Allow Admins to Edit Profile PayloadIdentifier Values
With admins having to move profiles to MDM in 10.16, it would be great to be able to edit the Simple created PayloadIdentifier for these profiles to match existing values.
A warning dialog box to explain the issues this may create would be sufficient (and welcome) to help admins know the risks with editing the value.
-
Eric Holtam commented
I agree. Prior to MDM, admins had to maintain the profiles that were being deployed and installed via the `profiles` command. That required having unique identifiers.
Now with needing to migrate _all_ profiles to MDM for Big Sur compatibility, there should be an option to allow an admin to provide their own identifier. This would help with the migration as the MDM delivered payload would "take over" the existing locally installed profile since the payload identifier matches. With the current setup there is a non-ideal situation where two profiles with the same payloads could be installed at the same time under two different identifiers and the locally installed profile would need to be removed in some form after verifying the MDM payload has already been delivered to make sure there is no gap of profile management. If the MDM could just overwrite that payload with its own the solution to the problem just got a whole lot easier.