Configure Security and Privacy 07
One of the most important factors for companies to choose Mac computers is the powerful security settings. By using the MDM solution for your Mac deployment, you'll have even more features to ensure the security of your business data is assured.
There are several ways you can ensure the security of your Mac computers and keep your end-users safe. If you use Mosyle Manager as your MDM solution, you can configure FileVault settings, Firewall ports and Gatekeeper settings to protect the Mac fleet from apps downloaded from unknown sources. In this chapter we’ll show you some options for this stage of Mac deployment.
You can configure Security and Privacy profile within Mosyle Manager so you can configure Gatekeeper, for example. Gatekeeper can be used to restrict the installation of downloaded apps.
The school's administrator can configure Filevault 2 that offers full disk encryption so you can enable it to encrypt the entire contents of the startup drive. If the Mac computer is powered off, the drive's data is fully unrecoverable without a password using the Personal recovery key which can be escrowed with Mosyle Manager or the Institutional recovery key.
Another option is to configure the Firewall using the management profiles available in Mosyle Manager to ensure connections are safe. This can be used to enable macOS built-in firewall to block incoming connections. All incoming connections (except for those required for basic internet services) can be blocked and instead the school's administrator can create a list of apps that are allowed to receive incoming connections.
Using Mosyle Manager, you will also want to create a Privacy management profile in which you can create a configuration profile containing Privacy Preferences Policy Control Payload's for code signed applications/binaries or code signed scripts on macOS Mojave 10.14.
If you have any personalized questions about Security and Privacy, our Support Team can help along the way! Click here to see more about the most reliable Support service for MDM solutions.
In the last section we’ll go over some other important configurations that will make your deployment and management process smoother.