Category filter

Configuration profile to disallow account modification on macOS devices

Allowing the addition of Internet Accounts and Apple IDs not associated with the organization can pose risks and challenges to managed devices. By restricting account modifications, administrators can maintain control over the devices’ account settings, ensuring compliance with the organization’s policies.

Disallowing account modifications on macOS devices can be effectively achieved by using a custom configuration profile. This configuration profile, which can be deployed using Hexnode’s Deploy Custom Configuration feature, helps enforce security measures across all devices.

Disclaimer:


The sample configuration profile provided below is adapted from a third-party open-source site.

Note:


The configuration profile is supported on macOS 14 or later.

Disallow account modification on macOS devices

Here, allowAccountModification is the key that controls whether users can modify the Internet Accounts and Apple ID on a device. When allowAccountModification is set to false, it means that the ability to change, add, or remove Internet Accounts and Apple IDs is disabled on the device. If an account already exists, users can’t modify it.

What happens at the device end?

After deploying the configuration profile to the macOS device, the ability to add Internet Accounts on the device will be disabled. You can check this by accessing the Internet Accounts section in the System Settings of the Mac.

After applying the configuration profile to disallow account modification on macOS devices, the option to add Internet Accounts is disabled.

Likewise, the option to add an Apple ID will also be disabled. This can be confirmed by clicking on the Sign in with your Apple ID option within the System Settings.

After applying the configuration profile to disallow account modification on macOS devices, the option to add an Apple ID is disabled

Notes:

  • To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
  • Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
  • Ensure that you do not associate conflicting configurations with the devices.
  • Use wildcards to fetch key values from the portal.
  • It is recommended to manually validate the configuration profile on a system before executing it in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.

  • Configuration Profile Repository