Mac Restrictions

Restrictions lets you disable basic device settings or in certain cases, prevents users from modifying essential settings. It lets you force enable/disable native device functionalities to ensure productivity, data loss prevention(DLP) etc. users to access various features of the device, like profile settings, application settings, iCloud settings and security & privacy settings.

The status of restrictions imposed using MDM will be shown under 'Device Details' view. When no restrictions are set on a mobile device using MDM, then by default, the status will be displayed as 'Allowed'.

Profile Settings

Description

DEVICE FUNCTIONALITY

Camera (macOS 10.11 and above)

Camera can be completely restricted along with FaceTime.

Screenshot and Screen Recording (macOS 10.14.4 and above)

Allowing users to capture the screenshot of the display.

Spotlight Internet Search (macOS 10.11 and above)

Allowing users to use Spotlight Search to find content directly from internet.

Content caching (macOS 10.13 and above)

Allow content caching to be setup for downloading the content from the nearest machines instead of the Apple Services

Dictionary word lookup (macOS 10.11.2 and above)

Allowing the built-in mac dictionary to retrieve words.

Music

Disabling Apple Music on user's Mac

Auto unlock devices with Apple Watch

Prevent users from using their paired Apple Watch to automatically unlock their Mac.

Force Siri Profanity Filter

Enabling the profanity filter option in Siri. This can be permitted only when Siri is allowed on the device.

Handoff

Enabling this option will allow you to resume an existing work/access a content from any device which is logged in using the same icloud account.

SECURITY

Use bio-metric methods such as TouchID and/or FaceID to unlock devices (macOS 10.12.4 and above)

Allowing user to unlock the device using fingerprints/facial recognition

iTunes File Sharing (macOS 10.13 and above)

Prevent users from using iTunes to share content between their Apple devices.

Autofill passwords in Safari and apps(iOS 12 or later versions - Supervised devices only)

Prevent autofill in browsers and apps.

Share passwords with devices in proximity

Restricting this setting will ensure that the device is not notified to share it's passwords with devices in proximity.

Request passwords with devices in proximity

Restricting this setting will ensure that the device cannot request devices in proximity to share their passwords.

Use Gatekeeper to restrict app downloads to

Gatekeeper is a security feature that verifies downloaded apps before running them on Mac machines. Admin can select the type of apps that should be allowed to run on the Mac. Admins can choose from App Store, App Store and identified developer, or even unidentified sources.

Allow users to override Gatekeeper settings

Restricting this setting will ensure the users do not override Gatekeeper settings configured by the admin.

iCLOUD

Sync data & documents from managed apps (macOS 10.11 and above)

Enabling the syncing of all managed apps.

Sync Keychain (macOS 10.12 and above)

Enabling Keychain data such as accounts, passwords and credit card information on a device to be synced and kept up-to-date.

Sync Desktop & Documents (macOS 10.12.4 and above)

Allowing users to sync the files on their Desktops and Documents folders

Sync Bookmarks (macOS 10.12 and above)

Allowing users to sync their browser Bookmarks with iCloud

Sync Mail (macOS 10.12 and above)

Allowing users to sync their mails with iCloud

Sync Notes (macOS 10.12 and above)

Allowing users to sync their notes with iCloud

Sync Calender (macOS 10.12 and above)

Allowing users to sync their calender with iCloud

Sync Reminders (macOS 10.12 and above)

Allowing users to sync their reminders with iCloud

Sync Contacts (macOS 10.12 and above)

Allowing users to sync their contacts with iCloud

Sync Photo Library (macOS 10.12 and above)

Allow users to sync their photos with iCloud

CLASSROOM(Applicable if Classroom 2.0 app is installed on the Teacher devices and the Student devices are Supervised)

Automatically join classes without prompting

Enabling this ensures the student devices mandatorily auto-join the classes, without any notification/prompt on the device.

Allow teachers device to lock apps and devices without prompting

Enabling this ensures the teacher can either fully lock the student device or lock specific apps on the device, without any notification/prompt on the device.

Allow AirPlay and screen viewing by teachers device

Enabling this allows the teacher to view the student device screen, after notifying/requesting permission(s) to do the same from the user.

Allow teachers device to AirPlay and view screen without prompting

Enabling this allows the teacher to view the student device screen, without any notification/prompt on the device.

Teacher's permission required before leaving a classroom

A student must request permission from the teacher before leaving a classroom.

See Also: Associating Profiles to Groups, Associating Profiles to Devices, App Management, Distribute Apps to Devices, Distribute Apps to Groups

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine