Profile Manager Payload interaction
When you apply several different payloads to a device, the settings interact in a variety of ways.
Combined payloads
Combined payload items aren’t mutually exclusive. These payload items are concatenated together, keeping all the payload items. Combined payloads are usually things like mail or LDAP accounts, where the existence of one doesn’t preclude additional accounts.
Multiple payloads of the same kind can be applied to a device. If payloads contain account, certificate, or network configurations, each of the payloads’ configurations are applied simultaneously. Some network payloads may conflict with others. If two payloads define different network settings for the same SSID, for example, the result is undefined. However, iOS payloads containing restrictions don’t conflict. Instead, the most restrictive value of each restriction is applied. In OS X, most combined payload’s restrictions settings (versus account settings) are undefined if more than one value exists in multiple payloads.
You can use combined payloads to add usage restrictions together to form a restrictive environment where the user has very limited options on what can be used on the device.
Exclusive payloads
Exclusive payloads can only be applied once. These payloads have only one version of the setting possible, like device names, password policies, or specific network settings. For example, a device can’t simultaneously have more than one global HTTP proxy. Any duplicate payload settings overwrite previous settings.
If payloads contradict each other, the more restrictive setting is normally used. In some cases, the result is undefined.
Note: On iOS, if combined payloads have the same account description (or display name), they’re treated as exclusive payloads.
Payload categories and interaction
The following table shows the available payloads, how they can be applied, and whether they’re exclusive, combined, or other.
Payload | OS X and iOS | iOS only | OS X only |
|---|---|---|---|
| Exclusive |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Varies |
|
|
| Combined |
|
|
|
| Combined |
|
|
| Combined |
|
|
| Exclusive |
|
|
| Combined |
|
|
| Combined |
|
|
| Exclusive |
|
| Combined (user) | Combined (device) |
|
| Combined (user) | Combined (device) |
|
| Combined (user) | Combined (device) |
|
|
| Exclusive |
|
| Combined (user) | Combined (device) |
|
| Combined (user) | Combined (device) |
|
|
| Exclusive |
|
|
| Exclusive |
|
|
| Exclusive |
|
|
| Combined |
|
| Combined (user) | Combined (device) |
|
|
| Combined |
|
|
| Combined |
|
|
|
| Combined |
|
|
| Exclusive |
|
|
| Combined |
|
|
| Exclusive |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Exclusive |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Combined |
|
|
| Exclusive |
|
|
| Exclusive |
|
|
| Combined |
|
|
| Combined |
|
|
| Exclusive |
General
Certificate
Fonts
Network
Passcode
SCEP
Security & Privacy
VPN
AirPlay
AirPrint
APN
App Configuration
OS X Server Accounts
Network Usage Rules
Calendar
Contacts
Exchange
Global HTTP Proxy
LDAP
Mail
Restrictions (iOS)
Single App Mode
Single Sign-on
Subscribed Calendars
Web Clips
Content Filter
Domains
Accessibility
Custom Settings
Directory
Dock
Energy Saver
Finder
Identification
Login Items
Login Window
Messages
Mobility
Parental Controls
Printing
Proxies
Software Update
Time Machine
Xsan
Interaction with Open Directory
OS X payloads may behave differently when they interact with Open Directory settings:
Managed device-applied user profiles take priority over Open Directory-stored user settings.
Open Directory-stored user settings take priority over managed device-applied device profiles.
Managed device-applied device profiles take priority over Open Directory-stored computer settings.
Manually installed user and device profiles always have the lowest priority over Open Directory-stored or managed device-applied user or device settings.