How do you find plist properties that are supported?

bidaum
New Contributor

I feel like I'm missing something fundamental about plist files and I could use a little education. I understand plist files are basically settings files with key value pairs so you can save/push configurations for the system and apps. What I don't really understand is how you would determine what settings are supported? For example, if I want to allow Microsoft Teams access to screen recording for all users; how would I know what key:value pairs are? I found JAMF's privacy preferences control utility, but is that showing me every option? Is it up to an individual app to publish it's settings somewhere? Does Apple publish there's for Screen Recording for example? I can find lots of how-to's on creating/editing plist files, but I think I must be missing something fundamental.

1 ACCEPTED SOLUTION

Tribruin
Valued Contributor II

In most cases, it is up to each vendor to define and publish the preferences and settings for their product. For example, Microsoft Word will have a different set of preferences than Slack. There are a few ways to see what settings are available for each product (and not all work for all products):

iMazing Profile Editor | Create, Edit, and Sign Apple Configuration Profiles is a fabulous tool for creating configuration profiles. There is a community base around the tool, so the preferences for many common applications are available in this tool. You can create and export profiles and upload them directly to Jamf. 

You can also look if a Custom App Settings JSON that can be imported in to Jamf Application & Custom Settings. This gives us a graphical interface to custom settings for certain applications. (Jamf has a few built-in, mostly for their own applications.)

Finally, if all else fails, you will need to look at the documentation for the application and see if that have a list of settings. For example, Microsoft has knowledge base articles with all the settings available for the Office products.

It should be noted that the are application specific preferences, but there are Apple specific preferences that control certain security aspects of the application. For example the Notifications preference controls whether Applications can send notifications and, if yes, what format. 

You mentioned, PPPC. This is a completely separate profile and allows an Admin to pre-approve certain privacy settings for a application. For example, some applications (e.g. security software) needs Full Disk Access to run. You don't want to rely on your users granting (or worse denying) access to the appliction. So, you can pre-approve most security settings for an application via a PPPC profile. 

However Screen Recording, Camera, and Microphone are special cases. Apple considers user privacy very important and does not allow an Admin to programmatically allow access to these three settings. Apple wants to the user to be knowledgable about what tools are being given this access. They can be denied, but now allowed. 

View solution in original post

2 REPLIES 2

Tribruin
Valued Contributor II

In most cases, it is up to each vendor to define and publish the preferences and settings for their product. For example, Microsoft Word will have a different set of preferences than Slack. There are a few ways to see what settings are available for each product (and not all work for all products):

iMazing Profile Editor | Create, Edit, and Sign Apple Configuration Profiles is a fabulous tool for creating configuration profiles. There is a community base around the tool, so the preferences for many common applications are available in this tool. You can create and export profiles and upload them directly to Jamf. 

You can also look if a Custom App Settings JSON that can be imported in to Jamf Application & Custom Settings. This gives us a graphical interface to custom settings for certain applications. (Jamf has a few built-in, mostly for their own applications.)

Finally, if all else fails, you will need to look at the documentation for the application and see if that have a list of settings. For example, Microsoft has knowledge base articles with all the settings available for the Office products.

It should be noted that the are application specific preferences, but there are Apple specific preferences that control certain security aspects of the application. For example the Notifications preference controls whether Applications can send notifications and, if yes, what format. 

You mentioned, PPPC. This is a completely separate profile and allows an Admin to pre-approve certain privacy settings for a application. For example, some applications (e.g. security software) needs Full Disk Access to run. You don't want to rely on your users granting (or worse denying) access to the appliction. So, you can pre-approve most security settings for an application via a PPPC profile. 

However Screen Recording, Camera, and Microphone are special cases. Apple considers user privacy very important and does not allow an Admin to programmatically allow access to these three settings. Apple wants to the user to be knowledgable about what tools are being given this access. They can be denied, but now allowed. 

bidaum
New Contributor

I really appreciate the breakdown... so, I might for example create a configuration profile for an application to set various settings; let's say how often an app updates, assuming said app has a plist key for that setting. I might also push out another profile for the same app, specifically for the macos-specific settings if it also, for example, needed full disk access. Does that sound right/normal? 

I swear I'm not trying to avoid doing my own googling, but I'm having trouble finding macos plist documentation, any chance you or anyone can point me to it? Closest thing I can find is stuff like this: macOS Keys (apple.com) but I'm not finding anything like: Full Disk Access -- here are the keys and values supported... Maybe I'm still laboring under some misconception, but wouldn't that be documented by Apple? I can launch something like PPPC and choose and app, add full disk access, and see the keys in there, but I feel like I shouldn't have to use a third party tool to discover the keys for the OS at least.