I posted this on the general discussion board earlier today but then I discovered this new community and I feel like it fits better here since we are all in the education world.
I am wanting to improve our end user security within our school district on our macOS devices. Since I have taken over the Jamf/macOS/iOS process I have noticed that we don't have any real security profiles set up. What are some of your preferred profiles and settings? Also, what do you allow and block access to within the OS itself, example being any Utilities or System Preferences you don't let the end user access.
I am already going through the CIS macOS 10.15 Benchmark document to evaluate their recommendations against what we are currently doing.