Workforce Identity
Endpoint Management
Endpoint Detection & Response
Vulnerability Management
Compliance Automation
Trust Center
FileVault
Published by Apple, Inc.
Enable full-disk encryption on Mac devices using Apple's FileVault technology to protect data at rest with XTS-AES-128 encryption. Configure FileVault to require user authentication at startup, manage recovery key escrow options, and enforce encryption policies across your devices. Deploy this profile to ensure compliance with data protection regulations, safeguard sensitive information on lost or stolen devices, and maintain centralized control over encryption settings. Supports both institutional recovery keys and personal recovery keys for flexible key management strategies.
Configure BitLocker drive encryption on Windows devices to protect data at rest through full-disk encryption using AES 128-bit or 256-bit algorithms. Manage encryption methods, authentication requirements (TPM, PIN, startup key), recovery key storage, and enforcement policies for operating system drives, fixed data drives, and removable drives. Deploy this profile to ensure compliance with data protection regulations, safeguard sensitive information on lost or stolen devices, and enforce consistent encryption standards across your Windows devices while maintaining centralized recovery key management.
Gatekeeper enforces code signing and notarization requirements to protect Mac devices from malicious software. Configure policies to allow applications from the App Store only, identified developers, or custom trust settings. Manage security assessments for downloaded files, control Gatekeeper bypass permissions, and enforce application execution policies across your Apple devices. Essential for organizations maintaining security compliance while balancing user productivity needs and managing software deployment workflows.
Configure firewall rules and network security policies for Mac devices to control inbound and outbound network traffic. Define application-specific firewall rules, enable stealth mode to prevent network discovery, block all incoming connections, or allow signed applications automatically. Deploy this profile to enforce consistent network security policies across managed devices, protect endpoints from unauthorized access, and ensure compliance with organizational security requirements. Essential for securing devices in enterprise, education, and remote work environments.