For more information on System Integrity Protection, see About System Integrity Protection on your Mac from Apple's support website. System Integrity Protection (SIP) is a security technology from Apple that restricts the root user account and limits actions that the root user can perform on protected parts of the Mac operating system. To view the current status, navigate to the Security category in inventory information for a computer.Ĭreate an advanced computer search with the Recovery Lock criteria.Ĭreate a smart group with the Recovery Lock criteria. View whether or not a compatible computer has Recovery Lock enabled. The following reporting capabilities are available for Recovery Lock: For more information about Recovery Lock, see Use macOS Recovery on a Mac with Apple silicon in Apple's macOS User Guide.
Recovery Lock prevents access to macOS Recovery without a password providing additional security for the computers in your environment.
To view the current status, navigate to the Security category in inventory information for a computer.Ĭreate an advanced computer search with the Gatekeeper criteria.Ĭreate a smart group with the Gatekeeper criteria.Ĭomputers with Apple silicon (i.e., M1 chip) with macOS 11.5 or later View the status for Gatekeeper when viewing management information for a computer. The following reporting capabilities are available for Gatekeeper: For more information on Gatekeeper, see Safely open apps on your Mac from Apple's support website.
In macOS, Gatekeeper options are found in Apple menu > System Preferences... > Security & Privacy > General tab under the header Allow applications downloaded from.įor computers with macOS 10.7.5 or later, you can install a macOS configuration profile with a Security & Privacy payload that restricts which Gatekeeper preferences are enabled on a computer ( Mac App Store, Mac App Store and identified developers, or Anywhere). Gatekeeper is a security technology from Apple that helps to protect computers from apps that could adversely affect them. To view the current status, navigate to the Security category in inventory information for a computer.Ĭreate an advanced computer search with the Firewall criteria.Ĭreate a smart group with the Firewall criteria. View whether or not a compatible computer has Firewall enabled. The following reporting capabilities are available for Firewall: PreStage Enrollment: Users Are Not Volume Owners on Computers with macOS 11.5–12 when the Recovery Lock Password is Set During Enrollment (PI-010304).Obtaining an Installer Certificate from Apple.Moving from User- to Device-based Volume Purchasing Assignments.