The Apple iCloud Policy enables administrators to centrally manage iCloud features across macOS, iOS, and iPadOS devices.
This policy provides granular control over iCloud sync, backup, document storage, Photos, Keychain, and other Apple cloud services.
It is especially useful for organizations with compliance requirements, data residency restrictions, or security controls that limit cloud storage usage.
Requirements
macOS 10.12+
iOS 5.0+
iPadOS 5.0+
Some features require:
Supervised devices (iOS/iPadOS)
Shared iPad limitations
Minimum OS version per setting (listed below)
Overview
This policy allows IT administrators to:
Enable or disable iCloud features
Restrict document and data sync
Prevent iCloud backups
Control syncing of Mail, Calendar, Contacts, Notes, and more
Manage Photos, Shared Albums, and iCloud Photo Library
Control iCloud Keychain and enterprise book metadata syncing
Disable newer services like Private Relay and Freeform
All controls are applied silently on the device through MDM.
Configurable Settings
Below is a breakdown of all available iCloud controls included in this policy.
Allow iCloud Backup
Controls whether devices can back up to iCloud.
Setting | Behavior | Requirements |
True | iCloud Backup allowed | iOS 5+, iPadOS 5+ |
False | Prevents iCloud Backup | iOS 5+, iPadOS 5+ |
Note: On unsupervised devices, this restriction is deprecated and will be supervised-only in future releases.
Allow iCloud Document Sync
Allows or prevents syncing documents and app data to iCloud.
Setting | Behavior | Requirements |
True | Document & key-value sync allowed | macOS 10.12+, iOS 5+, iPadOS 5+ |
False | Disables iCloud Drive document sync | iOS 5+ → iOS 13 requires supervision |
Allow iCloud Keychain Sync
Controls whether iCloud Keychain can synchronize passwords and secure items.
Setting | Requirements |
True / False | macOS 10.12+, iOS 7+, iPadOS 7+ |
Allow Managed Apps Cloud Sync
Allows managed apps to use iCloud for syncing.
Setting | Requirements |
True / False | iOS 8+, available for user enrollment |
Allow iCloud Bookmarks
Controls Safari bookmark syncing via iCloud.
Setting | Requirements |
True / False | macOS 11.1+ |
Allow iCloud Calendar
Controls iCloud Calendar syncing.
Setting | Requirements |
True / False | macOS 10.12+ |
Allow iCloud Address Book
Controls syncing of Contacts.
Setting | Requirements |
True / False | macOS 10.12+ |
Allow iCloud Desktop and Documents
Controls the iCloud Drive “Desktop & Documents” sync feature.
Setting | Requirements |
True / False | macOS 10.12.4+ |
Allow iCloud Mail
Controls use of iCloud Mail services.
Setting | Requirements |
True / False | macOS 10.12+ |
Allow iCloud Notes
Controls syncing of Notes via iCloud.
Setting | Requirements |
True / False | macOS 10.12+ |
Allow iCloud Reminders
Controls syncing of Reminders via iCloud.
Setting | Requirements |
True / False | macOS 10.12+, iOS 5+, iPadOS 5+ |
Allow Enterprise Book Backup
Controls backup of Enterprise Books.
Setting | Requirements |
True / False | iOS 8+, iPadOS 8+, supports user enrollment |
Allow Enterprise Book Metadata Sync
Controls sync of highlights, notes, and metadata for Enterprise Books.
Setting | Requirements |
True / False | iOS/iPadOS 8+ |
Allow Shared Stream
Disables Shared Photo Streams (Shared Albums).
Setting | Requirements |
True / False | iOS 6–17, iPadOS 6–17 |
On unsupervised devices, Shared Stream restriction is deprecated.
Allow iCloud Photo Library
Controls iCloud Photos (formerly iCloud Photo Library).
Setting | Requirements |
True / False | iOS 7–17, iPadOS 7–17 |
Allow Photo Stream
Controls My Photo Stream functionality.
Setting | Requirements |
True / False | iOS 5–17, iPadOS 5–17 |
Allow iCloud Back to My Mac
Controls the deprecated Back to My Mac feature.
Setting | Requirements |
True / False | — (macOS <10.15 only) |
Allow iCloud Private Relay
Controls Apple’s privacy-focused Private Relay feature.
Setting | Requirements |
True / False | macOS 12+, iOS 15+, iPadOS 15+ |
Allow iCloud Freeform
Controls syncing of Freeform app boards through iCloud.
Setting | Requirements |
True / False | macOS 14+ |
Best Practices
Disable iCloud Drive for sensitive environments requiring strict local data storage.
Disable iCloud Backup on shared or corporate-owned devices.
Allow iCloud Keychain only if password sync is permitted under your compliance requirements.
Disable iCloud Photos on devices where photo exfiltration risks exist.
Combine with:
Apple Security Policy
Apple Restrictions Policy
Apple Managed Apple ID setup
How to Configure
Open the Swif Admin Console
Navigate to Policies → Create New Policy
Select the Apple iCloud Policy
Configure each iCloud feature according to your organization’s needs
Click Continue
Assign the policy to devices or device groups
Save and apply
Devices will enforce the settings on the next MDM sync.
Troubleshooting
Some iCloud restrictions are not applying
Ensure device is supervised (many iCloud restrictions require this).
Verify device OS meets the minimum version.
Check that the user is signed in to iCloud (some restrictions apply only after sign-in).
Photos/iCloud Drive still syncing
Confirm multiple iCloud features aren’t overriding one another.
Restart the device after applying the policy.