Configuring a system policy control setting

The system policy control setting allows you to manage macOS Gatekeeper functionality. Gatekeeper secures the macOS operating system by enforcing code signing and verifying applications downloaded from the web before allowing users to run them. The goal of Gatekeeper is to reduce the likelihood of accidentally running malware.

The system policy control setting you define in Ivanti EPMM is analogous to the options available on macOS under System Preferences > Security & Privacy > General.

Only one policy is allowed per macOS device. You can define multiple policies and assign a priority level to each, such that Ivanti EPMM can determine which policy it sends to macOS devices.

This policy is supported on devices running macOS 10.10 or supported newer versions.

Procedure

Select Policies & Configs > Policies.
Select Add New > iOS and macOS > macOS > System Policy Control.

Use the guidelines in the table below to complete this form.

Item	Description
Name	Enter a name for the policy.
Status	Select the relevant radio button to indicate whether the policy is Active or Inactive. Only one active policy can be applied to a device.
Priority	Specifies the priority of this policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is available. Select Higher than or Lower than, then select an existing policy from the drop-down list. For example, to give Policy A a higher priority than Policy B, you would select “Higher than” and “Policy B”.
Description	Enter an explanation of the purpose of this policy.
Application Assessment	Select to enable the Gatekeeper application assessment functionality. Gatekeeper will assess every application macOS users download from the web.
Allow Identified Developers	Select to allow only those applications with proper code signatures.

Select Save.
Apply the policy to a macOS label.