SuperOps MDM allows you to manage Mac devices at the operating system level. You can enforce password policies, restrict device features like AirDrop and Bluetooth, manage iCloud services, configure network settings, and control security-related system behaviors. These controls are implemented through macOS configurations and restrictions.
In this article, you will learn what these configurations and restrictions are and how to manage them in SuperOps
What are Configurations and Restrictions?
Certain macOS policies in SuperOps are enforced purely through Apple’s Mobile Device Management (MDM) framework.
These controls operate at the OS level. Once a device is enrolled and the policy is applied, macOS enforces the setting directly. The SuperOps RMM agent is not involved in these controls.
MDM-based policies are typically used to:
Establish security baselines
Control device behavior
Standardize onboarding
Enforce compliance requirements
These settings fall into two categories:
Restrictions
Configurations
This article specifically focuses on MDM-based controls.
Accessing Mac Policies
To configure these settings, navigate to Settings > Policy Management. Here you will see options for both Mac Server and Mac Workstation Policies.
Note : If you are using the Advanced Policy Framework, you can create child policies under a root policy. This allows you to apply different configurations to different clients or device groups at scale.
MDM Restrictions
Restrictions control what users can or cannot do on a device. These are enforced directly by macOS after enrollment.
In SuperOps, MDM Restrictions are grouped into:
General
Security
Apps
iCloud & Apple ID Settings
General: Controls core OS features like Account Modification, AirDrop, and Bluetooth settings.
Security: Manages authentication and lock screen settings, such as Touch ID, Auto Unlock, and password modification.
Apps: Restricts specific applications and services, such as the iBook Store, Safari autofill, or Siri.
iCloud & Apple ID Settings: Manages cloud synchronization features, including iCloud Drive, Keychain sync, and document sync.
MDM Configurations
These configurations are ideal for baseline compliance and zero-touch provisioning.
ADE Profile: Configures the Automated Device Enrollment experience, including supervision behavior and Setup Assistant screens. These settings are defined in advance so that when devices are enrolled through ADE, the specified options are automatically applied during onboarding.
Password: Enforces passcode requirements such as complexity, minimum length, auto-lock timing, and password rotation rules.
Network: Allows pre-configuration of Wi-Fi and proxy settings so devices can connect automatically during setup.
Next Steps
Restrictions and configurations establish the baseline security and behavior of macOS devices.
OS updates and software updates follows a hybrid approach. SuperOps lets you manage them through MDM controls and the RMM agent. Please refer to the following links for deeper understanding.
These sections explain how enforcement, scheduling, and software deployment operate beyond baseline configuration.