Configuring a system policy control setting

The system policy control setting allows you to manage macOS Gatekeeper functionality. Gatekeeper secures the macOS operating system by enforcing code signing and verifying applications downloaded from the web before allowing users to run them. The goal of Gatekeeper is to reduce the likelihood of accidentally running malware.

The system policy control setting you define in Ivanti EPMM is analogous to the options available on macOS under System Preferences > Security & Privacy > General.

Only one policy is allowed per macOS device. You can define multiple policies and assign a priority level to each, such that Ivanti EPMM can determine which policy it sends to macOS devices.

This policy is supported on devices running macOS 10.10 or supported newer versions.


  1. Select Policies & Configs > Policies.
  2. Select Add New > iOS and macOS > macOS > System Policy Control.
  3. Use the guidelines in the table below to complete this form.





    Enter a name for the policy.


    Select the relevant radio button to indicate whether the policy is Active or Inactive.

    Only one active policy can be applied to a device.


    Specifies the priority of this policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is available.

    Select Higher than or Lower than, then select an existing policy from the drop-down list.

    For example, to give Policy A a higher priority than Policy B, you would select “Higher than” and “Policy B”.


    Enter an explanation of the purpose of this policy.

    Application Assessment

    Select to enable the Gatekeeper application assessment functionality. Gatekeeper will assess every application macOS users download from the web.

    Allow Identified Developers

    Select to allow only those applications with proper code signatures.

  1. Select Save.
  2. Apply the policy to a macOS label.