Blocking iCloud Drive Desktop and Documents, what am I missing?

New Contributor III

Like many other Macadmins I was thrilled to learn that 10.12.4 would support a profile to block the Desktop & Documents Folders sync feature of iCloud Drive, and that Jamf Pro 9.98 supported the feature on day one.

After upgrading to 9.98 I eagerly deployed a profile via Jamf to block this, and it worked. If iCloud Drive had previously been enabled, it became disabled when the profile was installed. Upon re-enabling it, the D&D checkbox was grayed out. Yay!

Fast forward a few days though and I've discovered that iCloud Drive does not stay enabled. Instead I am seeing that the entire iCloud Drive portion of the iCloud Preference Pane becomes disabled after each logout.

At first I thought it must be something about using Jamf, or our environment that caused this, but I have since tested with a completely vanilla Mac, unconfigured and unmanaged by Jamf. It's running 10.12.4, has only one local account, and is configured with my iCloud account. I then installed the profile that @rtrouton posted on github. Rich's profile successfully blocked iCloud Drive D&D sync as advertised, but I continue to see all of iCloud Drive become disabled after a logout or reboot.

Is it truly this broken? I feel like I would have seen chatter about it here on Jamf Nation, or Slack, or Twitter, or something, but I haven't. Hopefully I'm just missing something obvious. Any ideas?



Esteemed Contributor III

Hi @lastdanstanding, just noticed this thread. Curious if you were able to resolve this issue?

Sucks the iCloud stuff isn't easier to manage, despite Jamf and Apple trying.

Seems half the folks I know want it wide open, and half want to lock it down.


New Contributor III

@donmontalvo sadly no, I am unable to resolve. I have a case open with AppleCare, and I'm hopeful for a fix in 10.13. Pretty disappointing to have to wait that long though.

New Contributor III

I came across this as well - iCloud would turn off on reboots.

I think I've resolved this by deploying a single profile that "manages" just the iCloud Desktop and Document Sync. I'm using Rich Trouton's profile, which I've signed before uploading it to the JSS.