Simple MDM Groups / Profiles
Create Groups to ensure that all iPads in this group get the same profiles, apps, etc.
All iPads and associated groups should have the same four profiles:
The custom configuration profile that contains the BSD-Secure certificate to be able to connect to wifi. Currently titled (MacOS) WIFI BSD-Secure_2025_FINAL.
The wireless network profile to receive the jamf credentials to connect to wifi with that user name. (BSD-Secure - iPads Only)
The lock screen message profile so that the asset tag, name, serial number and group will appear on the lock screen. (DEFAULT (IOS / TVOS) - Lock Screen Message).
The default ‘cloud’ wallpaper to quickly identify if an iPad is enrolled in SimpleMDM or not. (DEFAULT IOS - Wallpaper)
Other needed profiles are : app restrictions, home screen layout, and restrictions. For these profiles, it is better to just ‘clone’ an existing profile and then modify it for your group. That way all of the settings are already configured and only need small modifications for the new group.
App restrictions lets you deny certain apps from being shown on the iPad OR it only allows the listed apps. This depends on how you configure the profile. If it is a student only iPad (sometimes students with IEPs take iPads home), it is better to just have an allow list since they are only allowed to use certain apps. If it is a teacher iPad, block all stock/default Apple apps and then any other apps you add to their iPad should show up immediately.
Home screen layout lets you organize how apps are sorted on the iPad. This isn’t too important but it helps keep things organized and apps that teachers are less likely to interact with can be placed on a separate page (Settings, SimpleMDM app, etc.).
Restrictions control what changes or settings the user can change/modify. For the most part, the only change/alteration needed is access to change the passcode. In some cases, teachers will need to set a passcode in order to use Google apps but, for the most part, access to set a passcode is disabled.
All Macs should have the following profiles assigned by the group they're in:
(MAC OS) BSD-Secure_2026 Cert (Certificate for BSD-Secure)
(MacOS) LOGIN Default - Enabled Guest and Mobile Accounts (Enables the Guest user and creates mobile accounts for users that are authenticated via AD)
(MacOS) WIFI BSD-Secure_2025_FINAL (Initial credentials for BSD-Secure (uses Jamf user), and then connects with user's credentials after authentication)
(MacOS) DEFAULT - Restrictions (MacOS restrictions)