Skip to content

Restrictions configuration (macOS device policy)

With the Restrictions configuration you define restrictions for Macs.

Note

Some options are only available for certain versions of macOS. This is indicated by blue labels in Sophos Mobile Admin.

Device

Setting Description
Allow use of camera If the check box is cleared, the camera is unavailable and the Camera icon is removed from the Home screen. Users cannot take pictures, record videos, or use FaceTime.
Allow internet search result for Spotlight If the check box is cleared, Spotlight does not return internet search results.
Allow Apple Music Users can access the Apple Music library.
macOS software update delay The number of days that an update of the macOS software is delayed after its release date.

Enter a value between 0 (no delay) and 90.

iCloud

Setting Description
Allow backup Users can back up their devices to iCloud.
Allow iCloud Photo Library Users can use iCloud Photo Library.
Allow iCloud Keychain sync Users can use iCloud Keychain to synchronize passwords across their iPhones, iPads, and Macs.

If the check box is cleared, iCloud Keychain data is only stored locally on the device.

Allow document sync Users can store documents and app configuration data in iCloud.
Allow Back to My Mac Users can use iCloud Back to My Mac, i.e. file and screen sharing between a remote and a local Mac.
Allow Find My Mac Users can use iCloud Find My Mac to locate, lock, or wipe their Mac remotely.
Allow iCloud Bookmarks Users can use iCloud Bookmarks to synchronize web bookmarks between browsers and platforms.
Allow iCloud Mail Users can set up an iCloud Mail account on their Mac.
Allow iCloud Calendar Users can use iCloud Calendar to share their calendars across their devices and with other iCloud users.
Allow iCloud Reminders Users can use iCloud Reminders to share reminder lists across their devices and with other iCloud users.
Allow iCloud Address Book Users can use iCloud Address Book to share contacts across their devices and with other iCloud users.
Allow iCloud Notes Users can use iCloud Notes to take notes and to share them across their devices and with other users.
Allow iCloud Drive for Desktop and Documents Users can store their Mac Desktop and their Documents folder in iCloud Drive and access them on other devices.

Security and privacy

Setting Description
Allow Touch ID and Face ID to unlock device If the check box is cleared, the device can’t be unlocked by biometric authentication.
Allow definition lookup Users can look up definitions for highlighted words.
Allow Auto Unlock Users can use Auto Unlock to have their Mac automatically unlocked by their Apple Watch.
Allow iTunes File Sharing Users can use File Sharing in iTunes to copy files between their Mac and an iPhone or iPad.
Allow AirPrint Users can send files to AirPrint-enabled printers.
Allow iBeacon discovery of AirPrint printers The device uses iBeacon to discover AirPrint devices.

Warning If you allow this, malicious AirPrint devices can perform phishing attacks on network traffic.

Force trusted certificates for AirPrint over TLS AirPrint over TLS is rejected if the AirPrint device uses an untrusted certificate.
Allow password auto-fill Users can turn on the AutoFill Passwords setting, which lets them use saved password or credit card information in Safari or other apps.

If this check box is cleared, automatic suggestion of strong passwords is disabled as well.

Request Wi-Fi passwords from nearby devices The device requests passwords from nearby devices when setting up a Wi-Fi connection.
Allow AirDrop password sharing Users can share passwords from Password Manager with other users via AirDrop.