Data Restrictions

  • Updated
Follow

These profiles reflect a best-effort technical control to limit users from uploading company data to non-company cloud storage solutions. Used in conjunction with Restrict External Media controls, these profiles minimize the risk of accidental data exfiltration.

These profiles manage Apple-hosted services. If you need to restrict access to other cloud storage platforms (Box, Dropbox, Google Drive, OneDrive, etc.), we may recommend using DNS filters like Cisco Umbrella to block them. Leverage DLP features with your email provider to complement these controls.

Ntiva Security Standards - Disable iCloud Sync
Restrictions

Controls

  • Allow iCloud Drive - false
  • Allow iCloud Keychain - false
  • Allow iCloud Photo Library - false
  • Allow iCloud Bookmarks - false
  • Allow iCloud Calendar - false
  • Allow iCloud Contacts - false
  • Allow iCloud Desktop & Documents - false
  • Allow iCloud Mail - false
  • Allow iCloud Notes - false
  • Allow iCloud Reminders - false
  • Allow iCloud Freeform - false
  • Allow iCloud Backup - false (iOS/iPadOS only)

Notes

  • While we cannot disable a user's ability to log into an Apple Account, we can limit what those Apple Accounts are capable of syncing to prevent unwanted upload/download (specifically for Personal (unmanaged) Apple Accounts. 

Ntiva Security Standards - Managed Pasteboard and Open In

Restrictions

Controls

  • Allow managed to write to unmanaged contacts - false
  • Allow unmanaged to read managed contacts - false
  • Treat AirDrop as unmanaged - true
  • Allow documents from managed to unmanaged - false
  • Allow documents from unmanaged to managed - true
  • Require managed pasteboard - true

Notes

  • These controls should be used when your organization is deploying apps that contain private/secure information that should not be copied into unmanaged/unknown destinations. Managed pasteboard allows an extra layer of security by ensuring copy/paste commands are sandboxed within your managed applications deployed via Addigy MDM. That content cannot be pasted in system apps or apps installed by end users.
  • In certain business scenarios, the free use of AirDrop may be required; this key is optional and can be disabled. 

Related articles

Comments

0 comments

Please sign in to leave a comment.