Posted on 10-24-2022 01:58 PM
Hello,
Just updated a test Mac to MacOS Ventura and found that I am no longer able to restrict access to Profiles. I attempted to restrict access to Extensions and that is successful, but when I check mark Profiles, it does not grey out.
Wondering if this is now only available for DEP enrolled devices vs devices that are manually enrolled and not supervised.
Posted on 10-24-2022 02:21 PM
I am seeing the same behavior here. The computer I am testing with is DEP enrolled. I also notice I had to reboot the computer for some of the restrictions to apply.
Posted on 10-24-2022 02:25 PM
I noticed this too on a DEP-enrolled test machine. However, I also noticed that the "-" (minus) button is grayed out/inoperable. Profiles visible 👎 but not removeable 👍
Posted on 10-24-2022 04:03 PM
Seems like he behavior is mainly for devices that were user enrolled and not DEP enrolled. Devices that are User enrolled, the option to remove the MDM management profile is not greyed out. going to have to keep the MacOS Ventura upgrade restriction until this is fixed.
Posted on 10-24-2022 04:43 PM
in some cases if you block the profiles pane, profiles don't install. this could affect profiles that you are trying to deploy
Posted on 10-25-2022 04:26 AM
This is by design from Apple. In order to be more open about what settings are being applied to a device Apple has removed the ability to restrict access to the Profiles Menu. The only way to lock down your MDM Profile is to mark it as not removable within your Pre-Stage Enrollment.
Its recommended if you don't want users to install profiles they download you can use the following
Posted on 10-25-2022 07:26 AM
Apple disallowed this with Ventura. Not being able to restrict System Settings > Profiles is working as intended.