The features which can be configured using the configuration profiles vary to some extent between the different device platforms (Android, iOS, macOS, Windows 10, and Windows 11). There can also be some minor differences in how the settings of some device features are configured on different platforms. Here's a shortlist of features that can be configured remotely using GoTo Resolve MDM's configuration profiles.

* Supported on Samsung's Android devices with Android 4.2 or later and Samsung KNOX.

** Supported on Supervised Apple iOS devices.

Details of the configurable device features for each device platform are explained below.

Activation lock

This controls whether the activation lock is enabled when users turn on Find My iPhone. Activation lock restricts anyone else from using the lost device.

For further details please see the Activation lock article.

Application blocklist

The Application blocklist (formerly known as blacklist) configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Further information about application block/allowlisting for iOS.

The Application blocklist (formerly known as blacklist) configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Further information about application block/allowlisting for iOS.

Please note that the profile requires that devices are Supervised. This is supported on iOS 9.3 and later.

Application allowlist

The Application allowlist (formerly known as whitelist) configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Further information about application block/allowlisting for iOS.

Please note that the profile requires that devices are Supervised. This is supported on iOS 9.3 and later.

Application update policy

The application update policy is a device-specific configuration profile that enables you to control the automatic updating of applications installed via the Apple App Store or Apple Business/School Manager.

For further details, please read Application update policy for iPhones and iPads.

Custom settings

You can extend and customize GoTo Resolve MDM's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with GoTo Resolve MDM.

Device encryption

iOS devices encrypt their memory automatically when a device passcode is activated.

Please note this is not an actual configuration profile.

Email configuration

The email configuration profile lets you define settings for POP or IMAP email accounts from many email providers, such as Gmail, iCloud, Office365, Outlook, Yahoo!, and many others.

Kiosk mode

The kiosk mode can be used to force an iOS device to run in a single app mode. You can define the application operating and specify which device hardware buttons are active. Kiosk mode cannot be removed by the end-user. Read more about Kiosk mode for iOS.

Please note that the target device must be in Supervised mode.

Location tracking

The location tracking configuration profile can be used to enable location tracking in managed devices.

When the location tracking profile is deployed to a device, the GoTo Resolve MDM client is installed from the App Store and starts to collect and report location data to the GoTo Resolve MDM server. The last known location of the device can be seen by opening the device page.

Mail for Exchange

The Mail for Exchange configuration profile allows you to define the settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.

Please note that when you make a modification to the Mail for Exchange configuration profile (for example: Changing the syncing intervals of past emails from 1 week to 1 month), the mail account will be returned to the default settings because of Apple's policy. Therefore, the end-user is prompted to re-input their password for the account by hand. Even if the device states "Cannot Get Mail" - The connection to the server failed". -- Press OK. It should work properly again after that message.

Passcode

The passcode configuration profile can be used to control the use of the device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.

Restrictions

The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple iOS devices. These include the use of the camera, YouTube, the installation of applications, and many other features.

In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.

See Restrictions for iOS for further information.

Roaming

Use the roaming configuration profile to define whether device(s) are allowed to use data connections when roaming outside of the regular carrier’s network and when other local carrier network(s) are available.

Please note that this is only supported on iOS versions 5 and later.

Shared iPad

The Shared iPad configuration profile is meant for the supervised iOS devices in multi-user mode. With the profile you can limit the device use to temporary sessions (guest mode) and set timeout for inactive temporary and Managed Apple ID user sessions.

• Available in iOS 14.5 and above.

Learn more about Shared iPads

Virtual Private Network (VPN)

Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings.

Wallpaper

Use the wallpaper configuration profile to change the wallpaper of the devices.

Requirements:

• Available in iOS 8.0 and later. Requires that devices are Supervised.

Web content filter

The web content filter configuration profile allows you to allowlist and blocklist specific web URLs and restrict users' access to configured web pages.

Requirements:

• Requires that devices are Supervised.

For further details, see iOS web content filter documentation.

Web clip

The web clip configuration profile can be used to create bookmarks on the device's home screen.

WiFi

WiFi configuration profiles can be used to deploy wireless network settings to managed devices.

Always-on VPN

Always-on VPN can be used to automate and force the VPN connection on a device.

Application update policy

The application update policy is a device-specific configuration profile that enables you to control the automatic updating of enterprise-managed apps on an Android device. The application update policy affects all managed Google Play apps on the device.

For more details, please read the Application update policy for managed Android Google Play apps article.

Contact configuration

Use the contacts configuration profile to import contacts to the managed Android devices.

Requirements:

• Minimum GoTo Resolve MDM Online client version 2.6.3.

For further details, see Contacts for Android.

Device encryption

The device encryption configuration profile can be used to enable encryption for the device storage.

Please note that after the encryption is enabled, it cannot be disabled.

Kiosk mode

The kiosk mode configuration profile can be used to restrict the device user from leaving a specified home screen application(s).

For further details, see the Android kiosk mode.

Location tracking

The location tracking configuration profile can be used to enable location tracking in managed devices.

When the location tracking profile is deployed to a device, it starts to collect and report location data to the GoTo Resolve MDM server. The last known location of the device can be seen by opening the device page

Mail for Exchange

The Mail for Exchange configuration profile allows you to define the settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.

Please note that this configuration profile will function properly only on Samsung KNOX-enabled devices running Android operating system version 4.2 or later.

Passcode configuration

The Passcode configuration profile can be used to control the use of device passcode protection, including passcode requirements. When a passcode profile is deployed to a device, the device user is forced to use a passcode as defined by the profile settings.

Restrictions

The restrictions configuration profile allows the administrator to disable certain device features altogether. When a feature is disabled, the end-user can no longer modify the state of the said feature without the administrator first removing the profile.

See Restrictions for Android on work profile and work managed devices for more information.

Roaming

For Android devices, use the Restricitons configuration profile to define roaming settings.

System update policy

With the Android system update policy, administrators can control the installation of system updates remotely. They can, for example, specify a maintenance window during which the devices are allowed to install the updates without user interaction.

For further details, see the Android system update policy.

Web shortcut

The web shortcut configuration profile can be used to create bookmarks on the device's home screen. Currently, the recommended approach is to deploy web shortcuts from the managed Google Play. This is because deploying several web shortcuts simultaneously results in only one icon appearing on the device. Alternatively, you can deploy web shortcuts one by one to the device. See Managing web apps for Android Enterprise devices for further details.

WiFi

The WiFi configuration profiles can be used to deploy wireless network settings to managed devices.

Application allowlist (Samsung)

The Application allowlist configuration profile can be used to allow the use of certain applications whereas the use of all other applications is blocked. Here is some further information about the application block/allowlisting for Android.

Please note that this profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.

Application blocklist (Samsung)

The Application blocklist configuration profile can be used to deny the use of certain applications whereas other applications remain allowed. Here is some further information about application block/allowlisting for Android.

Please note that this profile will function properly only on Samsung devices that run the Android operating system version 4.2 or later.

Email (Samsung)

Use the email configuration profile to define settings for POP or IMAP email accounts. Please select the email service you want to configure.

Kiosk mode (Samsung)

The kiosk mode configuration profile can be used to restrict the device user from leaving a specified home screen application. The device user will be unable to change device settings or run other applications. In addition, the use of some of a device's hardware buttons can be prevented.

Please note that the kiosk settings will function properly only on Samsung devices that run the Android operating system version 4.2 or later.

Mail for Exchange (Samsung)

The Mail for Exchange configuration profile allows you to define the settings for Mail for Exchange accounts in managed devices. With the profile, it is possible to configure how often and what content should be synchronized between the device and the Mail for Exchange server.

Please note that this configuration profile will function properly only on Samsung KNOX-enabled devices running Android operating system version 4.2 or later.

Restrictions (Samsung)

The restrictions configuration profile allows the administrator to disable certain device features altogether. When a feature is disabled, the end-user can no longer modify the state of the said feature without the administrator first removing the profile.

See Restrictions for Android (Samsung) for more information.

Please note that this configuration profile will function properly only on Samsung KNOX-enabled devices running Android operating system version 4.2 or later.

Application update policy

The application update policy is a device-specific configuration profile that enables you to control the automatic updating of Mac software installed via Apple Business/School Manager.

For more details, please read the Application update policy for Mac software.

Custom settings

You can extend and customize GoTo Resolve MDM's management capabilities by building and deploying custom device configuration profiles (files with the .MOBILECONFIG extension) with GoTo Resolve MDM.

For more details, please read Custom configuration profiles for Macs.

Disk encryption

FileVault is a disk encryption program in macOS systems that can be used to encrypt the system disk on macOS devices on the fly. With the FileVault configuration profile, you can enforce the activation of FileVault disk encryption for GoTo Resolve MDM-managed macOS devices.

For more details, please read FileVault disk encryption for macOS systems.

Password policy for local users

With the Password configuration profile, you can set standards for the use of the login password on the managed Macs.

Restrictions

The restriction configuration profile can be used to restrict the use of certain device features, applications, services, and content types on Apple macOS devices. These include the use of the camera, Game center, password auto-fill, fingerprint unlock, document sync with iCloud, and many others.

In addition, you can use the restriction configuration profile to force some security settings, such as automated backups or encryption to be used on the devices.

Virtual Private Network (VPN)

Use the VPN configuration profile to define the settings for connecting to a local area network via a virtual private network (VPN), including authentication settings.

Custom settings

You can extend and customize GoTo Resolve MDM's management capabilities by building and deploying custom configuration service provider (CSP) policies with GoTo Resolve MDM.

For more details, please read Custom policy configurations for Windows 10/11.

Disk encryption

Encryption is a way to protect your system against unauthorized access and keep your data safe and secure. With the BitLocker configuration profile, you can encrypt only the C drive or all fixed drives on your Windows computers.

For more details, please read the BitLocker disk encryption for Windows.

Mail for Exchange

Use the Mail for Exchange configuration profile to define the settings for creating Mail for Exchange accounts for devices running Windows 10/11.

Password policy for local accounts

With the Password configuration profile, you can set standards for the use of the login password on the Windows 10/11 computers managed by your organization.

WiFi

Use the WiFi configuration profile to define the settings for connecting to known wireless local area networks.

Windows Update

Use the Windows Update configuration profile to deploy update policies and general update settings to your managed Windows 10/11 devices.

For further details, see How to deploy Windows update settings.

More information:

How to create a configuration profile

How to deploy configuration profile(s)