Subscribe to Help Center RSS FeedAs an IT Admin, some policies that you create provide settings for you to specify, enable, or disable certain features. For example, when you create a policy for macOS devices to control when the screen saver locks down an inactive device, you need to configure the timeout in seconds.
Some policies take effect immediately, while others might take 5-10 minutes for the policy update process to run, or require a device logout.
Below is a list of all macOS policies in JumpCloud. If a policy has additional settings that you need to configure, the Learn More column contains a link to the instructions. If an article isn't listed in the Learn More column, use the basic steps in Create a Policy for help.
| Policy Name | Description | Category | Learn More |
| AirPrint Destination | Wirelessly print from an Apple device to an enabled printer. | EnterpriseSettings, Configuration | Create a Mac or iOS AirPrint Policy |
| Allow Activation Lock | Keep your device secure, even if it’s in the wrong hands, and can improve your chances of recovering it. | Security, Compliance | Configure Activation Lock on Mac and iOS Devices |
| Allow Standard Users to Approve Screen Sharing & Recording | Allow end users with standard permissions to screen share and record from the selected applications on macOS 11 and later. | Enterprise Settings, Security | Create a Mac Policy to Allow Standard Users to Approve Screen Sharing & Recording Policy |
| Analytics | Control the ability of the user to manage diagnostic reporting to Apple should an error occur. | Monitoring, Reporting | Create a Mac Analytics Policy |
| Apple Music Service | Manage the ability to use the Apple Music service. | Enterprise Settings, Software Management | Create a Mac Apple Music Service Policy |
| Application Privacy Preferences | Preapprove certain privileges for a specific application. | Enterprise Settings, Security | Create a Mac Application Privacy Preferences Policy |
| App Notification Settings | Configure the notification settings for an application by bundle identifier. | Enterprise Settings, Productivity | Create a Mac or iOS App Notification Settings Policy |
| App Store Restrictions | Control a user's ability to install applications from the Apple App Store.Using the App Store Restrictions policy may prevent VPP and Custom app deployments from installing. | Enterprise Settings, Software Management | Create a Mac App Store Restrictions Policy |
| Block macOS Big Sur Installation | Prevent the macOS Big Sur installation application and macOS Big Sur Beta installation application from launching. | Enterprise Settings, OS Management | Create a Mac Policy to Block Upgrades to Big Sur or Monterey |
| Block macOS Monterey Installation | Prevent the macOS Monterey installer and macOS Monterey Beta installer from launching. | Enterprise Settings, OS Management | Create a Mac Policy to Block Upgrades to Big Sur or Monterey |
| Block macOS Ventura Installer | Restricts the macOS Ventura installer from running. Users are allowed to download the installer, but the installer will be blocked from launching. | Enterprise Settings, OS Management | Create a Mac Policy to Delay or Block Ventura |
| Block macOS Sonoma Installer | Prevents the macOS 14 Sonoma installer from launching. | Enterprise Settings, OS Management | Create a Mac Policy to Delay or Block Sonoma |
| Block Manual Profile Installation | Prevent users from installing individual configuration profiles on supervised devices, effectively limiting profiles to being delivered by MDM or not at all. | Enterprise Settings, Security | -- |
| Camera Control | Manage an application's ability to access and use the built-in camera. | Enterprise Settings, Security | Create a Mac Camera Control Policy |
| CrowdStrike Falcon Firmware Analysis Settings (Intel only) | Install the necessary device permissions to support the installation of CrowdStrike Falcon Firmware Analysis on Apple devices with Intel processors. | Enterprise Settings, Security | Install the CrowdStrike Falcon Agent |
| Content Caching Service | Configure Apple’s Content Caching Service on user devices. Content caching saves content that local Apple devices need for software updates, which speeds up software downloads and data that users store in iCloud. | Security, Network | Create a Mac Content Caching Service Policy |
| CrowdStrike Falcon MDM Settings (No kernel extension) | Install the necessary device permissions to support the installation of CrowdStrike Falcon on Apple silicon devices, including Full Disk Access, Notifications, System Extensions, and Web Content Filter permissions, as well as a licensing profile with your unique Customer ID Checksum (CCID). | Enterprise Settings, Security | Install the CrowdStrike Falcon Agent |
| Custom Font | Supply one TrueType or OpenType font or typeface to a device or group of devices. | Enterprise Settings, Productivity | Create a Mac or iOS Custom Font Policy |
| Delay Major macOS Software Upgrades | Restrict the visibility of the macOS Ventura update from System Preferences > Software Update. Users with this policy set will not see macOS 13 Ventura as an available upgrade. | Manage the user's ability to leverage Dictation. | |
| Delay Minor OS Update | Delay minor OS. software updates from appearing for the number of days specified. | Manage the user's ability to leverage Dictation. | Create a Mac Policy to Delay or Block Ventura |
| Dictation | Manage the user's ability to leverage Dictation. | Enterprise Settings, Productivity | Create a Mac Dictation Policy |
| Disable AirDrop | Prevent the use of Apple's AirDrop ad hoc wireless file-sharing technology. The user will be unable to send or receive information by AirDrop. | Enterprise Settings, Security | -- |
| Disable AirPlay | Prevent the user from receiving or accepting AirPlay requests from a macOS device. | Security, Network | -- |
| Disable Content Caching | Prevent a user from activating the native Content Caching feature in the Sharing settings on the macOS device. | Enterprise Settings, Security | -- |
| Disable Guest Account | Disable the local Guest account to prevent Guest from appearing as an available login account at the login window. | Security, Compliance | -- |
| Disable iCloud Private Relay | Prevent the use of iCloud Private Relay. | Enterprise Settings, Security | -- |
| Disable Password Autofill | Prevent a user from utilizing Safari’s Password AutoFill policy within Safari. | Enterprise Settings, Security | -- |
| Disable Password Sharing | Disable the Password Sharing feature for WiFi connectivity to prevent the device from sharing WiFi passwords with known contacts. | Security, Network | -- |
| Disable Siri | Disable all access to Apple's Siri Assistant | Enterprise Settings, Compliance | -- |
| Disable Unlock with Apple Watch | Prevent users from unlocking their iPhones from an Apple Watch. The policy works on iOS 14.5 and later. | Security, Device Access | -- |
| Disable Unlocking with Biometrics | Prevent users from unlocking their iOS or iPadOS devices using Touch ID or Face ID. Users must instead enter a passcode to unlock the device. | Security, Compliance | -- |
| Disable USB Restricted Mode | Prevent users from using USB Restricted Mode to access to newly attached USB and Thunderbolt peripherals that were attached while a device is locked or sleeping. This policy can make it easier to add new peripherals, but might make the device less secure. | Security, Device Access | -- |
| Encrypted DNS over HTTPS | Encrypt Domain Name System (DNS) over HTTPS so you can use encrypted DNS services on your macOS devices. | Enterprise Settings, Security | Create a Mac or iOS Encrypted DNS Policy |
| Encrypted DNS over TLS | Encrypt Domain Name System (DNS) over Transport Layer Security (TLS) so that you can use encrypted DNS services on your macOS devices. | Enterprise Settings, Security | Create a Mac or iOS Encrypted DNS Policy |
| Energy Settings | Optimize your energy usage by configuring power-related settings. | Enterprise Settings, Security | Create a Mac Energy Settings Policy |
| Enforced Fingerprint Timeout | Customize the fingerprint timeout period for users that have macOS devices that use Touch ID. | Enterprise Settings, Security | Create a Mac Fingerprint Timeout Policy |
| FileVault2 | Enable and enforce FileVault for JumpCloud-managed Mac devices. In addition, the FileVault 2 policy lets you easily view Recovery Keys for Macs that have been enabled for FileVault through this policy. | Security, Compliance | Create a Mac FileVault 2 Policy |
| Gatekeeper Control | Control the ability of the device to install and run software by leveraging Gatekeeper in macOS | Security, Compliance | Create a Mac Gatekeeper Control Policy |
| Global HTTP Proxy | Preconfigures a global proxy server for macOS and iOS devices, in order to safely pass all traffic through an HTTP proxy set by this policy. | Enterprise Settings, Security | Create a Mac or iOS Global HTTP Proxy Policy |
| iCloud Access | Users on managed machines will only be able to access the features of iCloud allowed by an administrator. | Security, Compliance | Create a Mac iCloud Access Policy |
| Install Certificate | Install a certificate on an iOS device, so that the device is trusted. | Enterprise Settings, Security | Create a Mac or iOS Install Certificate Policy |
| JumpCloud App Controls | Disable the use of the JumpCloud Menu Bar App if user accounts are managed by Active Directory through AD Integration. User accounts managed in this way can’t use the JumpCloud Menu Bar App to reset their password. | Remote Management | Create a Mac JumpCloud App Controls Policy |
| JumpCloud MDM Enrollment | Enroll macOS devices in JumpCloud MDM by installing the JumpCloud MDM enrollment profile on targeted macOS machines. | Remote Management | Creating a Mac JumpCloud MDM Enrollment Policy |
| Kernel Extensions | Extensions Configure automatic approvals for Kernel Extensions. | Enterprise Settings, Security | Create a Mac Kernel Extensions Policy |
| Local Firewall Controls | Enforce and modify the behavior of a local firewall. | Enterprise Settings, Network | Create a Mac Local Firewall Controls Policy |
| Lock Screen | Remotely apply policy settings to lock one inactive system or the entire fleet in your organization using JumpCloud's policy framework. Unattended devices that are still active with a user logged in create opportunities for unauthorized access to information and misuse of accounts. | Security, Compliance | Create a Mac Lock Screen Policy |
| Login Window Controls | Modify the login window behavior based on the selected options. | Enterprise Settings, Compliance | Create a Mac Login Windows Controls Policy |
| Login Window Text | Manage the text presented at the login window on selected machines. | Enterprise Settings, Compliance | Create a Mac Login Window Text Policy |
| Malwarebytes Privacy Preferences | Grant Full Disk Access permissions for the Malwarebytes Nebula agent. The agent can scan for threats in all disk locations, including sensitive folders. | Enterprise Settings, Security | -- |
| Manage Rapid Security Response | Control your macOS and iOS devices by automatically installing new Rapid Security Response updates as they become available. | Enterprise Settings, Configuration | Create a Mac or iOS Rapid Security Response Policy |
| Managed Login Items | Allow Admins to allowlist login items for macOS devices based on RuleTypes defined by Apple. | Remote Management, OS Management | Create a Mac Managed Login Items Policy |
| MDM Custom Configuration Profile | Distribute custom MDM configuration profiles to your devices. Profiles can be exported from tools like Apple Configurator or iMazing Profile Editor and then uploaded as a .mobileconfig file. | Enterprise Settings, Configuration | Create a Mac or iOS MDM Custom Configuration Profile Policy |
| NTP Server | Configure the device timezone and NTP Server. | Security, Network | Create a Mac NTP Server Policy |
| Password Modification | Restrict users from changing their passwords via System Preferences. | Security, Device Access | Create a Mac Password Modification Policy |
| Power Controls | Control access to Shutdown, Restart, Sleep, and Power Off options at the login window and under the Apple menu. | Remote Management, Compliance | Create a Mac Power Controls Policy |
| Restrict Erase All Contents and Settings | Prevent access to Erase All Contents and Settings from System Preferences and from the Erase Assistant app. | Enterprise Settings, Security | -- |
| SCEP Profiles | Configure Simple Certificate Enrollment Protocol (SCEP) to make issuing digital certificates easier, more secure, and scalable. | Enterprise Settings | Create a Mac or iOS SCEP Profiles Policy |
| SentinelOne Agent Permissions | Provide the Notifications, Network Filtration, Full Disk Access, and Privacy Preferences Control permissions for the SentinelOne agent. | Enterprise Settings, Security | Installing the SentinelOne Agent |
| Spotlight Internet Results | Limit Spotlight searches to return local results only. | Enterprise Settings, Security | Create a Mac Spotlight Internet Results Policy |
| System Extension | Preapprove specific System Extensions before installation. | Enterprise Settings, Security | Create a Mac System Extension Policy |
| System Preferences Control | Choose which features of System Preferences are accessible to users. | Enterprise Settings, Configuration | Create a Mac System Preferences Control Policy |
| System Unlock Control | Restrict users from specified System Unlock options (Touch ID, Apple Watch Auto Unlock). | Security, Device Access | Create a Mac System Unlock Control Policy |
| Wallpaper Modification | Manage ability to change wallpaper through System Preferences. | Enterprise Settings, Compliance | Create a Mac Desktop Wallpaper Policy |
| WiFi Configuration | Configure a WiFi network for your macOS devices. | Enterprise Settings, Network | Create a Mac or iOS WiFi Policy |
Back to Top
Learn More