Windows: Which OS Really Is the Best? When it comes to performance, usability, security, and specific tasks, which of the two leading desktop operating systems reigns supreme? Deploy and configure the new OneDrive sync app for Mac. 2/27/2020; 5 minutes to read +2; In this article. This article is for IT administrators managing OneDrive settings in work or school environments. If you're not an IT administrator, read Get started with the new OneDrive sync app on Mac OS X.
-->This article lists and describes the different compliance settings you can configure on macOS devices in Intune. As part of your mobile device management (MDM) solution, use these settings to set a minimum or maximum OS version, set passwords to expire, and more.
- Microsoft To-Do review: Finally check that new Mac to-do app off your list Complete with color-coded lists, themes, the ability to break tasks into manageable steps, sharing lists or tasks,.
- Jan 29, 2020 From team meetings to live streaming, or dialing into a conference call, Microsoft Teams is designed for all your meeting needs.
- Oct 22, 2019 Mac App Store and identified developers - Install apps for the Mac app store and from identified developers. MacOS checks the identity of developers, and does some other checks to verify app integrity. If a user selects Gatekeeper to install apps outside these options, then.
This feature applies to:
- macOS
As an Intune administrator, use these compliance settings to help protect your organizational resources. To learn more about compliance policies, and what they do, see get started with device compliance.
Microsoft To Do Mac App
Before you begin
Create a compliance policy. For Platform, select macOS.
Device Health
- Require a system integrity protection:
- Not configured (default) - This setting isn't evaluated for compliance or non-compliance.
- Require - Require macOS devices to have System Integrity Protection (opens Apple's web site) enabled.
Device Properties
- Minimum OS required:
When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The device user can choose to upgrade their device. After that, they can access organization resources. - Maximum OS version allowed:
When a device uses an OS version later than the version in the rule, access to organization resources is blocked. The device user is asked to contact their IT administrator. The device can't access organization resources until a rule changes to allow the OS version. - Minimum OS build version:
When Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a minimum allowed build number on the device. - Maximum OS build version:
When Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a maximum allowed build number on the device.
![Mac Mac](/uploads/1/2/6/6/126645419/178653542.jpg)
System security settings
Password
- Require a password to unlock mobile devices:
- Not configured (default)
- Require Users must enter a password before they can access their device.
- Simple passwords:
- Not configured (default) - Users can create passwords simple like 1234 or 1111.
- Block - Users can't create simple passwords, such as 1234 or 1111.
- Minimum password length:
Enter the minimum number of digits or characters that the password must have. - Password type:Choose if a password should have only Numeric characters, or if there should be a mix of numbers and other characters (Alphanumeric).
- Number of non-alphanumeric characters in password:
Enter the minimum number of special characters, such as&
,#
,%
,!
, and so on, that must be in the password.Setting a higher number requires the user to create a password that is more complex. - Maximum minutes of inactivity before password is required:
Enter the idle time before the user must reenter their password. - Password expiration (days):
Select the number of days before the password expires, and they must create a new one. - Number of previous passwords to prevent reuse:
Enter the number of previously used passwords that can't be used.
Important
When the password requirement is changed on a macOS device, it doesn’t take effect until the next time the user changes their password. For example, if you set the password length restriction to eight digits, and the macOS device currently has a six digits password, then the device remains compliant until the next time the user updates their password on the device.
Encryption
- Encryption of data storage on a device:
- Not configured (default)
- Require - Use Require to encrypt data storage on your devices.
Device Security
Firewall protects devices from unauthorized network access. You can use Firewall to control connections on a per-application basis.
- Firewall:
- Not configured (default) - This setting leaves the firewall turned off, and network traffic is allowed (not blocked).
- Enable - Use Enable to help protect devices from unauthorized access. Enabling this feature allows you to handle incoming internet connections, and use stealth mode.
- Incoming connections:
- Not configured (default) - Allows incoming connections and sharing services.
- Block - Block all incoming network connections except the connections required for basic internet services, such as DHCP, Bonjour, and IPSec. This setting also blocks all sharing services, including screen sharing, remote access, iTunes music sharing, and more.
- Stealth Mode:
- Not configured (default) - This setting leaves stealth mode turned off.
- Enable - Turn on stealth mode to prevent devices from responding to probing requests, which can be made my malicious users. When enabled, the device continues to answer incoming requests for authorized apps.
Gatekeeper
For more information, see Gatekeeper on macOS (opens Apple's web site).
Allow apps downloaded from these locations: Allows supported applications to be installed on your devices from different locations. Your location options:
- Not configured (default) - The gatekeeper option has no impact on compliance or non-compliance.
- Mac App Store - Only install apps for the Mac app store. Apps can't be installed from third parties nor identified developers. If a user selects Gatekeeper to install apps outside the Mac App Store, then the device is considered not compliant.
- Mac App Store and identified developers - Install apps for the Mac app store and from identified developers. macOS checks the identity of developers, and does some other checks to verify app integrity. If a user selects Gatekeeper to install apps outside these options, then the device is considered not compliant.
- Anywhere - Apps can be installed from anywhere, and by any developer. This option is the least secure.
Next steps
- Add actions for noncompliant devices and use scope tags to filter policies.
- Monitor your compliance policies.
- See the compliance policy settings for iOS devices.
This article is for IT administrators managing OneDrive settings in work or school environments. If you're not an IT administrator, read Get started with the new OneDrive sync app on Mac OS X.
Manage OneDrive settings on macOS using property list (Plist) files
Use the following keys to preconfigure or change settings for your users. The keys are the same whether you run the store edition or the standalone edition of the sync app, but the property list file name and domain name will be different. When you apply the settings, make sure to target the appropriate domain depending on the edition of the sync app.
Standalone | Mac App Store | |
---|---|---|
PList Location | ~/Library/Preferences/com.microsoft.OneDrive.plist | ~/Library/Containers/com.microsoft.OneDrive-mac/Data/Library/Preferences/com.microsoft.OneDrive-mac.plist |
Domain | com.microsoft.OneDrive | com.microsoft.OneDrive-mac |
Deploy the sync app settings
Deploy the settings on macOS in the typical way:
- Quit the OneDrive application.
- Define the settings you want to change by creating a Plist with the values, or use a script to set the default values.
- Deploy the settings onto the local computer.
- Refresh the preferences cache.On the next start of OneDrive, the new settings will be picked up.
Overview of settings
The following table lists all the settings that are currently exposed for the OneDrive sync app. You need to configure the parameters in parentheses.
Mac Os X Download Free
Setting | Description | Parameters | Example Plist Entry |
---|---|---|---|
Disable personal accounts | Blocks users from signing in and syncing files in personal OneDrive accounts. If this key is set after a user has set up sync with a personal account, the user will be signed out. | DisablePersonalSync (Bool): When set to true, this parameter prevents users from adding or syncing personal accounts. | <key>DisablePersonalSync</key> <(Bool)/> |
Default folder location | Specifies the default location of the OneDrive folder for each organization | TenantID (String): TenantID determines which accounts the default folder location setting should apply to. Find your Office 365 tenant ID DefaultFolderPath (String): DefaultFolder specifies the default folder location. Mac App Store: The path must already exist when users set up the sync app. Standalone: The path will be created on users' computers if it doesn't already exist. Only with the Standalone sync app can you prevent users from changing the location. | <key>Tenants</key> <dict> <key>(TenantID)</key> <dict> <key>DefaultFolder</key> <string>(DefaultFolderPath)</string> </dict> </dict> |
Automatic upload bandwidth percentage | Enables the sync app to automatically set the amount of bandwidth used based on available bandwidth for uploading files | AutomaticUploadBandwidthPercentage (int): This parameter determines the percentage of local upload bandwidth that the sync app can use. Accepted values are from 1 through 99. | <key>AutomaticUploadBandwidthPercentage</key> <int>(Bandwidth)</int> |
Set maximum upload throughput | Sets the maximum upload throughput rate in kilobytes (KB)/sec for computers running the OneDrive sync app | UploadBandwidthLimited (int): This parameter determines the upload throughput in KB/sec that the sync app can use. The minimum rate is 50 KB/sec and the maximum rate is 100,000 KB/sec. | <key>UploadBandwidthLimited</key> <int>(Upload Throughput Rate in KB/sec)</int> |
Set maximum download throughput | Sets the maximum download throughput rate in kilobytes (KB)/sec for computers running the OneDrive sync app | DownloadBandwidthLimited (int): This parameter determines the download throughput in KB/sec that the sync app can use. The minimum rate is 50 KB/sec and the maximum rate is 100,000 KB/sec. | <key>DownloadBandwidthLimited</key> <int>(Download Throughput Rate in KB/sec)</int> |
Dock icon | Specifies whether a dock icon for OneDrive is shown | HideDockIcon (Bool): When set to true, this parameter hides the OneDrive dock icon even when the application is running. | <key>HideDockIcon</key> <(Bool)/> |
Open at login | Specifies whether OneDrive starts automatically when the user logs in | OpenAtLogin (Bool): When set to true, OneDrive will start automatically when the user logs in on the Mac. | <key>OpenAtLogin</key> <(Bool)/> |
Enable Files On-Demand | Specifies whether Files On-Demand is enabled. If you don't set this setting, Files On-Demand will be enabled automatically as we roll out the feature, and users can turn the setting on or off | FilesOnDemandEnabled (Bool): When set to true, new users who set up the sync app will download online-only files by default. When set to false, Files On-Demand will be disabled and users won't be able to turn it on. | <key>FilesOnDemandEnabled</key> <(Bool)/> |
Disable download toasts | Prevents toasts from appearing when applications cause file contents to be downloaded | DisableHydrationToast (Bool): When set to true, toasts will not appear when applications trigger the download of file contents. | <key>DisableHydrationToast</key> <(Bool)/> |
Block apps from downloading online-only files | Prevents applications from automatically downloading online-only files. You can use this setting to lock down applications that don't work correctly with your deployment of Files On-Demand. | HydrationDisallowedApps (String): Json in the following format [{'ApplicationId':'appId','MaxBundleVersion':'1.1','MaxBuildVersion':'1.0'}] 'AppID' can be either the BSD process name or the bundle display name. MaxBuildVersion denotes the maximum build version of the application that will be blocked. MaxBundleVersion denotes the maximum bundle version of the application that will be blocked | <key>HydrationDisallowedApps </key> <string> [{'ApplicationId':'appId','MaxBundleVersion':'1.1','MaxBuildVersion':'1.0'}, {'ApplicationId':'appId2','MaxBundleVersion':'3.2','MaxBuildVersion':'2.0'}] </string><(Bool)/> |
SharePoint Server Front Door URL | Specifies the SharePoint Server 2019 on-premises URL that the OneDrive sync app should try to authenticate and sync against | SharePointOnPremFrontDoorUrl (string): The URL of the on-premises SharePoint Server. | <key>SharePointOnPremFrontDoorUrl</key> <string>https://Contoso.SharePoint.com</string> |
SharePoint Server Tenant Name | Specifies the name of the folder created for syncing the SharePoint Server 2019 files specified in the Front Door URL. | SharePointOnPremTenantName (string): The name that will be used when creating a folder to sync the on-premises SharePoint Server files. If specified, the folder names will take the form of: OneDrive – TenantName TenantName If not specified, the folder names will use the first segment of the FrontDoorURL as the Tenant Name. Example - https://Contoso.SharePoint.com will use Contoso as the Tenant Name | <key>SharePointOnPremTenantName</key> <string>Contoso</string> |
SharePoint OnPrem Prioritization | For hybrid scenarios where the email is the same for both SharePoint Server on-premises and SharePoint Online, determines whether or not the client should set up sync for SharePoint Server or SharePoint Online first during the first-run scenario. | SharePointOnPremPrioritizationPolicy (int): This parameter determines which service to attempt to authenticate against for setting up sync. 1 indicates OneDrive should setup SharePoint Server on-premises first, followed by SharePoint Online. | <key>SharePointOnPremPrioritizationPolicy</key> <int>(0 or 1)</int> |
BlockExternalSync | Prevents the sync app from syncing libraries and folders shared from other organizations. | BlockExternalSync (Bool): Set to true to prevent syncing OneDrive for Business and SharePoint libraries and folders from organizations other than the user's own organization. Set to false or do not include the setting to allow. Learn about OneDrive B2B Sync. | <key>BlockExternalSync</key> <(Bool)/> |
Microsoft To Do Mac Os X App Nap And Memory
You can also configure the OneDrive Standalone sync app to receive delayed updates.
PList Location | ~/Library/Preferences/com.microsoft.OneDriveUpdater.plist |
Domain | com.microsoft.OneDriveUpdater |
Setting | Description | Parameters | Example Plist Entry |
---|---|---|---|
Tier | Defines the update ring for the computer | UpdateRing (String): This parameter has two different values. Production - The default update ring for OneDrive updates. Insiders - This update ring receives updates that are 'pre-production' and will allow you to play with features before they are released. Note that builds from this ring may be less stable. Enterprise - This update ring receives updates after they have rolled out through the Production ring. It also lets you control the deployment of updates. For more info about the update rings and how the sync app checks for updates, see The OneDrive sync app update process. | <key>Tier</key> <string>(UpdateRing)</string> |