow Energy Saver Preference Enabled or Disabled
Allow Extensions Preference Enabled or Disabled
Allow Fibrechannel Preference Enabled or Disabled
Allow iCloud Preference Enabled or Disabled
Allow Ink Preference Enabled or Disabled
Allow Internet Accounts Preference Enabled or Disabled
Allow Keyboard Preference Enabled or Disabled
Allow Language and Text Preference Enabled or Disabled
Allow Mission Control Preference Enabled or Disabled
Allow Mouse Preference Enabled or Disabled
Allow Network Preference Enabled or Disabled
Allow Notifications Preference Enabled or Disabled
Allow Parental Controls Preference Enabled or Disabled
Allow Printers and Scanners Preference Enabled or Disabled
Allow Configuration Profiles Preference Enabled or Disabled
Allow Security and Privacy Preference Enabled or Disabled
Allow Sharing Preference Enabled or Disabled
Allow Sound Preference Enabled or Disabled
Allow Speech Preference Enabled or Disabled
Allow Spotlight Preference Enabled or Disabled
Allow Startup Disk Preference Enabled or Disabled
Allow Backup Preference Enabled or Disabled
Allow Trackpad Preference Enabled or Disabled
Allow Xsan Preference Enabled or Disabled

VPN

Wi-Fi 

Silverback has the ability to pre-populate multiple Wi-Fi settings on your devices, so the user does not need to know the password for these networks themselves.

  • Click New WiFi profile
Setting OSX Description
Wi-Fi Settings Enabled or Disabled Enables the sending of Wi-Fi settings
SSID e.g. Corporate Wi-Fi Service Set Identifier of the wireless network
Security Type
  • WEP
  • WPA2
  • Any Personal
  • WEP Enterprise
  • WPA2 Enterprise
  • Any Enterprise
Defines the used Wireless network encryption
Hidden Network Enabled or Disabled Enable if the target network is not open or hidden
Automatically Join Enabled or Disabled The device will automatically join the Wi-Fi network
Password e.g. Pa$$w0rd Password for authenticating to the wireless network
Proxy (WEP Enterprise & WPA2 Enterprise & Any Enterprise Only)
Protocols
  • TLS
  • LEAP
  • TTLS
  • PEAP
  • EAP-FAST
  • EAP-SIM

 

  • Use Pac
  • Provision PAC
  • Provision PAC Anonymously
Defines the protocol utilized by encryption type and the PAC configuration
Authentication
  • Use Per-connection Password
  • Use Individual Username
    • Use User Password
  • Use Individual Client Certificates
    • Individual Client Certificate subject
    • Populate into Active Directory
  • Add Certificate
Defines the used authentication mechanism
Trust
  • Allow Trust Exceptions
  • Add or Remove Server
  • Add Certificate
  • Remove Certificates
Defines Trusted certificates
Proxy
  • Proxy Type (None, Auto, Manual)
  • Server
  • Port
  • Individual Usernames or pre-defined Username
  • Individual Passwords or pre-defined Password
  • PAC URL
Ensures the device talks to the necessary Proxy

Custom Profiles

Custom Profiles can be created with the Apple Configurator 2 on a MacOS device and imported into Silverback.

Use Custom Profiles if you miss a setting or a configuration that Silverback does not covers, but has an availability in Apple Configurator 2. 

  • Click New Custom Profile
Setting OSX Description
Name   e.g. CalDAV Profile Display Name for the Custom Profile
Description e.g. Custom CalDAV Profile Description for the Custom Profile
Mobileconfig File Choose File Uploads the *.mobileconfig file

Web Clips

Silverback allows administrators to push down Internet shortcuts to their Managed Devices, giving users easy access to the websites the administrator wants.

  • Click New Web Clip
Setting OSX Description
Web Clip Name   e.g. Matrix42 Web Clip Display Name 
Link e.g. https://www.matrix42.com Target URL for the Web Clip
Icon File Choose File A button for uploading a Custom Icon. Support File Type: *.png

Policy

With Policy or Policies Administrators have the ability to enforce rules with Silverback, such as enforcing what Apps are installed on the devices, what Cellular Networks the device is on through to enforcing the Serial Numbers of the devices as they are enrolled into the system. These are the environmental conditions that Silverback will continue to monitor for and ‘police’ for any devices that are associated with the Tag.

OS Version Compliance 

Administrators have the ability to control which OS versions are allowed within their environment. To allow an OS version, simply ensure the checkbox next to the respective OS version is ticked. Enrolling a device with a disabled OS version will result in the device automatically being blocked.

  • Alert Administrators: When the checkbox is checked, all administrators will receive an email when a device that violates OS compliance is detected, or when a new OS version is discovered.
  • Automatically Approve New OS Versions: When an OS platform is enrolled to Silverback for the first time, the OS is automatically added to the list. By default, unknown OS platforms are disabled and relevant devices will be blocked. To automatically authorize new OS versions as they are discovered, ensure the checkbox is ticked.

Use this feature where you do not want devices to be automatically blocked when a user upgrades their device to a new future OS version that is released by their software vendor.

Hardware Compliance 

Administrators have the ability to enforce a hardware compliance policy through Silverback. Simply uncheck the boxes for hardware types that should not be supported and any devices that match the hardware type and are managed by Silverback will be blocked. The list of hardware types is managed via the Device Types option in the Admin Tab of the Silverback Console. If a mapping from device type to hardware type exists, the hardware type will be displayed in the hardware compliance list. When a Device Manufacturer release a new version of their hardware the model numbers may not be known by Silverback, in this case Silverback will ‘learn’ them and store them as ‘Unknown’ in the Device Types section under the Admin Tab where the Administrator can update them manually. To allow these devices into your system you enable the ‘Unknown’ checkbox option. This will allow the device into your Silverback Environment and you can later re-classify this device type in the Admin > Device Types section.

  • Alert Administrators:  When the  checkbox is checked it will ensure that administrators receive an email when a device that violates hardware compliance is detected.

Lockdown

The Lockdown screen allows you to determine what device compliance policies are enabled and what action should automatically occur when a violation is detected. Each policy is enabled/disabled through their associated checkbox. Enabling a lockdown policy ensures that the device is inspected to ensure it is compliant with that policy during the initial enrollment as well as at regular intervals as defined by the ‘Perform check every’ drop down.

Lockdown Actions

Action Description
No action No action is performed on the device; however alerting administrators may be performed if configured.
Lock A lock command is sent to the device which will lock the screen of the device. 
Block The device is blocked, and the device is moved to the blocked devices table. 
Wipe The device is hard reset to factory default settings.
Alert administrator Emails are sent to all administrators notifying them of the policy violation when it is detected. 

Lockdown Policies

Policy  General OSX Description
Enforce Hardware Authentication Enabled or Disabled
  • No action
  • Lock 
  • Block
  • Wipe
Hardware authentication can be enabled or disabled from this screen. See the hardware authentication for more information on this configuration.
Require Full Disk Encryption Enabled or Disabled
  • No action
  • Lock 
  • Block
  • Wipe
Determines if OS X devices require Full Disk Encryption or not.

Content 

Content Management functionalities are not supported on OSX devices 

  • Was this article helpful?