Configure Settings for Mac Policies

As an IT Admin, some policies that you create provide settings for you to specify, enable, or disable certain features. For example, when you create a policy for macOS devices to control when the screen saver locks down an inactive device, you need to configure the timeout in seconds.

Some policies take effect immediately, while others might take 5-10 minutes for the policy update process to run, or require a device logout. 

Below is a list of all macOS policies in JumpCloud. If a policy has additional settings that you need to configure, the Learn More column contains a link to the instructions. If an article isn't listed in the Learn More column, use the basic steps in Create a Policy for help.

Policy Name Description Category Requires Supervision? Learn More
AirPrint Destination Wirelessly print from an Apple device to an enabled printer. Enterprise Settings, Configuration Create a Mac or iOS AirPrint Policy
Allow Activation Lock Keep your device secure, even if it’s in the wrong hands, and can improve your chances of recovering it. Security, Compliance ✔️ Configure Activation Lock on Mac and iOS Devices
Allow Standard Users to Approve Screen Sharing & Recording Allow end users with standard permissions to screen share and record from the selected applications on macOS 11 and later. Enterprise Settings, Security Create a Mac Policy to Allow Standard Users to Approve Screen Sharing & Recording Policy
Analytics Control the ability of the user to manage diagnostic reporting to Apple should an error occur. Monitoring, Reporting Create a Mac Analytics Policy
Apple Music Service Manage the ability to use the Apple Music service. Enterprise Settings, Software Management Create a Mac Apple Music Service Policy
Application Privacy Preferences Preapprove certain privileges for a specific application. Enterprise Settings, Security Create a Mac Application Privacy Preferences Policy
App Notification Settings Configure the notification settings for an application by bundle identifier. Enterprise Settings, Productivity Create a Mac or iOS App Notification Settings Policy
App Store Restrictions Control a user's ability to install applications from the Apple App Store.Using the App Store Restrictions policy may prevent VPP and Custom app deployments from installing. Enterprise Settings, Software Management Create a Mac App Store Restrictions Policy
Block macOS Big Sur Installation Prevent the macOS 11 Big Sur installation application and macOS Big Sur Beta installation application from launching. Enterprise Settings, OS Management Create a Mac Policy to Block Upgrades to Big Sur or Monterey
Block macOS Monterey Installation Prevent the macOS 12 Monterey installer and macOS Monterey Beta installer from launching. Enterprise Settings, OS Management Create a Mac Policy to Block Upgrades to Big Sur or Monterey
Block macOS Sequoia Installer Prevents the macOS 15 Sequoia installer from launching. Enterprise Settings, OS Management
Block macOS Sonoma Installer Prevents the macOS 14 Sonoma installer from launching. Enterprise Settings, OS Management Create a Mac Policy to Delay or Block Sonoma
Block macOS Ventura Installer Restricts the macOS 13 Ventura installer from running. Users are allowed to download the installer, but the installer will be blocked from launching. Enterprise Settings, OS Management Create a Mac Policy to Delay or Block Ventura
Block Manual Profile Installation Prevent users from installing individual configuration profiles on supervised devices, effectively limiting profiles to being delivered by MDM or not at all. Enterprise Settings, Security --
Camera Control Manage an application's ability to access and use the built-in camera. Enterprise Settings, Security Create a Mac Camera Control Policy
CrowdStrike Falcon Firmware Analysis Settings (Intel only) Install the necessary device permissions to support the installation of CrowdStrike Falcon Firmware Analysis on Apple devices with Intel processors. Enterprise Settings, Security Install the CrowdStrike Falcon Agent
Content Caching Service Configure Apple’s Content Caching Service on user devices. Content caching saves content that local Apple devices need for software updates, which speeds up software downloads and data that users store in iCloud. Security, Network Create a Mac Content Caching Service Policy
CrowdStrike Falcon MDM Settings (No kernel extension) Install the necessary device permissions to support the installation of CrowdStrike Falcon on Apple silicon devices, including Full Disk Access, Notifications, System Extensions, and Web Content Filter permissions, as well as a licensing profile with your unique Customer ID Checksum (CCID). Enterprise Settings, Security Install the CrowdStrike Falcon Agent
Custom Font Supply one TrueType or OpenType font or typeface to a device or group of devices. Enterprise Settings, Productivity Create a Mac or iOS Custom Font Policy
Delay Major macOS Software Upgrades Restrict the visibility of the macOS Ventura update from System Preferences > Software Update. Users with this policy set will not see macOS 13 Ventura as an available upgrade. Manage the user's ability to leverage Dictation.
Delay Minor OS Update Delay minor OS. software updates from appearing for the number of days specified. Manage the user's ability to leverage Dictation. Create a Mac Policy to Delay or Block Ventura
Dictation Manage the user's ability to leverage Dictation. Enterprise Settings, Productivity Create a Mac Dictation Policy
Disable AirDrop Prevent the use of Apple's AirDrop ad hoc wireless file-sharing technology. The user will be unable to send or receive information by AirDrop. Enterprise Settings, Security --
Disable AirPlay Prevent the user from receiving or accepting AirPlay requests from a macOS device. Security, Network --
Disable Content Caching Prevent a user from activating the native Content Caching feature in the Sharing settings on the macOS device. Enterprise Settings, Security --
Disable Guest Account Disable the local Guest account to prevent Guest from appearing as an available login account at the login window. Security, Compliance --
Disable iCloud Private Relay Prevent the use of iCloud Private Relay. Enterprise Settings, Security --
Disable Password Autofill Prevent a user from utilizing Safari’s Password AutoFill policy within Safari. Enterprise Settings, Security --
Disable Password Sharing Disable the Password Sharing feature for WiFi connectivity to prevent the device from sharing WiFi passwords with known contacts. Security, Network --
Disable Siri Disable all access to Apple's Siri Assistant Enterprise Settings, Compliance --
Disable Unlock with Apple Watch Prevent users from unlocking their iPhones from an Apple Watch. The policy works on iOS 14.5 and later. Security, Device Access --
Disable Unlocking with Biometrics Prevent users from unlocking their iOS or iPadOS devices using Touch ID or Face ID. Users must instead enter a passcode to unlock the device. Security, Compliance --
Disable USB Restricted Mode Prevent users from using USB Restricted Mode to access to newly attached USB and Thunderbolt peripherals that were attached while a device is locked or sleeping. This policy can make it easier to add new peripherals, but might make the device less secure. Security, Device Access --
Encrypted DNS over HTTPS Encrypt Domain Name System (DNS) over HTTPS so you can use encrypted DNS services on your macOS devices. Enterprise Settings, Security Create a Mac or iOS Encrypted DNS Policy
Encrypted DNS over TLS Encrypt Domain Name System (DNS) over Transport Layer Security (TLS) so that you can use encrypted DNS services on your macOS devices. Enterprise Settings, Security Create a Mac or iOS Encrypted DNS Policy
Energy Settings Optimize your energy usage by configuring power-related settings. Enterprise Settings, Security Create a Mac Energy Settings Policy
Enforced Fingerprint Timeout Customize the fingerprint timeout period for users that have macOS devices that use Touch ID. Enterprise Settings, Security Create a Mac Fingerprint Timeout Policy
FileVault2 Enable and enforce FileVault for JumpCloud-managed Mac devices. In addition, the FileVault 2 policy lets you easily view Recovery Keys for Macs that have been enabled for FileVault through this policy. Security, Compliance Create a Mac FileVault 2 Policy
Gatekeeper Control Control the ability of the device to install and run software by leveraging Gatekeeper in macOS Security, Compliance Create a Mac Gatekeeper Control Policy
Global HTTP Proxy Preconfigures a global proxy server for macOS and iOS devices, in order to safely pass all traffic through an HTTP proxy set by this policy. Enterprise Settings, Security Create a Mac or iOS Global HTTP Proxy Policy
iCloud Access Users on managed machines will only be able to access the features of iCloud allowed by an administrator. Security, Compliance Create a Mac iCloud Access Policy
Install Certificate Install a certificate on an iOS device, so that the device is trusted. Enterprise Settings, Security Create a Mac or iOS Install Certificate Policy
JumpCloud App Controls Disable the use of the JumpCloud Menu Bar App if user accounts are managed by Active Directory through AD Integration. User accounts managed in this way can’t use the JumpCloud Menu Bar App to reset their password. Remote Management Create a Mac JumpCloud App Controls Policy
JumpCloud MDM Enrollment Enroll macOS devices in JumpCloud MDM by installing the JumpCloud MDM enrollment profile on targeted macOS machines. Remote Management Creating a Mac JumpCloud MDM Enrollment Policy
Kernel Extensions Extensions Configure automatic approvals for Kernel Extensions. Enterprise Settings, Security Create a Mac Kernel Extensions Policy
Local Firewall Controls Enforce and modify the behavior of a local firewall. Enterprise Settings, Network Create a Mac Local Firewall Controls Policy
Lock Screen Remotely apply policy settings to lock one inactive system or the entire fleet in your organization using JumpCloud's policy framework. Unattended devices that are still active with a user logged in create opportunities for unauthorized access to information and misuse of accounts. Security, Compliance Create a Mac Lock Screen Policy
Login Window Controls Modify the login window behavior based on the selected options. Enterprise Settings, Compliance Create a Mac Login Windows Controls Policy
Login Window Text Manage the text presented at the login window on selected machines. Enterprise Settings, Compliance Create a Mac Login Window Text Policy
Malwarebytes Privacy Preferences Grant Full Disk Access permissions for the Malwarebytes Nebula agent. The agent can scan for threats in all disk locations, including sensitive folders. Enterprise Settings, Security --
Manage Rapid Security Response Control your macOS and iOS devices by automatically installing new Rapid Security Response updates as they become available. Enterprise Settings, Configuration Create a Mac or iOS Rapid Security Response Policy
Managed Login Items Allow Admins to allowlist login items for macOS devices based on RuleTypes defined by Apple. Remote Management, OS Management Create a Mac Managed Login Items Policy
MDM Custom Configuration Profile Distribute custom MDM configuration profiles to your devices. Profiles can be exported from tools like Apple Configurator or iMazing Profile Editor and then uploaded as a .mobileconfig file. Enterprise Settings, Configuration Create a Mac or iOS MDM Custom Configuration Profile Policy
NTP Server Configure the device timezone and NTP Server. Security, Network Create a Mac NTP Server Policy
Password Modification Restrict users from changing their passwords via System Preferences. Security, Device Access Create a Mac Password Modification Policy
Power Controls Control access to Shutdown, Restart, Sleep, and Power Off options at the login window and under the Apple menu. Remote Management, Compliance Create a Mac Power Controls Policy
Restrict Apple Intelligence Use this policy to disable some or all of the Apple Intelligence features in macOS 15.1 or later. Enterprise Settings, Configuration ✔️
Restrict Erase All Contents and Settings Prevent access to Erase All Contents and Settings from System Preferences and from the Erase Assistant app. Enterprise Settings, Security --
SCEP Profiles Configure Simple Certificate Enrollment Protocol (SCEP) to make issuing digital certificates easier, more secure, and scalable. Enterprise Settings Create a Mac or iOS SCEP Profiles Policy
SentinelOne Agent Permissions Provide the Notifications, Network Filtration, Full Disk Access, and Privacy Preferences Control permissions for the SentinelOne agent. Enterprise Settings, Security Installing the SentinelOne Agent
Spotlight Internet Results Limit Spotlight searches to return local results only. Enterprise Settings, Security Create a Mac Spotlight Internet Results Policy
SSO Extension Configure an SSO Extension policy to leverage Apple's Extensible SSO when using an external identity provider. Enterprise Settings, Configuration
System Extension Preapprove specific System Extensions before installation. Enterprise Settings, Security Create a Mac System Extension Policy
System Preferences Control Choose which features of System Preferences are accessible to users. Enterprise Settings, Configuration Create a Mac System Preferences Control Policy
System Unlock Control Restrict users from specified System Unlock options (Touch ID, Apple Watch Auto Unlock). Security, Device Access Create a Mac System Unlock Control Policy
USB External Storage Restriction Prevent end users of bound devices from attaching external storage devices via USB, Thunderbolt, or SD Card interfaces. Security, Compliance
Wallpaper Modification Manage ability to change wallpaper through System Preferences. Enterprise Settings, Compliance Create a Mac Desktop Wallpaper Policy
WiFi Configuration Configure a WiFi network for your macOS devices. Enterprise Settings, Network Create a Mac or iOS WiFi Policy
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case