All Products: How To Obtain and Validate a Jamf/MDM mobileconfig File
search cancel

All Products: How To Obtain and Validate a Jamf/MDM mobileconfig File


Article ID: 285258


Updated On:


Carbon Black EDR (formerly Cb Response)


How to obtain and convert a JamF/MDM mobileconfig files to XML readable format.


  • All Products:  All Versions
  • MDM Servers:  All versions configured to manage Carbon Black Mac Sensors


A. Open a JamF/MDM policy for the Carbon Black product (CBC, EDR or AppC)  in the JamF console.

B. Download the policy.  In JamF, Computers > Configuration Profiles > (select profile details) choose the Download option.
User-added image
C. Move the mobileconfig file to  any MacOS Terminal window.   Remove any signature wrappers:
security cms -D -i xxx.mobileconfig > xxx-unsigned.mobileconfig
D. Format the resulting file into a XML legible file:
plutil -convert xml1 xxx-unsigned.mobileconfig
E. Run 'less xxx-unsigned.mobileconfig' to view the extra characters.  Below is an example of invalid characters that do not appear in the console.  The hidden characters can cause the profile to fail.  (The example below depicts an EDR profile with hidden, invalid characters)
User-added image


Additional Information

  • If extra characters are in the MDM policy due to cut-n-paste, then the policy does not apply properly on the sensors.
  • Some mobileconfig files do not have a signature wrapper.