This article serves to assist admins that wish to restrict/prevent end-users from being able to sign into their own personal and iCloud/Apple accounts. Note that this will also restrict managed Apple IDs.
TABLE OF CONTENTS
Please keep in mind the follow methods require Addigy MDM. For more information on how to enroll using Addigy MDM, please refer to Addigy Mobile Device Management (MDM) Integration article.
How do I go about doing this?
We're glad you asked!
It's easy, simply create an MDM Configuration and create a new System Preference configuration.
Depending on your preferences, you may want to hide items or restrict users from being able to interact with certain items. Within this configuration, you can choose to hide/disable different system preferences options.
The options that we're looking to restrict are the below:
After you've built the configuration to your liking, save your work and deploy to your desired policies!
You can also create a restrictions payload and select the following options as you see fit:
Useful Related Scripts
Check if iCloud is enabled on a device
Result="True"
for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
if [ -e /Users/$user/Library/Mobile\ Documents/com~apple~CloudDocs/ ]; then
Result="False"
fi
done
echo $Result
Check if "Find My" is enabled on a device
#!/bin/sh
#
# Will reply Set if Find My Mac is set for this Mac
#
fmmToken=$(/usr/sbin/nvram -x -p | /usr/bin/grep fmm-mobileme-token-FMM)
if [ -z "$fmmToken" ];
then
echo "<result>Not Set</result>"
else
echo "<result>Set</result>"
fi
Check what Apple ID is signed in on a device
#!/bin/bash
for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
userHome=$(dscl . read /Users/"$user" NFSHomeDirectory | sed 's/NFSHomeDirectory://' | grep "/" | sed 's/^[ \t]*//')
appleid=$(dscl . readpl "${userHome}" dsAttrTypeNative:LinkedIdentity appleid.apple.com:linked\ identities:0:full\ name 2> /dev/null | awk -F'full name: ' '{print $2}')
if [[ "${appleid}" == "" ]]; then
echo "No AppleID for user:${user}"
else
echo "username:${user} AppleID:${appleid}"
fi
done