Skip to content

Apple Business Manager profile settings (macOS)

General settings

Setting Description
Name The name of the profile.
Description An optional description of the profile.
Device group

A device group that will be assigned to devices when they are enrolled with Sophos Mobile.

For information on device groups, see Device groups.

To simplify device management, we recommend that you use a separate device group for Apple Business Manager devices.

Task bundle

A task bundle that will be transferred onto the devices when they are enrolled with Sophos Mobile.

The list includes all task bundles that contain no enrollment task.

For information on task bundles, see Task bundles.


Setting Description
Assign user to device

Select whether users must authenticate during device enrollment.

  • No: Users don’t need to authenticate.
  • Yes - LDAPS authentication: Users must authenticate with their Sophos Central email and password or with their Active Directory credentials if you configured an LDAP connection in Sophos Mobile. See Configure LDAP connection.
If you select No, Sophos Mobile doesn’t assign a user to the device during enrollment. You can assign a user later if required. See Assign a user to a device.

If you select Yes - LDAPS authentication, Sophos Mobile assigns the user to the device.

User can skip MDM policy assignment The user is able to skip the setup step that applies the Sophos Mobile enrollment profile.

macOS setup

On the macOS setup tab, you disable configuration steps of the setup assistant that starts when the device is switched on for the first time.

These settings only affect the macOS setup. If you disable a configuration step, the user is still able to enable the relevant option later. To completely disable a feature, use a Restrictions configuration. See Restrictions configuration (macOS device policy) and Restrictions configuration (macOS user policy).

Setting Description
Apple ID Skip configuring an Apple ID. The user cannot log in with their Apple ID to access Apple services.
Apple Pay Skip configuring Apple Pay. The user cannot add credit or debit card information for paying in stores or within apps using Apple Pay.
iCloud Analytics Skip configuring iCloud Analytics. Diagnostic and usage data from the iCloud account isn’t sent to Apple.
Lockdown Mode Skip the Lockdown Mode page.
Term of Address Skip the Term of Address page. This page is available for some languages and lets users select how they want to be addressed by the device (feminine, masculine, or neutral).
Passcode Skip creating a passcode to unlock the device.
Appearance Skip configuring the appearance of the user interface (light or dark).
Restore from backup Skip restoring data from a Time Machine backup or performing a system migration.
App Store Skip the App Store page.
FileVault disk encryption Skip configuring FileVault disk encryption. FileVault is turned off.
Siri Skip configuring Siri. Siri is turned off.
Touch ID & Face ID Skip configuring Touch ID and Face ID. The user cannot set up biometric authentication in place of a passcode.
Privacy Skip the page that explains the Data & Privacy icon.
iCloud Drive Skip activating the automatic upload of files from Documents and Desktop to iCloud Drive.
Registration Skip creating a computer account.
Diagnostics Skip configuring diagnostics. Diagnostic and usage data are not sent to Apple.
Location services Skip configuring location services. Location services are turned off.
Terms and Conditions Skip the Terms and Conditions page.
True Tone Skip activating True Tone (the automatic adaptation of display colors based on ambient lighting conditions).
Display Zoom Skip configuring Display Zoom, that is a zoomed view providing larger icons, text and buttons.
Wallpaper Skip the page that lets users select a wallpaper.

Support information

Setting Description

The department or location name associated with the profile.

This name is included in the information that the user can access by clicking About Configuration during device setup.

Phone number

The support phone number for your company.

This field is pre-populated with the phone number from the technical support contact details. See Configure IT contact.

The phone number is stored internally in the profile but is not available to the device user.


The support email address for your company.

This field is pre-populated with the email address from the technical support contact details. See Configure IT contact.

The email address is stored internally in the profile but is not available to the device user.