macOS Transition - Restrictions

On this page is a list of the restrictions that are in place as part of the new security baseline on macOS for Faculty/Staff machines.

AirDrop MUST be disabled to prevent file transfers to or from unauthorized devices. AirDrop allows users to share and receive files from other nearby Apple devices.

AppleID and iCloud are not supported to be directly logged into on campus owned macOS computers. They are not approved for storage of campus resources that do not fall under Category 1 in , or backing up of Desktop/Documents on campus owned devices.

Most functions of iCloud can be utilized through

Handoff allows you to continue working on a document or project when the user switches from one Apple device to another. Disabling Handoff prevents data transfers to unauthorized devices. This also requires the device being logged into AppleID, which is not supported by the campus.

The default behavior of macOS is to allow users to share a password over Airdrop between other macOS and iOS devices. This feature MUST be disabled to prevent passwords from being shared.

Bluetooth Sharing allows users to wirelessly transmit files between the macOS and Bluetooth-enabled devices, including personally owned cellphones and tablets. A malicious user might introduce viruses or malware onto the system or extract sensitive files via Bluetooth Sharing. When Bluetooth Sharing is disabled, this risk is mitigated.

The information system MUST be configured to provide only essential capabilities. Disabling Location Services helps prevent the unauthorized connection of devices, unauthorized transfer of information, and unauthorized tunneling.

Some Preference Panes in System Settings/Preferences contain settings that affect the entire system. Requiring a password to unlock these system-wide settings reduces the risk of a non-authorized user modifying system configurations.

The main spot this could impact end users would be the time zone. For this reason, a policy has been configured in Self Service (available in the Applications folder) to allow for modifying of the time zone without administrative privileges.

If other issues arise within daily computer usage that seem to be an issue, please do not hesitate to put in a request to and it can be reviewed and a potential solution applied to the systems.