Contents x
    Configuring Restrictions for Mac (macOS) Devices
    • 06 Feb 2024
    • 4 Minutes to read
    • Print
    • PDF
    Contents

    Configuring Restrictions for Mac (macOS) Devices

    • Updated on 06 Feb 2024
    • 4 Minutes to read
    • Print
    • PDF
    Article Summary

    Restrictions are a part of the Mac Device Profile that lets you control various settings and access controls on a managed macOS device. At a broader level, Scalefusion offers the following restrictions,

    1. System Preferences: Enable or Restrict users access to the options in the System Preferences app.
      The preferences restrictions have been deprecated starting macOS 13, and cannot be controlled via MDM policies.

    2. Apps: Control the Application installation settings and choose an application policy to allow selected apps.
    3. Media: Control the Media sharing options and Disk usage options.
    4. Sharing: Choose the sharing options that are allowed for the user.

      Sharing restrictions have been deprecated starting macOS 10.13, and these settings cannot be controlled via MDM policies.

      In case you have already configured these settings and want to revert to the original form of the Sharing menu on the device(s), please uncheck Enable Sharing Restrictions at the top of the page.

    5. Functionality: Control a variety of iCloud, passwords, and other functional features.

    Follow the steps below to configure these Restrictions,

    1. From the Device Management > Device Profile section, Create a new profile or Edit an existing profile.
    2. Click on the Restrictions option to expand it.
    3. The first section is Preferences. The options are,
      The preferences restrictions have been deprecated starting macOS 13, and cannot be controlled via MDM policies.
      1. Restrict Items in System Preferences: Enable this if you want to control the items that the user can access in the System Preferences (Settings) app on the Mac device.
      2. Enable selected items: Choose this option if you want to enable the selected items from the list below.
      3. Disable selected items: Choose this option if you want to disable the selected items from the list below.
      4. System Preference Panes: Select the items that you want to control.
        Disabling the "Profiles" pane will not allow the user to remove the MDM management from the device. The only way to remove the management would be to delete the device from Scalefusion Dashboard, assuming that the device has internet.
    4. The next section is Apps. This section offers controls on the applications and also allows applications. The options are,
      1. Basic Settings: This tab offers the following controls
        Setting
        		Description
        Allow use of Game Center
        		Controls if the users are allowed to use the Game Center feature.
        Allow Software update Notifications
        		Controls if the software update notifications should be shown or not.
        Allow App Store AdoptionEnable/Disable App Store adoption by users.
        Require Admin Password to Install Apps
        		Restricts App installation to admin users, and non-admin users need an admin password.
        Restrict App Store to MDM-installed apps and software updates
        		Restricts App installation to the ones pushed via Scalefusion. Blocks the App Store completely.
        Allow Safari Autofill
        		Enable/Disable the Safari Autofill feature.
      2. Select Apps: This tab allows you to enable a list of allowed applications from a set of pre-installed applications. To configure the application policy, enable Select Applications, which are allowed to launch and select the applications from the list below.
        Application Policy or Blocking of apps works only for non-admin users. Excluding the applications that are allowed, all system and third-party applications, including the ones pushed from Scalefusion MDM, will be blocked.
    5. The next section is Media. This section allows you to control Media and Disk sharing options. The options are,
      1. Network Access: Control network sharing access options.
        1. AirDrop: Choose if AirDrop should be enabled for network media sharing
      2. Hard Disk Media Access: Access settings for hard disk media.
        1. External Hard Disks: Choose to Allow mounting of external HDD and enforce Read-Only mode.
        2. Disk Images: Choose to Allow mounting of a disk image and enforce Read-Only mode.
        3. DVD-RAM: Choose to Allow mounting of a DVD-RAM and enforce Read-Only mode.
      3. Disk Media Access: Select which media peripherals are allowed.
      4. Eject at Logout: Enforce the Eject of mounted media devices when the user logs out.
      5. Allow iTunes File Sharing: Enable/Disable iTunes-based file sharing.
        For the Media changes to take effect, the Media Drives need to be remounted, or the changes take effect on the next login.
    6. The next section is Functionality. This allows control of various features of a Mac device. The options are,
    Setting
    		Description
    Lock desktop picture
    		Enable if the user should be prevented from changing the desktop wallpaper.
    If Branding is set on the profile, then this setting will not work
    Desktop picture path
    		Works if the Lock desktop picture is enabled. Specify a local path on the Mac device.
    Allow use of Camera
    		Control if the user is allowed to use the integrated camera.
    Allow Apple Music
    		Control if the user is allowed to use the Apple Music services.
    Allow Spotlight Suggestions
    		Control if the Spotlight suggestions should be enabled or disabled. This will filter out the Search results from Spotlight.
    Allow Look Up
    		Enable or Disable Look Up-based suggestions in Safari.
    Allow Touch ID to unlock the device
    		Enable or Disable Touch ID to unlock the device.
    Allow password sharing
    		Control if password sharing needs to be disabled for all the applications, including Safari.
    Allow password Autofill
    		Control if password autofill needs to be disabled for all the applications, including Safari.
    Allow proximity based password sharing requests
    		Control if the password-sharing requests based on nearby devices should be allowed or not.
    Control if the password-sharing requests based on nearby devices should be allowed or not.

    Allow iCloud Drive
    		Control if the users can use iCloud Drive and sync files.
    Allow iCloud Desktop & Documents
    		Control if the iCloud Desktop & Documents are allowed to sync.
    Allow iCloud Keychain
    		Control Keychain syncing to iCloud.
    Allow iCloud Mail
    		Allow iCloud Mail sync features.
    Allow iCloud Contacts
    		Control iCloud Contacts sync.
    Control iCloud Contacts sync.
    		Control iCloud Calendar sync feature.
    Allow iCloud reminders
    		Control iCloud Reminders sync feature.
    Allow iCloud bookmarks
    		Control if the iCloud bookmarks should be synced to Safari.
    Allow iCloud Notes
    		Control of iCloud Notes should be synced to the local Notes application.
    Defer OS/software updates
    		Choose a time range between 30-90 days to defer the Mac OS updates.

        7. Click SAVE on the top right to save the changes to the device profile.

    Was this article helpful?
    What's Next
    Ambitious companies around the world trust Scalefusion to secure and manage endpoints including smartphones, tablets, laptops, rugged devices, POS, and digital signages. Our mission is to make Device Management simple and effortless along with providing world class customer support.
    By Business Initiative
    Top Features
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © 2023 Scalefusion. All rights reserved.