Configuring Restrictions for Mac (macOS) Devices
  • 26 Dec 2024
  • 5 読む分
  • PDF

Configuring Restrictions for Mac (macOS) Devices

  • PDF

The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約

Restrictions are a part of the Mac Device Profile that lets you control various settings and access controls on a managed macOS device. At a broader level, Scalefusion offers the following restrictions,

  1. Functionality: Control a variety of iCloud, passwords, and other functional features.

  2. Apps: Control the Application installation settings and choose an application policy to allow selected apps.

  3. Preferences (!): Enable or Restrict users access to the options in the System Preferences app.

  4. Media (!): Control the Media sharing options and Disk usage options.

  5. Sharing (!)Choose the sharing options that are allowed for the user.

Deprecated features

Following features have been deprecated and and cannot be controlled via MDM policies. As a result, they are denoted with a red icon in front of them:

Restriction Type

OS version

Preferences 

macOS 13 and later

Media

macOS 11.0 and later

Sharing

macOS 10.13 and later

In case you have already configured these settings and want to revert to the original form of the Sharing menu on the device(s), please uncheck Enable Sharing Restrictions at the top of the page.


Follow the steps below to configure these Restrictions,

  1. From the Device Profiles & Policies > Device Profiles section, Create a new profile or Edit an existing profile.

  2. Click on the Restrictions option to expand it.

  3. After configuring restrictions, click SAVE on the top right to save the changes to the device profile.

Functionality

This allows control of various features of a Mac device. The options are,


Setting

Description

Lock desktop picture

Enable if the user should be prevented from changing the desktop wallpaper.

If Branding is set on the profile, then this setting will not work

Desktop picture path

Works if the Lock desktop picture is enabled. Specify a local path on the Mac device.

Allow use of Camera

Control if the user is allowed to use the integrated camera.

Allow Apple Music

Control if the user is allowed to use the Apple Music services.

Allow Spotlight Suggestions

Control if the Spotlight suggestions should be enabled or disabled. This will filter out the Search results from Spotlight.

Allow Look Up

Enable or Disable Look Up-based suggestions in Safari.

Allow Touch ID to unlock the device

Enable or Disable Touch ID to unlock the device.

Allow password sharing

Control if password sharing needs to be disabled for all the applications, including Safari.

Allow password Autofill

Control if password autofill needs to be disabled for all the applications, including Safari.

Allow proximity based password sharing requests

Control if the password-sharing requests based on nearby devices should be allowed or not.

Control if the password-sharing requests based on nearby devices should be allowed or not.


Allow iCloud Drive

Control if the users can use iCloud Drive and sync files.

Allow iCloud Desktop & Documents

Control if the iCloud Desktop & Documents are allowed to sync.

Allow iCloud Keychain

Control Keychain syncing to iCloud.

Allow iCloud Mail

Allow iCloud Mail sync features.

Allow iCloud Contacts

Control iCloud Contacts sync.

Control iCloud Contacts sync.

Control iCloud Calendar sync feature.

Allow iCloud reminders

Control iCloud Reminders sync feature.

Allow iCloud bookmarks

Control if the iCloud bookmarks should be synced to Safari.

Allow iCloud Notes

Control of iCloud Notes should be synced to the local Notes application.

Enable Siri Profanity Filter

This setting controls whether Siri filters out explicit language in its responses. If enabled, Siri will avoid using profanity in its spoken responses. Instead, Siri will provide a sanitized or alternative answer.

Allow iPhone Mirroring

If enabled, an iPhone or iPad can wirelessly mirror its screen to the Mac, displaying its content on the Mac's display.

Allow modifying Media Share Setting

Control whether a user can change the media sharing settings on their Mac. This feature is supported from macOS 15.1 onwards.

Force Bypass Screen Capture Alert

This setting controls whether a notification is displayed when a screenshot or screen recording is taken. If enabled, no visual or audible alert is shown when a screenshot or screen recording is taken. This feature is supported from macOS 15.1 onwards.

Activation Lock Settings

IT Admins can use these settings to manage Activation Lock (whether users can turn on Activation Lock or not) on the managed macOS devices. To know more about these settings please visit our guide here.


Apps

This section offers controls on the applications and also allows applications. The options are,

  1. Basic Settings: This tab offers the following controls

    Setting

    Description

    Allow use of Game Center

    Controls if the users are allowed to use the Game Center feature.

    Allow Software update Notifications

    Controls if the software update notifications should be shown or not.

    Allow App Store Adoption

    Enable/Disable App Store adoption by users.

    Require Admin Password to Install Apps

    Restricts App installation to admin users, and non-admin users need an admin password.

    This setting is deprecated as of macOS 10.14.

    Restrict App Store to MDM-installed apps and software updates

    Restricts App installation to the ones pushed via Scalefusion. Blocks the App Store completely.

    Allow Safari Autofill

    Enable/Disable the Safari Autofill feature.

  2. Select Apps: This tab allows you to enable a list of allowed applications from a set of pre-installed applications. To configure the application policy, enable Select Applications, which are allowed to launch and select the applications from the list below.

    Application Policy or Blocking of apps works only for non-admin users. Excluding the applications that are allowed, all system and third-party applications, including the ones pushed from Scalefusion MDM, will be blocked.


Preferences


  1. The options are,

    The preferences restrictions have been deprecated starting macOS 13, and cannot be controlled via MDM policies.

    1. Restrict Items in System Preferences: Enable this if you want to control the items that the user can access in the System Preferences (Settings) app on the Mac device.

    2. Enable selected items: Choose this option if you want to enable the selected items from the list below.

    3. Disable selected items: Choose this option if you want to disable the selected items from the list below.

    4. System Preference Panes: Select the items that you want to control.

      Disabling the "Profiles" pane will not allow the user to remove the MDM management from the device. The only way to remove the management would be to delete the device from Scalefusion Dashboard, assuming that the device has internet.


Media

  1. This section allows you to control Media and Disk sharing options. The options are,

    1. Network Access: Control network sharing access options.

      1. AirDrop: Choose if AirDrop should be enabled for network media sharing

    2. Hard Disk Media Access: Access settings for hard disk media.

      1. External Hard Disks: Choose to Allow mounting of external HDD and enforce Read-Only mode.

      2. Disk Images: Choose to Allow mounting of a disk image and enforce Read-Only mode.

      3. DVD-RAM: Choose to Allow mounting of a DVD-RAM and enforce Read-Only mode.

    3. Disk Media Access: Select which media peripherals are allowed.

    4. Eject at Logout: Enforce the Eject of mounted media devices when the user logs out.

    5. Allow iTunes File Sharing: Enable/Disable iTunes-based file sharing.

      For the Media changes to take effect, the Media Drives need to be remounted, or the changes take effect on the next login.

Sharing

From this section, you can choose the options that should be available to the user in the Share menu. To do so, 

  1. Put a check on Enable Sharing Restrictions

  2. Select services that should be available in the share menu from the following:

    1. Airdrop


    2. Mail


    3. Messages


    4. Notes


    5. Reminders


    6. Add to Reading List


    7. Add to Photos


    8. Add to Aperture


    9. Twitter


    10. Facebook


    11. LinkedIn


    12. Video Services - Flickr, Vimeo, Tudou and Youku


    13. Sina Weibo


この記事は役に立ちましたか?