Securing App installation using Gatekeeper

Overview

Gatekeeper is a security feature that can be provisioned on computers running Mountain Lion or later versions of macOS. This feature can be used to restrict the users from downloading Apps from the internet, other than the App Store. When users are allowed to download Apps from the internet, there is always a probability for security glitches. Every App that is downloaded or approved by the App Store has been certified against malware, tampered, or security issues. Administrators can use this setting, to allow users downloading Apps from the App Store or identified developers. Apple provides a "Developer ID" to the developers, whose Apps can be trusted.  Apple uses the Developer ID to digitally sign the Apps, which means the Gatekeeper can recognize Apps which has a Developer ID and allow installation of such apps.

Secure Installing Apps from Identified Developers and App Store

Administrators can choose  to configure the Gatekeeper, which will be applied to specific computers. Applying this configuration to the computer will allow all the communication from the specific computer through the Gatekeeper.  So administrator will have the complete control over the communication, from the computer.

The following steps explain on how to deploy Gatekeeper Settings to a computer:

1. From Configurations tab, navigate to Add Configurations -> Configuration -> Mac.
2. Select Gatekeeper and choose Computer.
3. Specify the name and description for the configuration .
4. Specify from where download of applications need to be allowed, it could be App Store or App Store & Identified Developers or anywhere.
5. Specify whether to allow 'Control Click' to open such applications.
6. Define the target
7. Specify retry options if required and deploy the configuration

You have successfully created a configuration to configure "Gatekeeper Settings" for the computers.