Variables in Custom Apple Profiles with Systems Manager
Introduction
Variables in a custom Apple .mobileconfig profile enables values to be pulled from Meraki Dashboard for a device's profile (instead of just a single static value defined in the .mobileconfig). This makes your custom .mobileconfig profiles much more flexible & scalable when scoped to multiple devices within Meraki Systems Manager. Variables in custom .mobileconfig profiles are supported on iOS, macOS, and tvOS.
This article will assume the reader has the fundamental knowledge of how to generate an Apple .mobileconfig profile and install as a custom profile in Systems Manager. As a pre-requisite to this article, please make sure have a foundational understand of using custom Apple profiles in Systems Manager.
Variables
Variable in .mobileconfig | Meraki Dashboard value |
$DEVICENAME | Device Name |
$DEVICEOS | Device OS |
$DEVICEMODEL | Device Model |
$DEVICESERIAL | Device Serial Number |
$DEVICEID | Meraki SM device ID |
$UDID | Device UDID |
$PHONE | Device Phone Number |
$CARRIER | Device Cellular Carrier |
$IMEI | Device IMEI |
$NOTES | Device Dashboard Notes |
$MACADDRESS | Device MAC Address |
$OWNEREMAIL | Owner Email |
$OWNERUSERNAME | Owner Username |
$NETWORKNAME | Meraki Network Name |
Signed .mobileconfigs are not supported for $VARIABLE
support at this time. When generating a custom .mobileconfig please leave it unsigned (default).
Injecting Variables through Apple Configurator or Apple Profile Manager
Apple Configurator and Apple Profile Manager make it easy to generate .mobileconfig profiles for Apple devices, and you can add $VARIABLE
formatted values directly through these Apple tools to make building .mobileconfig profiles easy. Open Apple Configurator and go to File > New Profile. Use the $VARIABLE
format to fill in the desired values. Please refer to the documentation to create custom Apple profiles with Apple Configurator or Apple Profile Manager for additional basic screenshots and setup info. An example $VARIABLE
format through Apple Configurator is depicted below:
Directly editing the raw .mobileconfig (optional)
Once you have created a .mobileconfig through Apple Profile Manager, Apple Configurator, or any other tool: you can open the raw .mobileconfig in any text editor of your choosing. This is a good validation step if you are using Apple Configurator or Apple Profile Manager (above) to confirm the .mobileconfig is configured correctly. After you open the .mobileconfig in a text editor you will see there is an Array (<array>
) of Dictionaries (<dict>
). Each <dict>
will contain keys and values. We can edit these values to become variables ($VARIABLE
) to pull Meraki Dashboard values for the profile instead of the static value defined in the profile. Here is a basic example configuration of before and after adding the Meraki Dashboard variables:
Example .mobileconfig before
<array>
<dict>
<key>AccountDescription</key>
<string>My Account Description</string>
<key>AccountName</key>
<string>Bob Smith</string>
<key>EmailAddress</key>
<string>bob.smith @ example.com</string>
<key>PayloadDescription</key>
<string>Configures a Google account</string>
<key>PayloadDisplayName</key>
<string>Google Account</string>
<key>PayloadIdentifier</key>
<string>com.apple.google-oauth.2B7070DX-B503-415C-80AV-17C32V47A889</string>
<key>PayloadType</key>
<string>com.apple.google-oauth</string>
<key>PayloadUUID</key>
<string>2B2070AF-B804-405F-80CD-13A42C47A699</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
Example .mobileconfig after
<array>
<dict>
<key>AccountDescription</key>
<string>My Account $DEVICENAME</string>
<key>AccountName</key>
<string>$OWNERUSERNAME</string>
<key>EmailAddress</key>
<string>$OWNEREMAIL</string>
<key>PayloadDescription</key>
<string>Configures a Google account</string>
<key>PayloadDisplayName</key>
<string>Google Account</string>
<key>PayloadIdentifier</key>
<string>com.apple.google-oauth.2B7070DX-B503-415C-80AV-17C32V47A889</string>
<key>PayloadType</key>
<string>com.apple.google-oauth</string>
<key>PayloadUUID</key>
<string>2B2070AF-B804-405F-80CD-13A42C47A699</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array
Summary
Notice the $VARIABLE
format of the examples filled in above. This allows for values to be pulled from Meraki Dashboard instead of just a static value defined in the .mobileconfig. Do not edit anything else in the .mobileconfig and then save the .mobileconfig. Then, upload this .mobileconfig profile as a custom profile in Meraki Systems Manager to deploy this to your devices. This profile will now use the Meraki Dashboard values, making this single profile ideal for scaling to all/many devices in a robust and simple manor.