Security device management payload settings for Apple devices
You can configure Security settings for users of a Mac that enrolls in a device management service. Use the Security payloads to set various Gatekeeper and security options.
The Security payloads support the following. For more information, see Payload information.
Supported payload identifiers: com.apple.preference.security, com.apple.systempolicy.control, com.apple.systempolicy.rule
Supported operating systems and channels: macOS device, macOS user.
Supported enrollment methods: Device Enrollment, Automated Device Enrollment.
Duplicates allowed: False—only one Security payload can be delivered to a user or device.
You can use the settings in the table below with the Security payloads.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Configure Gatekeeper settings | Set which apps are allowed to launch on the Mac:
| No | |||||||||
Don’t allow user to override Gatekeeper setting | Prevent users from using Control-click to open an unidentified app or from installing an app using the Installer app. | No | |||||||||
Allow user to change password | Specify whether users are permitted to change their password. | No | |||||||||
Require password after sleep or screen saver begins | Specify whether a password is required upon waking or when a screen saver ends as a result of mouse, trackpad, or keyboard movement. | No | |||||||||
Allow user to set lock message | Specify whether users can set a short message that appears at the bottom of the Lock Screen. | No | |||||||||
Allow user to unlock the Mac using Apple Watch. | Specify whether users can unlock their Mac with Apple Watch. | No | |||||||||
Note: Each device management service developer implements these settings differently. To learn how Security settings are applied to your devices and users, consult your developer’s device management service documentation.