|
There are two primary purposes. Fundamentally .mobileconfig profiles are a standardized XML format that are an officially blessed way to bundle up a lot of various macOS, iOS, or tvOS configuration options into an easy standard format that can then be installed on various devices to apply a whole bunch of stuff all at once with no additional work. There are various GUIs to work with them, including Apple's free Apple Configurator, or iMazing does a nice one as well, they're the backbone of a lot of MDM usage for iDevices now, and they can also be created programmaticly. As well as closed there are lots of open source solutions for this and it's not particularly hard to roll your own or customize (though you probably want to save yourself the pain of dealing directly with the ancient format as much as you can). So first, even for completely bog standard config it can be an easy timesaver, as well as way to make a change in a single place in a deterministic fashion and then apply it uniformly. I use it a great deal just purely for my own personal and family devices for example. I've got lots of email accounts, WiFi networks, and so on, that aren't special but sizable in number. I've made a few profiles for those, which I can then take and install on each Mac, iPhone, or iPad to have all the accounts loaded saving some manual config work. If I need to change a password, add or remove, I can do it in one single place, and then push it out to do the config. No need to jump back and forth to a password manager doing lots of copypaste of passwords on the phone. It's not a huge deal but it's a pretty simple time saver. Secondly, .mobileconfig will let you do stuff that you can't (officially) do at all otherwise, particularly on iDevices, so in that case it's simply the only easy way to get at certain functionality. Some functionality is only available to "supervised" devices you setup fresh under supervision now, and can give you a much deeper level control. For HN types, it can be useful to load your own private root CA and cert chains, cert using WPA Enterprise networks, etc. It's another way to make it harder to do certain activities with a stolen device. I think a lot of people with Apple devices who don't "need" profiles could still find them handy honestly. It's not exposed very well but it's also no some horribly complex thing to get some value out of. There are a lot more people with iDevices then Macs (so that rules out Apple Configurator), and typical serious MDM offerings are all subscription based sadly. So in turn free tools for other platforms are nice to see. |