Sign configuration profiles to prevent Jamf from modifying them, ensuring only your explicitly configured settings are applied.

signMobileconfigFiles.md

• Save a plaintext filename.mobileconfig file that enforces your desired settings
• Create a self-signed certificate using Keychain Access
  • Certificate Type: Code Signing
• Sign the plaintext filename.mobileconfig as filename-signed.mobileconfig
  • /usr/bin/security cms -S -N "<Code Signing Certificate Name Here>" -i "filename.mobileconfig" -o "filename-signed.mobileconfig"
• Click the Upload button on your JSS Configuration Prifiles Page to upload your signed filename-signed.mobileconfig
• Jamf states the uploaded configuration profile is in read-only mode, because it is signed
• Use Jamf to scope the configuration profile to your desired Macs