Configuring a system policy control setting
The system policy control setting allows you to manage macOS Gatekeeper functionality. Gatekeeper secures the macOS operating system by enforcing code signing and verifying applications downloaded from the web before allowing users to run them. The goal of Gatekeeper is to reduce the likelihood of accidentally running malware.
The system policy control setting you define in Ivanti EPMM is analogous to the options available on macOS under System Preferences > Security & Privacy > General.
Only one policy is allowed per macOS device. You can define multiple policies and assign a priority level to each, such that Ivanti EPMM can determine which policy it sends to macOS devices.
This policy is supported on devices running macOS 10.10 or supported newer versions.
Procedure
- Select Policies & Configs > Policies.
- Select Add New > iOS and macOS > macOS > System Policy Control.
- Use the guidelines in the table below to complete this form.
Item
Description
Name
Enter a name for the policy.
Status
Select the relevant radio button to indicate whether the policy is Active or Inactive.
Only one active policy can be applied to a device.
Priority
Specifies the priority of this policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is available.
Select Higher than or Lower than, then select an existing policy from the drop-down list.
For example, to give Policy A a higher priority than Policy B, you would select “Higher than” and “Policy B”.
Description
Enter an explanation of the purpose of this policy.
Application Assessment
Select to enable the Gatekeeper application assessment functionality. Gatekeeper will assess every application macOS users download from the web.
Allow Identified Developers
Select to allow only those applications with proper code signatures.
- Select Save.
-
Apply the policy to a macOS label.