Configuring Restrictions for Mac (macOS) Devices
Restrictions are a part of Mac Device Profile that lets you control various settings and access controls on a managed macOS device. At a broader level, Scalefusion offers the following restrictions,
- System Preferences: Enable or Restricts users access to the options in System Preferences app.
- Apps: Control the Application installation settings and choose an application policy to allow selected apps.
- Media: Control the Media sharing options and Disk usage options.
- Sharing: Choose the sharing options that are allowed for the user.Note: Sharing restrictions have been deprecated starting macOS 10.13 and these settings cannot be controlled via MDM policies.
In case you have already configured these settings and want to revert to the original form of the Sharing menu on the device(s), please uncheck Enable Sharing Restrictions at the top of the page. - Functionality: Control a variety of iCloud, passwords, and other functional features.
Follow the steps below to configure these Restrictions,
- From the Device Management > Device Profile section, Create a new profile or Edit an existing profile.
- Click on Restrictions option to expand it.
- The first section is Preferences. The options are,
- Restrict Items in System Preferences: Enable this if you want to control the items that user can access in the System Preferences (Settings) app on the Mac device.
- Enable selected items: Choose this option if you want to enable the selected items from the list below.
- Disable selected items: Choose this option if you want to disable the selected items from the list below.
- System Preference Panes: Select the items that you want to control.
- The next section is Apps. This section offers controls on the applications and also allows applications. The options are,
- Basic Settings: This tab offers the following controls
Setting
Description
Allow use of Game Center
Controls if the users is allowed to use Game Center feature.
Allow Software update Notifications
Controls if the software update notifications should be shown or not.
Allow App Store Adoption
Enable/Disable App Store adoption by users.
Require Admin Password to Install Apps
Restricts App installation to admin users and for non-admin users needs an admin password.
Restrict App Store to MDM installed apps and software updates
Restricts App installation to the ones pushed via Scalefusion. Blocks the App Store completely.
Allow Safari Autofill
Enable/Disable Safari Autofill feature.
- Select Apps: This tab allows you to enable a list of allowed applications from a set of pre-installed applications. To configure application policy, enable Select Applications which are allowed to launch and select the applications from the list below.
- Basic Settings: This tab offers the following controls
- The next section is Media. This section allow you to control, Media and Disk sharing options. The options are,
- Network Access: Control network sharing access options.
- AirDrop: Choose if AirDrop should be enabled for network media sharing
- Hard Disk Media Access: Access settings for hard disk media.
- External Hard Disks: Choose to Allow mounting of external HDD and enforce Read-Only mode.
- Disk Images: Choose to Allow mounting of a disk-image and enforce Read-Only mode.
- DVD-RAM: Choose to Allow mounting of a DVD-RAM and enforce Read-Only mode.
- Disk Media Access: Select which media-peripherals are allowed.
- Eject at Logout: Enforce Eject of mounted media devices when user logout.
- Allow iTunes File Sharing: Enable/Disable iTunes based file sharing.
- Network Access: Control network sharing access options.
- The next section is Functionality. This allows control on various features of a Mac device. The options are,
Setting
Description
Lock desktop picture
Enable if the user should be prevented from changing the desktop wallpaper.
Desktop picture path
Works if the Lock desktop picture is enabled. Specify a local path on the Mac device.
Allow use of Camera
Control if the user is allowed to use the integrated camera.
Allow Apple Music
Control if the user is allowed to use the Apple Music services.
Allow Spotlight Suggestions
Control if the Spotlight suggestions should be enabled or disabled. This will filter out the Web-Search results from Spotlight.
Allow Look Up
Enable or Disable Look Up based suggestions in Safari.
Allow Touch ID to unlock device
Enable or Disable Touch ID to unlock the device.
Allow password sharing
Control if password sharing needs to be disabled for all the applications including Safari.
Allow password Autofill
Control if password autofill needs to be disabled for all the applications including Safari.
Allow proximity based password sharing requests
Control if the password sharing requests basing on near by devices should be allowed or not.
Allow use of iCloud password for local accounts
Allow iCloud Drive
Control if the users can use iCloud Drive and sync files.
Allow iCloud Desktop & Documents
Control if the iCloud Desktop & Documents are allowed to sync.
Allow iCloud Keychain
Control Keychain syncing to iCloud.
Allow iCloud Mail
Allow iCloud Mail sync features.
Allow iCloud Contacts
Control iCloud Contacts sync.
Allow iCloud Calendars
Control iCloud Calendar sync feature.
Allow iCloud reminders
Control iCloud Reminders sync feature.
Allow iCloud bookmarks
Control if the iCloud bookmarks should be synced to Safari.
Allow iCloud Notes
Control if iCloud Notes should be synced to local Notes application.
Defer OS/software updates
Choose a time-range between 30-90 days to defer the Mac OS updates.
- Click SAVE on the top right to save the changes to device profile.