Restrictions (macOS)
For security-conscious organizations and environments where privacy and information security concerns require controlling the unauthorized transfer of mobile data out of the mobile devices, SOTI MobiControl provides various on-device restrictions including the capability to block various device communications, similar to firewall functionality. The Restrictions configuration enables you to selectively disable device features. Applying the configuration at the individual or group level allows custom profiles for different users and locations in an organization. For example, disabling or enabling Bluetooth and infrared ports determines if device users can beam business cards, applications or documents to one another.
Device Functionality
| Lock Desktop Picture | Prevents the user from modifying the desktop picture selection. Enter the path of the file that will be used as the desktop picture. Leave the path blank to use the current desktop picture collection. |
| Disable Use of a Built-in Camera | Disables use of the built-in camera. When this is restricted all applications, whether native or enterprise, are unable to access the camera. |
| Disable iCloud Documents and Data | Disables document and key-value syncing to iCloud. |
| Disable Use of iCloud Password for Local Accounts | Disables use of the iCloud password for login to the local account. |
| Disable Back to My Mac iCloud Service | Disables the macOS Back to My Mac iCloud service. |
| Disable Find My Mac iCloud Service | Disables the macOS Find My Mac iCloud service. |
| Disable iCloud Bookmark Sync | Disables the macOS iCloud Bookmark sync. |
| Disable iCloud Mail Services | Disables the macOS iCloud Mail services. |
| Disable iCloud Calendar Services | Disables the macOS iCloud Calendar services. |
| Disable iCloud Reminder Services | Disables the iCloud Reminder services. |
| Disable iCloud Address Book Services | Disables the macOS iCloud Address Book services. |
| Disable iCloud Notes Services | Disables the macOS iCloud Notes services. |
| Disable iCloud Keychain Sync | Disables iCloud keychain synchronization. |
| Disable Spotlight Internet Search Suggestions | When selected, Spotlight internet search suggestions will not be shown when using Spotlight for searching. |
| Allow Only Configured Widgets | When selected, this option enables you to choose which widgets are enabled. |
Applications
| Delay Software and OS update availability | Prevents available software and OS updates from appearing to device user for the specified number of days, up to a maximum of 90 days.
Note: Requires macOS 10.13.4 or later.
|
| Disable Game Center | Disables Game Center and removes the app from the home screen. |
| Disable Addition of Game Center Friends | Prevents users from adding friends to Game Center |
| Disable Multiplayer Gaming | Prevents users from playing multiplayer games in Game Center |
| Disable Account Modifications | Prevents users from modifying the account in Game Center. |
| Disable Safari Autofill | Prevents the browser from using autofill to complete forms displayed on websites. |
| Allow App Store App Adoption | Prevents users from adopting apps that come free with their Mac. |
| Require Admin Password to Install or Update Apps | Requires use of the admin password to install or update apps. |
| Restrict App Store to Software Updates Only | Puts the Mac App Store into update-only mode. |
| Disable Apple Music | Prevents users from accessing Apple Music. |
| Allow Only Selected Applications | Allows applications from the provided list and Specify Whitelist/Blacklist path to allow/disallow applications to be launched. |
Media Content
| Disable AirDrop Network Access | Disables AirDrop network access. |
| Allow Internal Media Access | Allows internal media to be mounted. |
| Allow External Media Access | Allows external media to be mounted. |
| Allow Disk Image | Allows a disk image to be mounted. |
| Allow DVD RAM | Allow the DVD RAM to be mounted. |
| Allow CDs | Allow CDs to be mounted. |
| Allow DVDs | Allow DVDs to be mounted. |
| Allow Recordable Disk | Allow a recordable disk to be mounted. |
| Eject Volume on Logout | Removable media will ejected at logout. |
| Restrict Sharing Services | Select this option to restrict sharing services, and select the services for which you want to enable sharing. |