Security & Privacy settings for Mac (macOS) Devices

For a secure device management, it becomes important to control the Application installation sources, enable Firewall and control the privacy settings.

Scalefusion allows IT Admins to configure the Security & Privacy settings for the managed macOS devices. Follow the steps below to configurethese settings in Mac (macOS) Device Profiles,

  1. Navigate to Device Management > Device Profiles section.
  2. Launch the Device Profile Wizard, by clicking on CREATE NEW PROFILE or select a Mac Device Profile and Edit it from the action panel.
  3. Click on the Security & Privacy section to start configuring the security & privacy settings.
  4. The General section offers the following settings,

    Setting

    Description

    Configure Gatekeeper Settings

    • Mac App Store
    • Mac App Store and Identified Developers
    • If Gatekeeper setting is NOT enabled, then users can download any dmg or package file and install it, even if it is not signed by a valid developer certificate.
    • If Mac App Store is selected then users will be allowed to install applications only from Apple App Store.
    • If Mac App Store and Identified Developers then users can install third party dmg and package files as well that are signed by a valid developer certificate.

    Do not allow user to override Gatekeeper setting

    If enabled, this setting prevents the user from temporarily overriding the Gatekeeper settings by right clicking on the downloaded file and installing/opening it.

    Allow user to change Password

    Control if the users are allowed to change the password from System Preferences.

    Require Password ___ after sleep or screen saver begins

    Choose a duration after the screensaver starts or the device goes to sleep when the user is asked to enter a Password.

    Allow user to set lock message

    Control if the users are allowed to change the lock screen message from System Preferences.

    Allow users to unlock the Mac using an Apple Watch

    Control if the user is allowed to unlock the Mac using a paired Apple Watch.

    Restrict Profile Removal

    Choose if the users can remove the installed Configuration Profiles.

    This DOES NOT restrict the user from unenrolling from Scalefusion MDM.
  5. The Firewall section offers the following settings,
    1. Enable Firewall: Enable this setting to control & secure the connections between the applications and network ports on the managed Mac devices.
      Note: Firewall cannot be turned Off remotely, It can only be enabled.
    2. Enable Stealth Mode: Enabling Stealth Mode blocks the Mac from responding to incoming probe requests. The incoming requests for authorized apps are still acknowledged by the Mac while unexpected requests such as ICMP (ping) are disregarded.
    3. Enable Incoming Connections: Enable this setting to blocks all incoming network connections except those required for basic internet services, such as DHCP, IPSec etc.
      Note: Use this option with caution, as it may cause issues with the regular usage of the managed Mac device.
  6. The Privacy section offers the following setting,
    1. Send diagnostic & usage data to Apple, and share crash data with app developers: Enable this setting if you want the diagnostic data to be shared with Apple and crash data with application developers.
  7. Click SAVE to save the changes to the profile.


How did we do?


Powered by HelpDocs