macOS 10.14+ introduces a system-wide privacy layer (“TCC”) that requires user consent before apps may access protected services (Camera, Microphone, Calendar, Desktop Folder, etc.). Swif’s Privacy Preferences Policy lets you centrally manage these settings and pre‑approve or block specific apps, eliminating end‑user prompts.
Prerequisites
Devices must be running macOS 10.14 or later.
Devices must be supervised and enrolled via MDM (Swif Installer).
Swif Agent v1.XXX+ installed and connected.
Creating a Privacy Preferences Policy
Go to Device Management > Policies, then click Create New Policy.
Select Privacy Preferences Policy from the policy list and click Continue.
Enter a Policy Name (e.g. “Privacy Preferences Policy”) and an optional Policy Description.
Under Settings, you’ll see a list of all macOS privacy services:
Accessibility
Address Book
Apple Events
Bluetooth Always
Calendar
Camera
File Provider Presence
Listen Event
Media Library
Microphone
Photos
Post Event
Reminders
Screen Capture
Speech Recognition
System Policy All Files
System Policy App Bundles
System Policy App Data
System Policy Desktop Folder
System Policy Documents Folder
System Policy Downloads Folder
System Policy Network Volumes
System Policy Removable Volumes
System Policy SysAdmin Files
Configuring Code Requirement
You can use the following command to fill in the Code Requirement section in the Policy.
codesign -display -r - {{APP_PATH}}
Configuring a Service
For each service you want to manage:
Click the green + Add button next to the service.
In the Add Privacy Preference dialog:
Application: Enter the app’s bundle identifier (e.g.
com.apple.Safari) or click Browse to upload a custom.appbundle.Access Type: Choose one of:
Allow – Pre‑approve without prompting.
Allow with Standard Prompt – Let macOS show its standard “Allow/Don’t Allow” prompt.
Deny – Block access permanently.
Minimum OS (optional): Specify the earliest macOS version this rule applies to (e.g.
10.15).
Click Save to return to the Settings list.
Repeat for each app + service combination your organization requires.
Example: Allow Zoom to Use Camera & Microphone
Service | Bundle ID | Access Type | Minimum OS |
Camera | us.zoom.xos | Allow | 10.14 |
Microphone | us.zoom.xos | Allow | 10.14 |
Click + Add beside Camera → specify
us.zoom.xos, select Allow, set 10.14, Save.Repeat under Microphone.
Deploying the Policy
After adding all desired settings, click Continue.
Select Devices or Device Groups to target.
Click Review, then Create Policy.
Devices will receive the new PPPC profile on their next check‑in, and the specified apps will be whitelisted or blocked accordingly—without any further user interaction.
Troubleshooting
Policy Not Applying?
Ensure the device is supervised and re‑enrolled if necessary.
Verify the bundle identifier exactly matches the app’s
Info.plist.Check in Profiles on the Mac ( > System Settings > Privacy & Security > Profiles) that the Swif PPPC profile is installed.
“Prompt” Still Appearing?
If you chose Allow with Standard Prompt, macOS will always prompt first. Switch to Allow for silent approval.
Managing Native vs. Custom Apps
Built‑in Apple apps (Calendar, Photos) can be managed by specifying their system bundle IDs (e.g.
com.apple.Calendar).
By centrally defining your macOS privacy‑preference rules in Swif, you can eliminate help‑desk tickets and ensure consistent, secure behavior across your fleet.