You can prevent end users from enabling Find My on company-owned macOS devices by deploying a custom MDM profile. This is particularly useful for organizations that want to avoid user-based Activation Lock, which can make it difficult to reassign or wipe a device if a user's Apple Account is tied to it.
Important: This profile prevents Find My from being enabled going forward. It will not disable Find My on devices where it is already turned on. If Find My is currently enabled on a device, it must be manually disabled before deploying this profile.
Overview
Addigy does not have a built-in Find My MDM profile, so this configuration requires creating a custom profile using a third-party tool and uploading it to Addigy. The relevant payload is com.apple.icloud.managed, which controls iCloud Find My settings on macOS.
Step 1: Create the Profile in iMazing
iMazing Profile Editor is a free third-party tool for creating Apple MDM profiles. Use it to build the Find My payload before uploading it to Addigy.
- Open iMazing Profile Editor and create a new profile.
- In the payload search, search for Find My.
- Select iCloud Find My (
com.apple.icloud.managed) and click Add Payload. - Check the box next to Disable Find My iCloud Setting.
-
Navigate to the General tab and give the profile a clear name (e.g.,
Disable Find My). Fill out any other required fields. - Save the profile as a
.mobileconfigfile.
Step 2: Upload the Profile to Addigy
- Navigate to Catalog > Device Settings and click New.
- Click Custom Profile in the top right corner.
- Upload the
.mobileconfigfile you exported from iMazing. - Click Create Profile, then assign it to the appropriate policy and deploy.
Need help uploading a custom profile? See How to Configure and Deploy a Custom Profile.
End User Experience
Once the profile is deployed, users will still see the Find My option in System Settings > Apple Account > iCloud, but clicking Turn On will have no effect — Find My will remain off and cannot be enabled while the profile is installed.