Restrictions configuration (macOS device policy)

With the Restrictions configuration you define restrictions for Macs.

Note Some options are only available for certain versions of macOS. This is indicated by blue labels next to an option in Sophos Mobile Admin.




Allow use of camera

If the check box is cleared, the camera is unavailable and the Camera icon is removed from the Home screen. Users cannot take pictures, record videos, or use FaceTime.

Allow internet search result for Spotlight

If the check box is cleared, Spotlight does not return internet search results.

Allow Apple Music

Users can access the Apple Music library.




Allow backup

Users can back up their devices to iCloud.

Allow iCloud Photo Library

Users can use iCloud Photo Library.

Allow iCloud Keychain sync

Users can use iCloud Keychain to synchronize passwords across their iPhones, iPads, and Macs.

If the check box is cleared, iCloud Keychain data is only stored locally on the device.

Allow document sync

Users can store documents and app configuration data in iCloud.

Allow Back to My Mac

Users can use iCloud Back to My Mac, i.e. file and screen sharing between a remote and a local Mac.

Allow Find My Mac

Users can use iCloud Find My Mac to locate, lock, or wipe their Mac remotely.

Allow iCloud Bookmarks

Users can use iCloud Bookmarks to synchronize web bookmarks between browsers and platforms.

Allow iCloud Mail

Users can set up an iCloud Mail account on their Mac.

Allow iCloud Calendar

Users can use iCloud Calendar to share their calendars across their devices and with other iCloud users.

Allow iCloud Reminders

Users can use iCloud Reminders to share reminder lists across their devices and with other iCloud users.

Allow iCloud Address Book

Users can use iCloud Address Book to share contacts across their devices and with other iCloud users.

Allow iCloud Notes

Users can use iCloud Notes to take notes and to share them across their devices and with other users.

Allow iCloud Drive for Desktop and Documents

Users can store their Mac Desktop and their Documents folder in iCloud Drive and access them on other devices.

Security and privacy



Allow Touch ID to unlock device

If the check box is cleared, the device can’t be unlocked by Touch ID.

Allow definition lookup

Users can look up definitions for highlighted words.

Allow Auto Unlock

Users can use Auto Unlock to have their Mac automatically unlocked by their Apple Watch.

Allow iTunes File Sharing

Users can use File Sharing in iTunes to copy files between their Mac and an iPhone or iPad.

Allow AirPrint

Users can send files to AirPrint-enabled printers.

Allow iBeacon discovery of AirPrint printers

macOS uses iBeacon to discover AirPrint devices.

Important If you allow this, malicious AirPrint devices can perform phishing attacks on network traffic.

Force trusted certificates for AirPrint over TLS

AirPrint over TLS is rejected if the AirPrint device uses an untrusted certificate.