I am hoping to be able to restrict using iCloud Drive and Find my Mac. I used iMazing Profile Editor to create a plist file that I could use in a configuration profile. The profile works as it should for iCloud Drive, but it does nothing for Find my Mac. I don't want users storing company documents in iCloud Drive, and I do not want Find my Mac turned on. FMM has made getting Macs repaired through Apple a pain if it's turned on. I found a thread here discussing restrictions for iCloud. It included a link to a Github page that has a profile that looks promising. It doesn't work either. That page is here: https://github.com/ducksrfr/mac_admin/blob/master/profiles/disable_icloud_services.mobileconfig
I can totally lock out the ability to use iCloud completely, but I really don't want to. I'm trying to disable the things that can cause security issues, or difficulty for the users on the networks that we manage. Has anyone been able to successfully stop Find my Mac from being used without totally banning iCloud? Here's a screenshot of the profile that I made.
Solved! Go to Solution.
There's multiple things needed for Find My Mac I've found.
You can get an idea of the keys and all required by this link - https://github.com/usnistgov/macos_security/blob/main/rules/sysprefs/sysprefs_find_my_disable.yaml
@happyprovide You have to use Custom Payload for com.apple.icloud.managed preference to restrict the FMM settings to be modified but this will not disable the FMM if it's already enabled. This will prevent the user to turn off the settings if it's enabled already (No workaround).
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DisableFMMiCloudSetting</key> <true/> </dict> </plist>