When creating a profile within the VMware Workspace ONE UEM console, the general rule of thumb is to limit to one payload at a time. This has several advantages:

• It’s easier to identify the purpose of each profile with a unique title. 
• Modifying a payload within a profile won’t necessarily cause any unwanted consequences.

Suppose you have both email and restriction payloads within a single profile. If you make any changes within the restriction payload (which is pretty seamless to end-users), it will also re-push the mail profile when you re-publish the same profile.

However, there can be an exception to this rule especially when it comes to provisioning Wi-Fi and enforcing Wi-Fi whitelisting. In certain setup, you may end up with not just two payloads but three payloads within a profile! How could this happen? Let me share my example.

To connect to a corporate Wi-Fi, a user will not only enter his/her credential, he/she also needs to trust a certificate when prompted.

While you can configure all of the above within a Wi-Fi profile, the trouble comes if you have Wi-Fi whitelisting enabled in a separate profile. Since there’s no telling which profile will get executed first, your device may not get to connect to the pre-configured Wi-Fi before the restriction (Wi-Fi whitelisting) kicks in. This will leave you in limbo as you can’t connect to any Wi-Fi whatsoever.

So while it’s unorthodox, it’s actually acceptable per VMware support to have multiple payloads within a profile to address the need above. In my case, I accomplish 3 objectives with one profile:

• Pre-configure specific Wi-Fi
• Deploy certificates required for the same Wi-Fi
• Whitelist the same Wi-Fi for utmost security

In conclusion, it does pay if you think outside the box. 🙂