This article serves to assist admins that wish to restrict/prevent end-users from being able to sign into their own personal iCloud/Apple accounts.  


Please keep in mind the follow methods require Addigy MDM. For more information on how to enroll using Addigy MDM, please refer to Addigy Mobile Device Management (MDM) Integration article.

How do I go about doing this? 

We're glad you asked! 

It's easy, simply create an MDM Configuration and create a new System Preference configuration.

Depending on your preferences, you may want to hide items or restrict users from being able to interact with certain items. Within this configuration, you can choose to hide/disable different system preferences options. 

The options that we're looking to restrict are the below: 

After you've built the configuration to your liking, save your work and deploy to your desired policies! 

You can also create a restrictions payload and select the following options as you see fit: 

Check if iCloud is enabled on a device

for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
if [ -e /Users/$user/Library/Mobile\ Documents/com~apple~CloudDocs/ ]; then
echo $Result

Check if "Find My" is enabled on a device 

# Will reply Set if Find My Mac is set for this Mac

fmmToken=$(/usr/sbin/nvram -x -p | /usr/bin/grep fmm-mobileme-token-FMM)

if [ -z "$fmmToken" ];
echo "<result>Not Set</result>"
echo "<result>Set</result>"

Check what Apple ID is signed in on a device 

for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
userHome=$(dscl . read /Users/"$user" NFSHomeDirectory | sed 's/NFSHomeDirectory://' | grep "/" | sed 's/^[ \t]*//')
appleid=$(dscl . readpl "${userHome}" dsAttrTypeNative:LinkedIdentity\ identities:0:full\ name 2> /dev/null | awk -F'full name: ' '{print $2}')
if [[ "${appleid}" == "" ]]; then
echo "No AppleID for user:${user}"
echo "username:${user} AppleID:${appleid}"

If you have an Addigy account and have additional questions, you can create a ticket by emailing

Alternatively, you can submit a support request within Addigy.