Best Practice for Updating Existing MDM Profile Capabilities on Enrolled Devices

Business & Education General
TaketoIto OP
Created 4h
Replies 2
Boosts 0
Views 38
Participants 2
This post is from the WWDC26 Business & Education Q&A.

We are currently updating an existing MDM configuration profile using the InstallProfile command in order to modify its capabilities.

Is re-installing the MDM profile via the InstallProfile command the only supported approach for updating its capabilities?

Also, are there any ways to update the MDM profile without requiring re-enrollment?

Answered by Device Management Engineer in 891588022

Please see the description of ServerCapabilities in https://developer.apple.com/documentation/devicemanagement/mdm.

The only restriction on adding/removing items there is on the com.apple.mdm.per-user-connections capability. The others can be added/removed during a profile update.

Other keys also include "Notes" that describe when they can be changed in a profile update.

Replies  2
Boosts  0
Views  38
Participants  2
Device Management Engineer OP
Apple
4h
Accepted Answer
Recommended

Please see the description of ServerCapabilities in https://developer.apple.com/documentation/devicemanagement/mdm.

The only restriction on adding/removing items there is on the com.apple.mdm.per-user-connections capability. The others can be added/removed during a profile update.

Other keys also include "Notes" that describe when they can be changed in a profile update.

Device Management Engineer OP
Apple
4h

If you are following the documentation rules and the update is failing, please file a feedback request with a sysdiagnose from the device.

Best Practice for Updating Existing MDM Profile Capabilities on Enrolled Devices
First post date Last post date
 
 
Q