Skip to content

Blueprint Overview

What is a Blueprint

A Blueprint is a collection of configuration settings that defines how a device should behave. Think of it as a policy template — you create one Blueprint with your desired settings (passcode policy, Wi-Fi profiles, restrictions, etc.) and assign it to one or more device groups. Every device in that group automatically receives the same configuration.

Blueprints are the primary mechanism for managing device settings at scale. Instead of configuring each device individually, you define the policy once and let the system propagate it.

How to Create a Blueprint

  1. Navigate to Configuration Management > Blueprints.
  2. Click Create Blueprint.
  3. Give it a name and an optional description.
  4. Configure the settings you need (see available types below).
  5. Save the Blueprint.

Once saved, the Blueprint is ready to be assigned to groups.

Available Configuration Types

iOS / iPadOS / tvOS

TypeDescription
PasscodeRequire a device passcode with configurable complexity, minimum length, and lockout rules.
RestrictionsBlock or allow device features (camera, app store, in-app purchases, etc.).
WiFiDeploy Wi-Fi network profiles (SSID, security type, certificates).
VPNConfigure VPN connections (IKEv2, IPSec, PPTP, or per-app VPN).
Content FilterFilter web content by URL allow/block lists or plug-in-based filtering.
CertificateInstall PKCS12 or PEM certificates for identity and trust.
SCEPDeploy Simple Certificate Enrollment Protocol profiles for automated certificate issuance.
EmailConfigure Exchange ActiveSync or IMAP/POP email accounts.
ExchangeFull Exchange account setup with calendar, contacts, and reminders sync.
LDAPConfigure LDAP directory server connection for contact lookup.
CalDAVCalDAV calendar account configuration.
CardDAVCardDAV contact account configuration.
Subscribed CalendarSubscribe to a read-only calendar via URL.
Web ClipAdd a web shortcut to the home screen with a custom icon.
Single App ModeLock a device to a single app (kiosk mode).
Global HTTP ProxyRoute all HTTP traffic through a proxy server.
DNS SettingsConfigure custom DNS servers and search domains.
DomainsMark email domains and managed Safari domains.
AirPrintPre-configure AirPrint printers by IP or hostname.
Home Screen LayoutDefine the exact app layout on the home screen and dock.
NotificationsConfigure notification settings (banners, badges, sounds) per app.

macOS

TypeDescription
Login WindowCustomize the macOS login window (banner text, power controls, auto-login).
DockPin apps, folders, and recent items in the Dock.
Energy SaverConfigure sleep, display-off, and wake timings.
Software UpdateEnforce OS update behavior (deferrals, automatic updates, beta enrollment).
FileVaultEnable full-disk encryption with personal or institutional recovery keys.
FirewallEnable the application firewall and configure stealth mode.
Privacy PreferencesGrant specific apps access to privacy-sensitive services (camera, microphone, accessibility).
System ExtensionsAllow and configure system extensions (network, endpoint security, driver kit).
Kernel ExtensionsAllow specific kernel extensions by team ID and bundle ID.
Login ItemsSpecify apps and scripts that launch at user login.

Cross-Platform

TypeDescription
Custom ConfigurationUpload a raw plist (Apple Property List) for any unsupported or custom configuration profile payload.
VPP App AssignmentsAssign Volume Purchase Program apps to devices with license management (device-based or user-based).

Assigning Blueprints to Groups

After creating a Blueprint, assign it to one or more device groups:

  1. Open the Blueprint detail page.
  2. Click Assign to Groups.
  3. Select the target groups from the list.
  4. Confirm the assignment.

A group can have only one Blueprint assigned at a time. Assigning a new Blueprint to a group replaces the previous one.

Viewing Assigned Groups as Badges

On the Blueprint list page, each Blueprint shows a badge count of how many groups it is currently assigned to. Clicking the badge navigates to the assignment view for that Blueprint.

Blueprint Sync Process

When a Blueprint is created or updated, the system processes the changes as follows:

  1. Profile generation — The system compiles the Blueprint settings into Apple Configuration Profile format (XML plist).
  2. Push notification — An APNs push notification is sent to each enrolled device in the assigned groups, signaling a configuration update.
  3. Device check-in — The device checks in with the MDM server and downloads the updated profile.
  4. Installation — The device installs the profile and applies the new settings.

This process is asynchronous. Changes typically propagate within minutes, depending on device connectivity and APNs delivery.

Released under the MIT License