Blueprints
What is a Blueprint?
A blueprint is GuardMDM's name for a configuration profile — a set of settings and policies that define how a device should behave. Blueprints are the building blocks of device management.
What Blueprints Define
- Device Settings — wallpaper, time zone, language, region
- Security Policies — passcode rules, encryption, lock screen
- Network Configuration — WiFi, VPN, proxy, cellular APN
- App Installations — required apps, managed apps, app config
- Restrictions — camera, Siri, AirDrop, Bluetooth, app store
- Certificates & Identities — root CA, identity certs, SCEP
- Email & Accounts — Exchange, IMAP, CalDAV, CardDAV
- Custom Configuration — arbitrary payloads for advanced use cases
Blueprint Assignment
Blueprints are assigned to Groups, not individual devices. When a device joins a group, it automatically receives all blueprints assigned to that group.
Key Rules
- A Group can have multiple blueprints
- A Blueprint can be assigned to multiple groups
- Devices inherit the combined settings from all blueprints on their group
- If two blueprints conflict, the more restrictive setting wins
Example: Sales Team
| Blueprint | Assigned To |
|---|---|
| Base Security | All Devices |
| Sales CRM | Sales Team |
| VPN Config | Sales Team |
| Email Profile | Sales Team |
The Sales Team group gets three blueprints layered together.
Blueprint Sync
GuardMDM automatically pushes blueprints to devices:
- Blueprint is created or updated
- GuardMDM pushes the profile to every device in the assigned group
- Device applies the profile and reports status
- GuardMDM shows compliance in the dashboard
Changes take effect within minutes. Devices that are offline will receive the update when they reconnect.
Blueprint Configuration Types
| Type | Description |
|---|---|
| Passcode | Length, complexity, max attempts, auto-lock |
| Restrictions | Camera, Siri, app store, AirDrop, Bluetooth |
| WiFi | SSID, security type, proxy, auto-join |
| VPN | Protocol, server, authentication, on-demand rules |
| Certificates | Root CA, identity, SCEP enrollment |
| Exchange/IMAP account, sync settings | |
| Calendar | CalDAV account configuration |
| Contacts | CardDAV account configuration |
| Custom XML | Raw configuration profile payload |
Next: Configuration Management
