Hi all! Any suggestions for the best way to restrict the following scenario?
- User signs in to Mac with a personal iCloud account.
- User enable "Finds my Mac"
- User's iCloud accounts gets compromised, or they leave the company, and a remote wipe command is inappropriately issued.
"Find My Mac" can be restricted in a configuration profile, but this won't prevent a remote wipe if FMM was setup before the profile was issued. It would be nice if there was either a way to restrict only the remote/lock wipe functionality (rather than turning off the entire FMM feature) and/or disabling this capability for someone that's already turned it on.
Another option of course would be restricting usage of personal iCloud accounts in general, but that's something we'd like to avoid doing in light of the effects on user experience.
