Configuring Restrictions for Mac (macOS) Devices

Updated 2 months ago by Sriram Kakarala

Restrictions are a part of Mac Device Profile that lets you control various settings and access controls on a managed macOS device. At a broader level, Scalefusion offers the following restrictions,

1. System Preferences: Enable or Restricts users access to the options in System Preferences app.
2. Apps: Control the Application installation settings and choose an application policy to allow selected apps.
3. Media: Control the Media sharing options and Disk usage options.
4. Sharing: Choose the sharing options that are allowed for the user.
   Note: Sharing restrictions have been deprecated starting macOS 10.13 and these settings cannot be controlled via MDM policies.
   In case you have already configured these settings and want to revert to the original form of the Sharing menu on the device(s), please uncheck Enable Sharing Restrictions at the top of the page.

   

5. Functionality: Control a variety of iCloud, passwords, and other functional features.

Follow the steps below to configure these Restrictions,

1. From the Device Management > Device Profile section, Create a new profile or Edit an existing profile.
2. Click on Restrictions option to expand it.

   

3. The first section is Preferences. The options are,
   1. Restrict Items in System Preferences: Enable this if you want to control the items that user can access in the System Preferences (Settings) app on the Mac device.
   2. Enable selected items: Choose this option if you want to enable the selected items from the list below.
   3. Disable selected items: Choose this option if you want to disable the selected items from the list below.
   4. System Preference Panes: Select the items that you want to control.

1. The next section is Apps. This section offers controls on the applications and also allows applications. The options are,
   1. Basic Settings: This tab offers the following controls
      

      Setting	Description
      Allow use of Game Center	Controls if the users is allowed to use Game Center feature.
      Allow Software update Notifications	Controls if the software update notifications should be shown or not.
      Allow App Store Adoption	Enable/Disable App Store adoption by users.
      Require Admin Password to Install Apps	Restricts App installation to admin users and for non-admin users needs an admin password.
      Restrict App Store to MDM installed apps and software updates	Restricts App installation to the ones pushed via Scalefusion. Blocks the App Store completely.
      Allow Safari Autofill	Enable/Disable Safari Autofill feature.

   2. Select Apps: This tab allows you to enable a list of allowed applications from a set of pre-installed applications. To configure application policy, enable Select Applications which are allowed to launch and select the applications from the list below.

1. The next section is Media. This section allow you to control, Media and Disk sharing options. The options are,
   1. Network Access: Control network sharing access options.
      1. AirDrop: Choose if AirDrop should be enabled for network media sharing
   2. Hard Disk Media Access: Access settings for hard disk media.
      1. External Hard Disks: Choose to Allow mounting of external HDD and enforce Read-Only mode.
      2. Disk Images: Choose to Allow mounting of a disk-image and enforce Read-Only mode.
      3. DVD-RAM: Choose to Allow mounting of a DVD-RAM and enforce Read-Only mode.
   3. Disk Media Access: Select which media-peripherals are allowed.
   4. Eject at Logout: Enforce Eject of mounted media devices when user logout.
   5. Allow iTunes File Sharing: Enable/Disable iTunes based file sharing.

1. The next section is Functionality. This allows control on various features of a Mac device. The options are,
   
   

   Setting	Description
   Lock desktop picture	Enable if the user should be prevented from changing the desktop wallpaper.
   Desktop picture path	Works if the Lock desktop picture is enabled. Specify a local path on the Mac device.
   Allow use of Camera	Control if the user is allowed to use the integrated camera.
   Allow Apple Music	Control if the user is allowed to use the Apple Music services.
   Allow Spotlight Suggestions	Control if the Spotlight suggestions should be enabled or disabled. This will filter out the Web-Search results from Spotlight.
   Allow Look Up	Enable or Disable Look Up based suggestions in Safari.
   Allow Touch ID to unlock device	Enable or Disable Touch ID to unlock the device.
   Allow password sharing	Control if password sharing needs to be disabled for all the applications including Safari.
   Allow password Autofill	Control if password autofill needs to be disabled for all the applications including Safari.
   Allow proximity based password sharing requests	Control if the password sharing requests basing on near by devices should be allowed or not.
   Allow use of iCloud password for local accounts
   Allow iCloud Drive	Control if the users can use iCloud Drive and sync files.
   Allow iCloud Desktop & Documents	Control if the iCloud Desktop & Documents are allowed to sync.
   Allow iCloud Keychain	Control Keychain syncing to iCloud.
   Allow iCloud Mail	Allow iCloud Mail sync features.
   Allow iCloud Contacts	Control iCloud Contacts sync.
   Allow iCloud Calendars	Control iCloud Calendar sync feature.
   Allow iCloud reminders	Control iCloud Reminders sync feature.
   Allow iCloud bookmarks	Control if the iCloud bookmarks should be synced to Safari.
   Allow iCloud Notes	Control if iCloud Notes should be synced to local Notes application.
   Defer OS/software updates	Choose a time-range between 30-90 days to defer the Mac OS updates.

2. Click SAVE on the top right to save the changes to device profile.

How did we do?

Related Articles

• Password Policies for Mac (macOS) Devices
• Exchange ActiveSync for Mac (macOS) Devices
• Wifi Configuration for Mac (macOS) Devices