Restrictions configuration (macOS device policy)

With the Restrictions configuration you define restrictions for Macs.

Note Some options are only available for certain versions of macOS. This is indicated by blue labels in Sophos Mobile Admin.

Device

Setting

Description

Allow use of camera

If the check box is cleared, the camera is unavailable and the Camera icon is removed from the Home screen. Users cannot take pictures, record videos, or use FaceTime.

If the device uses iOS 13.0 (or iPadOS 13.1) or later, it must be supervised to support this option.

Allow internet search result for Spotlight

If the check box is cleared, Spotlight does not return internet search results.

Allow Apple Music

Users can access the Apple Music library.

macOS software update delay

The number of days that an update of the macOS software is delayed after its release date.

Enter a value between 0 (no delay) and 90.

iCloud

Setting

Description

Allow backup

Users can back up their devices to iCloud.

If the device uses iOS 13.0 (or iPadOS 13.1) or later, it must be supervised to support this option.

Allow iCloud Photo Library

Users can use iCloud Photo Library.

Allow iCloud Keychain sync

Users can use iCloud Keychain to synchronize passwords across their iPhones, iPads, and Macs.

If the check box is cleared, iCloud Keychain data is only stored locally on the device.

Allow document sync

Users can store documents and app configuration data in iCloud.

If the device uses iOS 13.0 (or iPadOS 13.1) or later, it must be supervised to support this option.

Allow Back to My Mac

Users can use iCloud Back to My Mac, i.e. file and screen sharing between a remote and a local Mac.

Allow Find My Mac

Users can use iCloud Find My Mac to locate, lock, or wipe their Mac remotely.

Allow iCloud Bookmarks

Users can use iCloud Bookmarks to synchronize web bookmarks between browsers and platforms.

Allow iCloud Mail

Users can set up an iCloud Mail account on their Mac.

Allow iCloud Calendar

Users can use iCloud Calendar to share their calendars across their devices and with other iCloud users.

Allow iCloud Reminders

Users can use iCloud Reminders to share reminder lists across their devices and with other iCloud users.

Allow iCloud Address Book

Users can use iCloud Address Book to share contacts across their devices and with other iCloud users.

Allow iCloud Notes

Users can use iCloud Notes to take notes and to share them across their devices and with other users.

Allow iCloud Drive for Desktop and Documents

Users can store their Mac Desktop and their Documents folder in iCloud Drive and access them on other devices.

Security and privacy

Setting

Description

Allow Touch ID and Face ID to unlock device

If the check box is cleared, the device can’t be unlocked by biometric authentication.

Allow definition lookup

Users can look up definitions for highlighted words.

Allow Auto Unlock

Users can use Auto Unlock to have their Mac automatically unlocked by their Apple Watch.

Allow iTunes File Sharing

Users can use File Sharing in iTunes to copy files between their Mac and an iPhone or iPad.

Allow AirPrint

Users can send files to AirPrint-enabled printers.

Allow iBeacon discovery of AirPrint printers

The device uses iBeacon to discover AirPrint devices.

Warning If you allow this, malicious AirPrint devices can perform phishing attacks on network traffic.

Force trusted certificates for AirPrint over TLS

AirPrint over TLS is rejected if the AirPrint device uses an untrusted certificate.

Allow password auto-fill

Users can turn on the AutoFill Passwords setting, which lets them use saved password or credit card information in Safari or other apps.

If this check box is cleared, automatic suggestion of strong passwords is disabled as well.

Request Wi-Fi passwords from nearby devices

The device requests passwords from nearby devices when setting up a Wi-Fi connection.

Allow AirDrop password sharing

Users can share passwords from Password Manager with other users via AirDrop.