Skip to main content
  1. Addigy
  2. FAQ
  3. FAQ

How To Restrict iCloud/Apple ID Usage on macOS

Updated:

This article serves to assist admins that wish to restrict/prevent end-users from being able to sign into their own personal and iCloud/Apple accounts. Note that this will also restrict managed Apple IDs.

 

TABLE OF CONTENTS

Please keep in mind the follow methods require Addigy MDM. For more information on how to enroll using Addigy MDM, please refer to Addigy Mobile Device Management (MDM) Integration article.

How do I go about doing this? 

 

We're glad you asked! 

 

It's easy, simply create an MDM Configuration and create a new System Preference configuration.

 

Depending on your preferences, you may want to hide items or restrict users from being able to interact with certain items. Within this configuration, you can choose to hide/disable different system preferences options. 

 

The options that we're looking to restrict are the below: 

 

 

After you've built the configuration to your liking, save your work and deploy to your desired policies! 

 

You can also create a restrictions payload and select the following options as you see fit: 

 

 

Check if iCloud is enabled on a device

Result="True"
for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
if [ -e /Users/$user/Library/Mobile\ Documents/com~apple~CloudDocs/ ]; then
    Result="False"
fi
done
echo $Result

 

Check if "Find My" is enabled on a device 

#!/bin/sh
#
# Will reply Set if Find My Mac is set for this Mac
#

fmmToken=$(/usr/sbin/nvram -x -p | /usr/bin/grep fmm-mobileme-token-FMM)

if [ -z "$fmmToken" ];
then
    echo "<result>Not Set</result>"
else
    echo "<result>Set</result>"
fi

 

Check what Apple ID is signed in on a device 

#!/bin/bash
for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
    userHome=$(dscl . read /Users/"$user" NFSHomeDirectory | sed 's/NFSHomeDirectory://' | grep "/" | sed 's/^[ \t]*//')
    appleid=$(dscl . readpl "${userHome}" dsAttrTypeNative:LinkedIdentity appleid.apple.com:linked\ identities:0:full\ name 2> /dev/null | awk -F'full name: ' '{print $2}')
    if [[ "${appleid}" == "" ]]; then
        echo "No AppleID for user:${user}"
    else
        echo "username:${user} AppleID:${appleid}"
    fi
done

 

 

 

 

Was this article helpful?
3 out of 5 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team