Privacy Preferences Policy Control

On macOS 10.14 or later, you must allow apps to access certain files and allow access to application data. For example, if an app requests access to your Calendar data, a user can allow or deny the request. Using Jamf School, you can manage these requests using the Privacy Preferences Policy Control payload.

With the Privacy Preferences Policy Control payload, you can control the settings displayed in System Preferences > Security & Privacy > Privacy such as Calendar, Reminders, Photos, Camera, Microphone, and Accessibility. You can also control advanced options that control communication between applications such as Post Events, System Policy (sysadmin), All Files, and Apple Events.

Configuring a Privacy Preferences Policy Control Profile for Computers


When configuring the Privacy Preferences Policy Control payload, you must specify the bundle of an application as well as the code requirement to enhance the security of the payload. You can fetch the code requirement of an app by executing a command similar to the following in Terminal:

codesign -display -r - /Applications/

The code requirements are displayed after "designated=>".

  1. In Jamf School, navigate to Profiles in the sidebar.
  2. Click + Create Profile.
  3. Select the macOS operating system.
  4. Select the type of enrollment you want to make the profile for.
  5. Enter a name in the Profile name field and configure the additional settings as needed, including the removal policy and time filter.
  6. Click Finish.
  7. To configure the profile settings, click the profile you want to configure.
  8. Use the Scope payload to configure the scope of the profile by clicking the + icon and adding device groups to the profile scope.
  9. Using the Security & Privacy payload, configure the basic settings in the General tab.
  10. Click the Privacy tab and configure the applications allowed to access data by doing the following:
    1. Click Add new.
    2. Click Select application.
    3. In the Application pop-up modal, enter a name and an identifier for the app.
  11. Click Save.