MDM profile shows "unsigned" label
search cancel

MDM profile shows "unsigned" label

book

Article ID: 241805

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The customer noticed that after creating his MDM (Modern Device Management) profile, it says "unsigned" as shown below.

Is this normal?
 

Environment

ITMS 8.6 RU2

Resolution

Main documentation on MDM can be found here:

About Modern Device Management

Setting up MDM for macOS

 

Regarding the "unsigned" label:

It means that Enrollment Profile Signing certificate was not selected in Server Configuration. It is an optional certificate that is used for signing MDM profiles. If it is not used, Mac UI will show red "Unsigned" label

What "unsigned" means also is described in our documentation (please see Step 4 - Obtaining / Generating a Signing Certificate from Setting up MDM for macOS)

Step 4

Obtaining / Generating a Signing Certificate

Aside from obtaining a certificate for your MDM server, you must also obtain or generate a certificate to sign the profiles distributed to MDM managed devices to ensure their integrity. End users can install unsigned profiles, but they will be labeled Unsigned in System Preferences > Profiles on the device, which may generate calls to the help desk. 

To prevent this, you can employ a CA-signed certificate to sign profiles. A certificate issued by a trusted Certificate Authority ensures that profile signing is labeled Verified in the user's System Preferences page.

After you have a certificate to sign profiles, import it by following the steps outlined in Obtaining Apple APNS Certificate section above, but install the certificate as a Signing Certificate when prompted.

Attachments