Restrictions configuration (macOS user policy)
With the Restrictions configuration you define restrictions for Macs.
Note
Some settings are only available for certain device types or operation system versions. For details, see the labels next to a setting in Sophos Mobile.
Device
| Setting | Description |
|---|---|
| Allow use of camera | If the check box is cleared, the camera is unavailable and the Camera icon is removed from the Home screen. Users cannot take pictures, record videos, or use FaceTime. |
| Allow internet search result for Spotlight | If the check box is cleared, Spotlight does not return internet search results. |
| Allow Apple Music | Users can access the Apple Music library. |
| macOS software update delay | The number of days that an update of the macOS software is delayed after its release date. Enter a value between 0 (no delay) and 90. |
| Allow Time Machine configuration | Users can change the Time Machine settings to configure backups to external storage devices. |
| Allow Startup Disk configuration | Users can change the Startup Disk setting to start the Mac from a different disk or a network volume. |
| Allow Bluetooth Sharing configuration | Users can change the Bluetooth Sharing settings to configure sharing files between the Mac and other Bluetooth devices. |
iCloud
| Setting | Description |
|---|---|
| Allow backup | Users can back up their devices to iCloud. |
| Allow iCloud Photo Library | Users can use iCloud Photo Library. |
| Allow iCloud Keychain sync | Users can use iCloud Keychain to synchronize passwords across their iPhones, iPads, and Macs. If the check box is cleared, iCloud Keychain data is only stored locally on the device. |
| Allow document sync | Users can store documents and app configuration data in iCloud. |
| Allow Back to My Mac | Users can use iCloud Back to My Mac, i.e. file and screen sharing between a remote and a local Mac. |
| Allow Find My Mac | Users can use iCloud Find My Mac to locate, lock, or wipe their Mac remotely. |
| Allow iCloud Bookmarks | Users can use iCloud Bookmarks to synchronize web bookmarks between browsers and platforms. |
| Allow iCloud Mail | Users can set up an iCloud Mail account on their Mac. |
| Allow iCloud Calendar | Users can use iCloud Calendar to share their calendars across their devices and with other iCloud users. |
| Allow iCloud Reminders | Users can use iCloud Reminders to share reminder lists across their devices and with other iCloud users. |
| Allow iCloud Address Book | Users can use iCloud Address Book to share contacts across their devices and with other iCloud users. |
| Allow iCloud Notes | Users can use iCloud Notes to take notes and to share them across their devices and with other users. |
| Allow iCloud Drive for Desktop and Documents | Users can store their Mac Desktop and their Documents folder in iCloud Drive and access them on other devices. |
| Allow iCloud for Freeform | Users can store their Apple Freeform boards in iCloud to use them on other devices. |
Security and privacy
| Setting | Description |
|---|---|
| Allow Touch ID and Face ID to unlock device | If the check box is cleared, the device can’t be unlocked by biometric authentication. |
| Allow definition lookup | Users can look up definitions for highlighted words. |
| Allow fingerprint configuration | Users can add and remove fingerprints for Touch ID. |
| Allow Auto Unlock | Users can use Auto Unlock to have their Mac automatically unlocked by their Apple Watch. |
| Allow iTunes File Sharing | Users can use File Sharing in iTunes to copy files between their Mac and an iPhone or iPad. |
| Allow AirPrint | Users can send files to AirPrint-enabled printers. |
| Allow iBeacon discovery of AirPrint printers | The device uses iBeacon to discover AirPrint devices. Warning If you allow this, malicious AirPrint devices can perform phishing attacks on network traffic. |
| Force trusted certificates for AirPrint over TLS | AirPrint over TLS is rejected if the AirPrint device uses an untrusted certificate. |
| Allow password auto-fill | Users can turn on the AutoFill Passwords setting, which lets them use saved password or credit card information in Safari or other apps. If this check box is cleared, automatic suggestion of strong passwords is disabled as well. |
| Request Wi-Fi passwords from nearby devices | The device requests passwords from nearby devices when setting up a Wi-Fi connection. |
| Allow AirDrop password sharing | Users can share passwords from Password Manager with other users via AirDrop. |
| Allow File Sharing configuration | Users can change the File Sharing settings to configure which files and folders they share with other users on the same local network. |
| Allow Internet Sharing configuration | Users can change the Internet Sharing settings to configure sharing the Mac’s internet connection with other computers on the same local network, for example, over Wi-Fi. |
| Allow Printer Sharing configuration | Users can change the Printer Sharing settings to configure sharing their printer with other Macs or UNIX computers on the same local network. |
| Allow Remote Application Scripting configuration | Users can change the Remote Application Scripting settings to configure users that can send Apple events to the Mac from other computers. Apple events are tasks that apps on other computers prompt the Mac to perform, such as opening or printing a document stored on the Mac. |
| Allow Remote Management configuration | Users can change the Remote Management settings to configure remote access to the Mac. |
| Allow adding users | Users can add user accounts in System Settings. |