This article serves to assist admins that wish to restrict/prevent end-users from being able to sign into their own personal iCloud/Apple accounts.  


TABLE OF CONTENTS


Please keep in mind the follow methods require Addigy MDM. For more information on how to enroll using Addigy MDM, please refer to Addigy Mobile Device Management (MDM) Integration article.

How do I go about doing this? 


We're glad you asked! 


It's easy, simply create an MDM Configuration and create a new System Preference configuration.


Depending on your preferences, you may want to hide items or restrict users from being able to interact with certain items. Within this configuration, you can choose to hide/disable different system preferences options. 


The options that we're looking to restrict are the below: 



After you've built the configuration to your liking, save your work and deploy to your desired policies! 


You can also create a restrictions payload and select the following options as you see fit: 




Check if iCloud is enabled on a device

Result="True"
for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
if [ -e /Users/$user/Library/Mobile\ Documents/com~apple~CloudDocs/ ]; then
Result="False"
fi
done
echo $Result


Check if "Find My" is enabled on a device 

#!/bin/sh
#
# Will reply Set if Find My Mac is set for this Mac
#

fmmToken=$(/usr/sbin/nvram -x -p | /usr/bin/grep fmm-mobileme-token-FMM)

if [ -z "$fmmToken" ];
then
echo "<result>Not Set</result>"
else
echo "<result>Set</result>"
fi


Check what Apple ID is signed in on a device 

#!/bin/bash
for user in $(dscl . list /Users UniqueID | awk '$2 >= 500 {print $1}'); do
userHome=$(dscl . read /Users/"$user" NFSHomeDirectory | sed 's/NFSHomeDirectory://' | grep "/" | sed 's/^[ \t]*//')
appleid=$(dscl . readpl "${userHome}" dsAttrTypeNative:LinkedIdentity appleid.apple.com:linked\ identities:0:full\ name 2> /dev/null | awk -F'full name: ' '{print $2}')
if [[ "${appleid}" == "" ]]; then
echo "No AppleID for user:${user}"
else
echo "username:${user} AppleID:${appleid}"
fi
done







If you have an Addigy account and have additional questions, you can create a ticket by emailing support@addigy.com.

Alternatively, you can submit a support request within Addigy.