Posted on 04-04-2017 10:11 AM
So, as my company is starting to roll out the management of Macs via JAMF, we would like to restrict users from using iCloud Desktop and Documents in a way to protect private/proprietary information from being transmitted to other devices we have no control over.
I know that this can be done via a configuration profile restricting documents and data, but I would rather start that on new machines. I'm concerned that enabling it on already-deployed devices would cause data to disappear and end up in more headaches for my department than it's worth.
Anybody tried restricting this on machines that had been in use for awhile? How did it go? What appeared/disappeared when the profile was pushed? How did your users react?
Posted on 07-17-2017 02:26 PM
We rolled out a configuration profile that disallowed the feature in a sandbox environment with a MacBook that had iCloud Documents & Data turned on. The behavior that we saw was that once the machine pulled down the new config, all iCloud Data disappeared from the Mac and the option to turn it on was grayed out. All the data remained in the iCloud account and could be accessed via the iCloud web portal so data loss didn't appear to be an issue. I would assume that if it was rolled out to the general population the reaction would essentially be "Dude, where's my data?".
I work in a similar environment where we don't want to have users storing data in an unmanaged iCloud account so we are looking to do the same thing, but we're planning on dealing with it first through a combination of education and communication efforts before with flip the switch. At that point, if a user hasn't complied with company policy, we can point to the fact that due diligence was performed and then you're talking about a people problem and not a technical one.