Restrictions Payload MacOS
- Former user (Deleted)
- Mikkel Knop
Owned by Former user (Deleted)
Sept 09, 2020
5 min read
Loading data...
Description
This payload can be used to restrict access to certain features and capabilities of a macOS device. Some restrictions require that the device is Supervised and is marked with an asterisk.
| Functionality | Description | Default Value | Device Must be Supervised |
|---|---|---|---|
| Functionality | |||
| Allow Use Of Camera | When false, the camera is completely disabled and its icon is removed from the Home screen. Users are unable to take photographs. | [Not Checked] | |
| Allow Cloud Back To My Mac | Optional. When false, disallows macOS Back to My Mac iCloud service. Availability: Available in macOS 10.12 and later. | [Not Checked] | |
| Allow Cloud Find My Mac | Optional. When false, disallows macOS Find My Mac iCloud service. Availability: Available in macOS 10.12 and later | [Not Checked] | |
| Allow Cloud Bookmarks | Optional. When false, disallows macOS iCloud Bookmark sync. Availability: Available in macOS 10.12 and later. | [Checked] | |
| Allow Cloud Mail | Optional. When false, disallows macOS Mail iCloud services. Availability: Available in macOS 10.12 and later. | [Not Checked] | |
| Allow Cloud Calendar | Optional. When false, disallows macOS iCloud Calendar services. Availability: Available in macOS 10.12 and later. | [Not Checked] | |
| Allow Cloud Reminders | Optional. When false, disallows iCloud Reminder services. Availability: Available in macOS 10.12 and later. | [Checked] | |
| Allow Cloud Address Book | Optional. When false, disallows macOS iCloud Address Book services. Availability: Available in macOS 10.12 and later. | [Not Checked] | |
| Allow Cloud Notes | Optional. When false, disallows macOS iCloud Notes services. Availability: Available in macOS 10.12 and later. | [Checked] | |
| Allow Cloud Document Sync | Optional. When false, disables document and key-value syncing to iCloud. Availability: Available in macOS 10.11 and later. | [Not Checked] | |
| Allow Cloud Key ChainSync | Optional. If false, disables iCloud keychain synchronization. The default is true. Availability: Available in macOS 10.12 and later. | [Not Checked] | |
| Allow Fingerprint For Unlock | Optional. If false, prevents Touch ID from unlocking a device. Availability: Available in macOS 10.12.4 and later. | [Not Checked] | |
| Allow iTunes File Sharing | Optional. When false, the iTunes application file-sharing services are disabled. Availability: Available in macOS 10.13 and later. | [Not Checked] | |
| Allow Spotlight Internet Results | Supervised only. If set to false, the Spotlight will not return Internet search results. Availability: Available in macOS 10.11 and later. | [Not Checked] |
|
| Allow Definition Lookup | Supervised only. If set to false, disables definition lookup. Defaults to true. Availability: Available in macOS 10.11.2 and later. | [Not Checked] |
|
| Allow Music Service | Supervised only. If set to false, Music service is disabled and the Music app reverts to classic mode. Defaults to true. Availability: Available in macOS 10.12 and later. | [Not Checked] |
|
| Allow Cloud Photo Library | If set to false, disables iCloud Photo Library. Any photos not fully downloaded from iCloud Photo Library to the device will be removed from local storage. Availability: Available in macOS 10.12 and later. | [Not Checked] | |
| Allow Auto Unlock | If set to false, disallows macOS auto-unlock. Defaults to true. Availability: Available only in macOS 10.12 and later. | [Not Checked] | |
| Allow Cloud Desktop And Documents | If set to false, disallows macOS cloud desktop and document services. Defaults to true. Availability: Available in macOS 10.12.4 and later. | [Checked] | |
| Allow Air Print | Supervised only. If set to false, disallow AirPrint. Defaults to true. Availability: Available only in macOS 10.13 and later. | [Not Checked] |
|
| Force Air Print Trusted TLS Requirement | Supervised only. If set to true, requires trusted certificates for TLS printing communication. Defaults to false. Availability: Available in macOS 10.13 and later. | [Not Checked] |
|
| Allow Air Print iBeacon Discovery | Supervised only. If set to false, disables iBeacon discovery of AirPrint printers. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic. Defaults to true. Availability: Available in and macOS 10.13 and later. | [Not Checked] |
|
| Force Delayed Software Updates | Supervised only. If set to true, delay user visibility of Software Updates. Defaults to false. | [Not Checked] |
|
| Enforced Software Update Delay | Supervised only. This restriction allows the admin to set how many days a software update on the device will be delayed. With this restriction in place, the user will not see a software update until the specified number of days after the software update release date. | 30 |
|
| macOS 10.13+ features | |||
| Allow Content Caching | When false, this disallows content caching. Defaults to true | [Checked] |
|
| macOS 10.14+ features | |||
| Force Classroom Automatically Join Classes | If set to true, automatically give permission to the teacherʼs requests without prompting the student. Defaults to false. | [Not Checked] |
|
| Force Classroom Request Permission To Leave Classes | If set to true, a student enrolled in an unmanaged course via Classroom will request permission from the teacher when attempting to leave the course. Defaults to false. | [Not Checked] |
|
| Force Classroom Unprompted App And Device Lock | If set to true, allow the teacher to lock apps or the device without prompting the student. Defaults to false. | [Not Checked] |
|
| Force Classroom Unprompted Screen Observation | If set to true, and 'Screen Observation Permission Modification Allowed' is also true in the Education payload, a student enrolled in a managed course via the Classroom app will automatically give permission to that courseʼs teacherʼs requests to observe the studentʼs screen without prompting the student. Defaults to false. | [Not Checked] |
|
| Allow Password AutoFill | If set to false, users will not be able to use the AutoFill Passwords feature on iOS and will not be prompted to use a saved password in Safari or in apps. If set to false | [Checked] |
|
| Allow Password Proximity Requests | If set to false, a userʼs device will not request passwords from nearby devices. Defaults to true. | [Checked] |
|
| Allow Password Sharing | If set to false, users can not share their passwords with the Airdrop Passwords feature. Defaults to true. | [Checked] |
|
For more information on specific features, refer to Apple’s documentation → Apple Configuration Profile Reference