The security and privacy settings profile lets you configure Apple's Gatekeeper functionality settings, which are used for secure application downloads. Gatekeeper also controls specific settings related to user passwords.


  1. Navigate to Resources > Profiles & Baselines > Profiles and select Add. Select Apple macOS, and then select whether this profile will apply to only the enrollment user on the device (User Profile), or the entire device (Device Profile).
  2. Configure the profile's General settings.
  3. Select the Security and Privacy payload.
  4. Choose locations from which apps may be downloaded.
  5. Configure OS Updates settings to perform a force delay in updating OS especially from updates being visible to end user for a specified number of days.
    Setting Description
    Delay Updates (Days)

    Enable this option and specify the number of days to delay the software update. Number of days range from 1 to 90. (macOS 10.13.4+ devices). The number of days dictate the length of time after the release of the software update and not after the time of installation of the profile.

  6. Configure Gatekeeper settings.
    Setting Description

    Choose to restrict which types of applications may be downloaded. The available options are:

    • Mac App Store
    • Mac App Store and identified developers
    • Anywhere

    Do not allow user to override Gatekeeper setting

    Select to prevent the user from modifying settings to Gatekeeper.
  7. Configure Security settings.
    Setting Description
    Apple Watch to Unlock

    Select to allow Apple Watch to unlock a paired macOS device (macOS 10.12 and higher).

    Touch ID to Unlock Select to allow Touch ID to unlock a macOS device (macOS 10.12.4 and higher).
    Allow user to change Password Select to allow end users to change their passwords (macOS 10.9+).
    Require password after sleep or screensaver begins Select to require a password after sleep or screen saver begins. Set the grace period to determine when a password should be entered.
    Allow user to set lock message Select to allow end users to set a lock message on their devices (macOS 10.9+).
  8. Configure Privacy settings to automatically send diagnostic and usage data to Apple.
  9. Select Save & Publish when you are finished to push the profile to devices.