pdf icon
Category Filter

Mac Restrictions

Restrictions lets you force enable/disable essential device functionality settings, security settings, iCloud settings, and Classroom settings on managed mac machines, according to your organization's requirements. This is to achieve higher productivity, without compromising on data security.

The status of restrictions imposed using MDM will be shown under 'Device Details' view. When no restrictions are set on a mobile device using MDM, then by default, the status will be displayed as 'Allowed'.

Profile Description

Profile Settings Supported macOS Version Description
DEVICE FUNCTIONALITY
Camera 10.11 and above Camera can be completely restricted along with FaceTime.
Screenshot and Screen Recording 10.14.4 and above Allowing users to capture the screenshot of the display.
Spotlight Internet Search 10.11 and above Allowing users to use Spotlight Search to find content directly from internet.
Airdrop 10.13 and above Allow/Restrict sharing of documents, media etc., using AirDrop to other devices. If Bluetooth is disabled via restrictions, AirDrop gets automatically disabled as well.
Content caching 10.13 and above Allow content caching to be setup for downloading the content from the nearest machines instead of the Apple Services
Dictionary word lookup 10.11.2 and above Allowing the built-in mac dictionary to retrieve words.
Music 10.12 and above Disabling Apple Music on user's Mac
Auto unlock devices with Apple Watch 10.12 and above Prevent users from using their paired Apple Watch to automatically unlock their Mac.
Handoff 10.12 and above Enabling this option will allow you to resume an existing work/access a content from any device which is logged in using the same icloud account.
Siri 11 and above Allow/Restrict the usage of Siri.
Allow user to modify wallpaper 10.13 and above Allow/Restrict the user from modifying the wallpaper of the device.
Universal Control 13 and above By Restricting Universal Control, users cannot work with the same accessories like keyboard, mouse etc for multiple devices.
SECURITY
Use bio-metric methods such as TouchID and/or FaceID to unlock devices 10.12.4 and above Allowing user to unlock the device using fingerprints/facial recognition
iTunes File Sharing 10.13 and above Prevent users from using iTunes to share content between their Apple devices.
Autofill passwords in Safari and apps 10.14 and above Prevent autofill in browsers and apps.
Share passwords with devices in proximity 10.14 and above Restricting this setting will ensure that the device is not notified to share it's passwords with devices in proximity.
Request passwords from devices in proximity 10.14 and above Restricting this setting will ensure that the device cannot request devices in proximity to share their passwords.
Configure Gatekeeper to allow downloads only from 10.8 and above Gatekeeper is a security feature that verifies downloaded apps before running them on Mac machines. Admin can select the type of apps that should be allowed to run on the Mac. Admins can choose from App Store, App Store and identified developer, or even unidentified sources.
Allow users to override Gatekeeper settings 10.8 and above Restricting this setting will ensure the users do not override Gatekeeper settings configured by the admin.
Allow users to wipe device by erasing all content and settings (supported only on devices with Apple Silicon or T2 security chip) 12 and above Restricting this will prevent users from resetting the devices.
Install configuration profiles and certificates interactively 13 and above Restricting this prevents users from installing or modifying configuration profiles and certificates.
Allow USB connections when device is locked 13 and above When a Mac is locked, all the USB accessories connected to it will become untrusted after 3 days. By restricting this setting, users can connect the USB accessories while mac is locked.
iCLOUD
Sync data & documents from managed apps 10.11 and above Enabling the syncing of all managed apps.
Sync Keychain 10.12 and above Enabling Keychain data such as accounts, passwords and credit card information on a device to be synced and kept up-to-date.
Sync Desktop & Documents 10.12.4 and above Allowing users to sync the files on their Desktops and Documents folders
Sync Bookmarks 10.12 and above Allowing users to sync their browser Bookmarks with iCloud
Sync Mail 10.12 and above Allowing users to sync their mails with iCloud
Sync Notes 10.12 and above Allowing users to sync their notes with iCloud
Sync Calender 10.12 and above Allowing users to sync their calender with iCloud
Sync Reminders 10.12 and above Allowing users to sync their reminders with iCloud
Sync Contacts 10.12 and above Allowing users to sync their contacts with iCloud
Sync Photo Library 10.12 and above Allow users to sync their photos with iCloud
Allow iCloud in Private Relay 12 and above Allowing Private relay hides IP address and Safari browsing activity of users from websites, network providers and Apple.
CLASSROOM (Applicable if Classroom 2.0 app is installed on the Teacher devices)
Automatically join classes without prompting 10.14.4 and above Enabling this ensures the student devices mandatorily auto-join the classes, without any notification/prompt on the device.
Allow teachers device to lock apps and devices without prompting 10.14.4 and above Enabling this ensures the teacher can either fully lock the student device or lock specific apps on the device, without any notification/prompt on the device.
Allow AirPlay and screen viewing by teachers device 10.14.4 and above Enabling this allows the teacher to view the student device screen, after notifying/requesting permission s to do the same from the user.
Allow teachers device to AirPlay and view screen without prompting 10.14.4 and above Enabling this allows the teacher to view the student device screen, without any notification/prompt on the device.
Teacher's permission required before leaving a classroom 10.14.4 and above A student must request permission from the teacher before leaving a classroom.
APPLICATIONS
Game Center 10.13 and above Allow/Restrict the usage of Game Center.
Download iBooks Content 11 and above Allow/Restrict users from downloading content from iBooks Store.
Erotic Content 11 and above Allow/Restrict users from downloading media which is tagged as erotic from iBooks. To configure this, Download iBooks content should be enabled.
NETWORK AND ROAMING
Modify Bluetooth - Allow/Restrict users from modifying Bluetooth. If Bluetooth is disabled via restrictions, AirDrop gets automatically disabled as well.
Set Bluetooth on Devices 10.13.4 and above Bluetooth can be restricted to always On/Off state. To configure this, Modify Bluetooth should be enabled.
PRIVACY
Find my friends 11 and above Allow/Restrict users from configuring Find My Friends in the Find My app.
Find my device 11 and above Allow/Restrict users from configuring Find My Device in the Find My app.
CONTENT RATINGS
Enable ratings by region - Enable/Disable ratings by region.
KEYBOARD SETTINGS
Dictation 10.13 and above Allow/Restrict use of Dictation from the keyboard(s).
Jump To