SWIF.ai

The Apple System Preferences Security Policy allows administrators to control and restrict key macOS system security settings. By enforcing this policy, IT teams can prevent users from modifying critical security configurations such as password changes, lock screen messages, and firewall settings.

This policy is ideal for organizations that require strict control over device security, compliance posture, or standardized security settings across their macOS fleet.

___________________________________________________________

macOS provides system preferences that allow users to modify security-related settings. However, unmanaged access can lead to:

Users overriding security messages or compliance banners

Incorrect firewall configurations that expose the device to risk

- Weak or inconsistent password policies
- Users overriding security messages or compliance banners
- Incorrect firewall configurations that expose the device to risk

The Apple System Preferences Security Policy enables administrators to lock down these controls to maintain device integrity and prevent unauthorized changes.

Some restrictions may require supervised or ADE-enrolled macOS devices

- macOS 10.10+
- Device must be enrolled in Swif.ai MDM
- Some restrictions may require supervised or ADE-enrolled macOS devices

Below is a breakdown of the configurable options within this policy.

Prevents users from changing their local account passwords.

Use Case: Environments where passwords are managed by SSO, LDAP, or centralized authentication systems.

Blocks users from modifying the lock screen message displayed when the device is locked.

Use Case: Organizations that require a standardized asset ownership message or legal/compliance notice.

Prevents the user from changing the macOS firewall settings via the UI.

Use Case: High-security environments where the firewall must remain centrally managed.

Pair this policy with Apple Firewall Policy to control both UI access and firewall behavior.

Use Disallow Password Change for devices integrated with Platform SSO, Okta, Azure AD, or Google SSO.

Enforce a standard lock screen message using the Apple Login Window Policy while disabling user modification via this policy.

Recommended for enterprise, healthcare, education, financial, and government environments requiring strict controls.

- Pair this policy with Apple Firewall Policy to control both UI access and firewall behavior.
- Use Disallow Password Change for devices integrated with Platform SSO, Okta, Azure AD, or Google SSO.
- Enforce a standard lock screen message using the Apple Login Window Policy while disabling user modification via this policy.
- Recommended for enterprise, healthcare, education, financial, and government environments requiring strict controls.

Navigate to Swif Admin Console → Policies → Create New Policy

Select Apple System Preferences Security Policy

- Disallow Password Changes
- Disallow Lock Message Changes
- Disable Firewall UI

Assign the policy to devices or device groups

1. Navigate to Swif Admin Console → Policies → Create New Policy
2. Select Apple System Preferences Security Policy
3. Configure the settings:
 - Disallow Password Changes
 - Disallow Lock Message Changes
 - Disable Firewall UI
4. Click Continue
5. Assign the policy to devices or device groups
6. Save and apply the policy

Devices will enforce these restrictions automatically during the next MDM sync.

Ensures security configurations remain consistent and tamper-proof

Prevents users from weakening security by altering system settings

Helps enforce corporate or regulatory security standards

Reduces IT support overhead by removing user access to advanced settings

Strengthens endpoint security posture across the entire macOS fleet

- Ensures security configurations remain consistent and tamper-proof
- Prevents users from weakening security by altering system settings
- Helps enforce corporate or regulatory security standards
- Reduces IT support overhead by removing user access to advanced settings
- Strengthens endpoint security posture across the entire macOS fleet

Apple System Preferences Security Policy

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Setting	Description	Minimum Requirement
True	Users cannot modify their macOS account password.	macOS 10.10+
False	Users may change their password normally.	macOS 10.10+

Setting	Description	Minimum Requirement
True	Lock screen message cannot be changed.	macOS 10.10+
False	User may customize the lock message.	macOS 10.10+

Setting	Description	Minimum Requirement
True	Users cannot access or modify the firewall UI.	macOS 10.10+
False	User may adjust firewall settings freely.	macOS 10.10+

Apple System Preferences Security Policy

Overview

Requirements

Configurable Settings

Disallow User to Change Password

Disallow User to Set Lock Message

Don’t Allow Firewall UI

Best Practices

How to Configure

Compliance & Security Benefits