Skip to content

How to Create an Application Control Policy for Mac Devices?

Mac Application Policies govern application usage on Mac Devices. If your organization has Mac devices onboarded, then it is recommended to create Mac application control policies before removing admin rights.

The EPM administrator can create Mac control policies by navigating to Privileges >> Application Policies >> Add Policy, select Mac Policy, and follow the steps below.

  1. Provide a name and description for the policy.

  2. Specify the level of permissions that this policy must grant.

    Select Application Elevation Preference For Mac Policy

    • Privilege Elevation: You can choose between granting local admin privilege or system privilege to the users with the policy.

      • Elevate with local administrator privilege – When this right is granted, the user will be granted permission to run the associated applications with local admin privileges.

      • Elevate with system privilege – When this right is granted, the apps/processes will run with system privileges.

    • Grant/Deny SUDO Privileges: For command control, you can choose between granting or denying SUDO privileges. This option would govern the user's permission to execute specific commands with SUDO.

    • Allowlists/Blocklists: To control application usage, you can choose between Allowlisting and Blocklisting.

      • Allowlists – An allowlist allows the associated user to run the specific apps with the default permissions of the user account. All other apps are blocked for the user.

      • Blocklists- A blocklist blocks the associated user from running specific apps completely. The user is free to run any other applications apart from the ones included in the blocklist.

  3. Once the privilege elevation preferences are set, you must select the Mac applications or Commands that should be governed using this policy.

    Select Applications And Commands To Add To Mac Policy

  4. Select the computers/computer groups on which the policy must be enforced.

    Associate Mac Policy With Mac Devices In EPM

  5. Select the users/user groups with whom the policy must be associated. Here, you have the option to include specific users and groups or exclude specific users/groups and enforce the policy for all other users. Here, you can select domain users too if the device is registered with the domain.

You can go for organization wide enforcement by choosing “All Users” here.

Select Users With Whom The Policy Is Associated

Once the preferences are selected, click Save.

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly.

Thanks for sharing your details.
We will be in touch with you shortly.