With macOS, administrators can deliver an MDM configuration profile that can change settings for just a single user or the whole device. This article will cover what to consider when using user channels for settings management in macOS as well as the payloads supported by this.
User Channel Considerations
The first user created on the device (or the user currently logged in during enrollment) generates a unique token to allow for communication over the user channel. This token is then received by Addigy and stored for delivery of configuration profiles to that specific user. It is important to note that a user must have this token generated and uploaded to Addigy in order for the account to work properly during deployment.
For devices that are bound to a directory service, like Active Directory, all network and mobile users are enabled for user channel configuration profile deployment.
For devices that are 10.12 or newer and not bound to a directory service, there can only be one user that can have this user based token. Changes to which account has user channel enabled will disable the previously working user account. Changing which user has this token requires removal and reinstallation of the MDM profile on the device.
Profile Payloads Supporting User Based Deployment
For the most up-to-date information on these and other configuration profile payloads, Apple has documented each settings payload here.
List of payloads that support user channel as of 11/6/2019: