Acknowledgements: Full credit to Tom Case on the MacAdmins Slack for this tip.
It's not immediately obvious that you can import custom .mobileconfig profiles into Mosyle MDM, but apparently you can if you go to Management > Certificates > (click on profile or add new one) > Select the file.
Those can be any .mobileconfig files—they do not have to be actual certificates.
You may sometimes script preferences using defaults write commands (don't edit the .plist files with a text editor directly). For example, you might change Munki client preferences using a command like:
There are several methods to get or generate .mobileconfig profiles. I'm listing them below in order of preference from top recs to not-to-top recs.
Chances are if you want to manage a setting, someone else has also wanted at some point to manage that setting. site:github.com mobileconfig is a great Google search for finding those.
You can create .mobileconfig profiles from existing .plist preference files you already have on a sample client machine. Just download Tim Sutton's mcxToProfile.
Then you can run something like
Apple Configurator is another option.
Just click File and select New Profile.
Once you've selected everything you want to configure, click Save.
The code it produces is (like mcxToProfile's) clean and easy to edit. And, yes, you usually want to edit down .mobileconfig profiles to be only the things you actually want to manage. Omit (i.e., delete) anything that you want your users to be able to manage themselves.
If you're using Server.app, there's a built-in way to generate profiles.
I usually create a test device group with no actual devices in it.
Then, under Settings, select Edit.
Find the type of setting you want to edit (there are some generic settings and then others specific to iOS or macOS). and click Configure and check off all the stuff you want configured.
Then once you've closed out of the editing settings space, click Save for the whole device group. This will allow you to download the settings.
Click the Download button and select macOS.
Now we're getting to why I seldom use Profile Manager. It adds in a bunch of binary gobbledygook and shoves all of the tags together so it's not easy to read. So, yeah, you can use it... but not fun.
Update: Apparently, you can tidy up the XML fairly easily if you want. Thanks to Ian Vonesh for the tip.
Whichever method you use, though, you can just import the .mobileconfig directly into Munki and push it out to your clients (be sure to test for unexpected behavior first before moving to production).