Workforce Identity
Endpoint Management
Endpoint Detection & Response
Vulnerability Management
Compliance Automation
Trust Center
Gatekeeper
Published by Apple, Inc.
Gatekeeper enforces code signing and notarization requirements to protect Mac devices from malicious software. Configure policies to allow applications from the App Store only, identified developers, or custom trust settings. Manage security assessments for downloaded files, control Gatekeeper bypass permissions, and enforce application execution policies across your Apple devices. Essential for organizations maintaining security compliance while balancing user productivity needs and managing software deployment workflows.
Configure Avert settings to establish comprehensive malware detection and prevention policies that protect managed endpoints from malicious software, potentially unwanted programs (PUPs), and security threats. This profile enables IT administrators to define organizational threat tolerance levels, create custom allow and block lists for specific applications or file types, and enforce real-time threat response actions. Avert provides layered security by combining signature-based detection with behavioral analysis to identify emerging threats while offering granular control over application execution policies, ensuring endpoints remain secure without impacting legitimate business operations or user productivity.
Control device behavior and security with granular configuration policies across your Apple devices. Apply comprehensive restrictions to manage functionality, security settings, and user experience—from app limitations and content filters to hardware features and network controls. Supervision-required options unlock advanced restrictions for iPhone, iPad, Apple TV, and Vision Pro devices, enabling deeper organizational control.
Enable deployment and management of Mac System Extensions that provide essential low-level functionality including network filtering, endpoint security monitoring, and hardware driver support. Configure allowed team identifiers and bundle identifiers to authorize specific extensions, control user approval requirements, and manage extension types such as Network Extensions, Endpoint Security Extensions, and DriverKit extensions. Deploy this profile to ensure critical security tools, VPN clients, and system utilities function properly while maintaining control over which extensions can load on managed devices.