With macOS, administrators can deliver a configuration profile that can change settings for just a single user or the whole device. This article will cover the differences between device and user channels for settings management in macOS.
User Channel Considerations:
The first user created on the device (or the user currently logged in during enrollment) generates a unique token to allow for communication over the user channel. This token is then received by Addigy and stored for delivery of configuration profiles to that specific user. It is important to note that a user must have this token generated and uploaded to Addigy in order for the account to work properly during deployment.
For devices that are bound to a directory service, like Active Directory, all network and mobile users are enabled for user channel configuration profile deployment.
For devices that are 10.12 or newer and not bound to a directory service, there can only be one user that can have this user based token. Changes to which account has user channel enabled will disable the previously working user account. Changing which user has this token requires removal and reinstallation of the MDM profile on the device.
Profile Payloads Supporting User Based Deployment:
For the most up-to-date information on these and other configuration profile payloads, Apple has documented each settings payload here.
List of payloads that support user channel as of 11/6/2019:
Active Directory Certificate