Jamf Nation Community

Curious if anyone else has found a solution for this? Public release of Sierra asks the users this immediately after upgrade.

You have to block iCloud Drive entirely. I haven't found a more granular solution than that.

I have a profile posted which disables iCloud Drive and iCloud Document Sync (which also blocks Desktop and Documents.):

https://github.com/rtrouton/profiles/tree/master/DisableiCloudDriveandDocumentSync

This option is also available in Casper 9.96's profile options, by unchecking Allow iCloud documents & data:

Early (ish) morning in the UK and I've come on to ask the same question. Not sure on if the above restriction is a bit to 'general' I just want to specifically block, as per @monogrant post

The "fun" part is when you disable everything above, but somehow you have users that are already using it. Disabling the buttons (according to @rtrouton and others) leaves the services active. So I wrote this: http://www.richard-purves.com/2016/09/20/disable-icloud-for-fun-and-security/

When I unchecked "Allow iCloud documents & data" in 9.96 it disabled iCloud completely, grayed it out in System Preferences, and instantly removed all the files in those two folders without any prompting. It didn't appear to save them anywhere locally either since iCloud was disabled. The only way I was able to get them back was to check the box again so I could reactivate iCloud. At that point I was able to copy the files back from iCloud drive into their original locations.

I'm not sure what happens to files that aren't completely synced when the restrictions are enabled. I would hope the system doesn't just blow away the unsynced ones and corrupt the partially synced ones.

We've submitted a feature request through AppleCare Enterprise to have this be something that can be controlled via MDM. I'd suggest doing the same through your normal means of providing feedback to Apple.

@iJake Do you have feedback from Apple?

I'd love an update on this as well. Not being able to disable this specific feature is really slowing our adoption of Sierra.

Fixed in 10.12.4: see https://derflounder.wordpress.com/2017/03/27/disabling-icloud-desktop-and-documents-syncing

Can anyone confirm if the new setting in 10.12.4 works as intended? I've had the profile applied and it does disable my ability to turn on Document and Desktop syncing; however, when I reboot the computer iCloud Drive is disabled on reboot.

I'm seeing this same behaviour.

Instead of using the profile from Jamf I built a config profile from scratch and it exhibited the same issue. On 10.12.4 and 10.12.5 the same behaviour exists.

Guys, how to enable iCloud back? My organizational Mac has iCloud disabled(grayed out in preferences). Any ideas?

I've got the same issue Dmitry. I don't need iCloud Desktop or anything, and would prefer to keep that disabled, but I use Bear (http://www.bear-writer.com/) for all my writing, note taking, and task lists, and I use both the macOS and iOS apps. Bear uses iCloud Drive to sync my notes across devices, but with the macOS 10.13.3 rollout, our new policy restricts iCloud Drive by default – it's greyed out under iCloud preferences:

I have admin rights on my MBP, and deleting the profile allowed me to sync last night, but I checked back in this morning and it was greyed out once again when I did so. The underlying data are still there:

Deleting profiles, syncing, and reinstalling profiles isn't going to be a reasonable solution to this issue, but I'm afraid that with frequent policy checks between my MBP and the policy server (hourly when on campus?), I'm hosed unless I can convince the powers that be to either a) enable iCloud Drive just for me, or b) allow iCloud Drive for certain apps, but to disable it for Desktop and Documents only so that I can use Bear on my phone and on my MBP with syncing between the two.

I'm able to edit .plist files and save changes, but the preferences are immediately overwritten, and I'm not even sure I was editing the correct files – I am a developer, but I didn't know what jamf was this time last week (and frankly I still don't truly understand it). I wonder if there is a vulnerability that will allow me to allow the server to push its changes, but a way to configure locally such that the one flag disabling iCloud Drive is disabled. If there is, I certainly haven't figured it out yet...

@Dmitry and @phishjams You'll both need to speak to your sysadmins managing your Macs. Your iCloud settings are being managed with profiles and the profiles are working as expected. Your best bet is to ask your admins to exclude you from these profiles or create another profile with the iCloud options enabled just for you.

Has anyone found a solution to the issue with iCloud drive being disabled after a restart? I am seeing this behaviour also, and I do not want to block iCloud completely nor do I want to "Allow iCloud documents & data".

I am testing on 10.12.6. I'll check the behaviour on 10.13 tomorrow.

(EDIT: I tested on 10.13.3 and Jamf Pro v10.2.2 and it remains checked after restart, which is what we wanted)