Why use a custom policy?
Add Apple settings that aren’t yet exposed in Swif’s built-in policy list.
Re-use a vendor-supplied .mobileconfig (for DNS-filtering, 802.1X, kernel extensions, etc.).
Prototype a setting quickly, then roll it out fleet-wide with Swif’s smart-targeting, versioning, and rollback.
1 │ Start the wizard
Device Management → Policies → New Policy.
You’ll land on Basic configurations (step 1 of 4).
2 │ Fill Basic configurations
Field | What to enter | Tips |
Policy Name | Friendly title (e.g. “Zoom PPPC profile”). | Shown in the Swif console & reports. |
Policy Description | Optional notes for other admins. | Markdown supported. |
Type |
| Switch to Windows to deliver a .json CSP or script instead. |
Config Method | • Upload .mobileconfig – drag-and-drop a signed or unsigned profile • Write Policy Script – paste raw XML/PList | Use Write Policy Script for small tweaks or to build from scratch. |
Identifier | Reverse-DNS string unique in your org (e.g. | Required only for Write Policy Script; Swif auto-reads it from uploaded files. |
Payload Content (Write Policy Script) | Your | No outer |
Heads-up: Keep the overall profile ≤ 300 KB and < 64 payloads to stay within Apple MDM limits.
Click Continue.
3 │ Select devices
Target individual Macs or device groups. (Mix-and-match: you can push one profile to all Finance laptops and a different version to Dev laptops.)
4 │ Select device groups
Optional second filter—handy if you first chose “All devices” but need to exclude, say, lab Macs.
5 │ Review & create
Swif shows a diff-style summary:
Policy metadata
Payload hash & size
Target scope
Hit Create and Swif immediately queues a InstallProfile MDM command. Online Macs apply the profile within seconds; offline devices receive it on next check-in.
Updating or removing the custom policy
Policies → open the policy → Edit to upload a new .mobileconfig or update XML.
Swif auto-increments the version, pushes a RemoveProfile followed by an InstallProfile, and keeps previous versions for rollback.
To retire a profile, set Status → Disabled. Swif removes it on next device sync.
Frequently asked questions
Question | Answer |
Do I need to sign the .mobileconfig? | No—Swif signs the final profile with its MDM certificate before delivery. If you do sign it, Swif preserves your signature. |
Can a bad payload brick Macs? | Swif validates XML syntax and checks for Apple-reserved keys. Malformed profiles are rejected pre-flight. |
What about profile conflicts? | Apple applies the most recent payload with the same PayloadUUID. Use unique IDs (or let Swif generate them) to layer settings safely. |
Can I mix iOS and macOS payloads? | Yes—choose Mac/iOS/iPadOS and include both payload dictionaries; each device installs only what it supports. |
Example minimal PPPC payload (paste into Payload Content)
<array>
<dict>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.acme.camera-deny</string>
<key>PayloadUUID</key>
<string>{{uuid}}</string>
<key>PayloadEnabled</key>
<true/>
<key>Services</key>
<dict>
<key>Camera</key>
<dict>
<key>Authorization</key>
<string>Deny</string>
</dict>
</dict>
</dict>
</array>
Paste, set Identifier =com.acme.camera-deny.profile
, deploy to your target Macs—done.
Review Execution Report
If there is an error in the custom policy, the error information is an async process. The policy installation process does not give Swif the error directly. After a custom policy is installed on a device, it returns an error message to Swif. For example, if a requested field is missing in a profile, it will not be installed on the device.
You can view such custom policy execution reports on the Policy > Report tab.
Next steps
Need inspiration? Apple’s sample .mobileconfig library → developer.apple.com.
Scripting large profiles? Check out
profilebuddy
ormcxToProfile
.
With Swif’s Custom macOS Policy workflow, you can ship any Apple profile across your fleet in minutes—no Jamf-only hacks, no Terminal gymnastics.
Swif Policy glossary – see All Apple policies article instead of creating a custom one.