macOS Restrictions

License: Gold

macOS restrictions determine which restrictions are enabled on macOS devices.

You can set the following features to be enabled or disabled on macOS devices:

macOS Version Features
10.11+
  • Allow Camera
  • Allow iCloud Document Sync

Supervised only:

  • Allow Spotlight Internet Results
10.11.2+ Allow Definition Lookup
10.12+
  • Allow iCloud Keychain Sync
  • Allow Back to my Mac
  • Allow Find my Mac
  • Allow sharing to Notes, Reminders, or LinkedIn
  • Allow Bookmark Sync
  • Allow macOS mail iCloud Service
  • Allow macOS iCloud Calendar Service
  • Allow macOS iCloud Address Book Service
  • Allow iCloud Reminder Service
  • Allow Auto Unlock

Supervised only:

Allow Apple Music

10.12.4+
  • Allow Finger Print for Unlock
10.13+
  • Allow iTunes File Sharing
  • Allow Content Caching
  • Allow modification of Wallpaper

Supervised only:

  • Allow AirPrint
  • Allow AirPrint iBeacon Discovery
  • Force AirPrint Trusted TLS Requirement

  • Allow AirDrop

  • Allow Game Center
10.13.4+

Supervised only:

Defer software updates for a range of days (30 to 90 days)

Default: 30 days.
10.14+

Supervised only:

Allow nearby devices to share requests for a password
10.14.4+
  • Allow Screenshots
  • Allow remote screen observation

Supervised only:

  • Allow automatically to join classroom
  • Allow classroom to request permission to leave classes
  • Allow classroom to lock an app and lock the device without prompting
  • Allow force unprompted managed classroom screen observation
11.0+

Supervised only:

Allow to force delay App Software Updates

11.3+

Enforced Fingerprint timeout

Default: 48 hours

Prerequisite: Touch ID must be configured on the device

11.3+ Supervised only:
  • Enforced Software Update Major OS Deferred Install Delay
  • Enforced Software Update Minor OS Deferred Install Delay
  • Enforced Software Update Non OS Deferred Install Delay
  • Force Delayed Major Software Updates
12+ Supervised only:
  • Allow Erase Content and Settings
  • allowCloudPrivateRelay: If you set the Private Relay ON in a macOS device, the network traffic is encrypted so that the internet activity is private and secure. This restriction requires a supervised device.
macOS 13.0+

 

 
  • Allow Rapid Security Response Installation - To disable the responses. The user cannot install rapid security responses.
  • Allow Rapid Security Response Removal - To block the user from being able to undo the responses. The user cannot remove rapid security responses.
  • Allow Universal Control -
    • If set to True, the configuration lets you use the input devices of the primary device to control the secondary display device.
    • If set to False, you can add a secondary display device but cannot control it with the primary input devices.
  • Allow UI Configuration Profile Installation - If set to False, the configuration does not allow the installation of profile, configuration, or certificates on the macOS device.
  • Allow USB Restricted Mode - If set to True, the configuration locks the device from using remotely connected input devices. The Allow Accessories to Connect options are greyed out on the device.