XML code for Application Blacklisting and Whitelisting in MacOS


#1

Hi All,

We are planning to manage / enroll MacBook with Intune and we would need help with XML code to blacklist/white-list application.
In addition, we also need to blacklist Keychain access as it allows to exports certificates.

Any help would be appreciated.

Thanks


#2

I recommend you install Apple Server and setup profile manager.

Profile manager has a GUI where you can build restrictions to whitelist apps on macOS

More details about profile manager here: Apple Profile Manager


#3

Sure, thanks for the information. Let me check on this . Mainly the purpose is we are using MS Intune and we do not have much option in Intune to restrict .


#4

You can build the profile in Profile Manager export the XML and import it into Intune


#5

HI @daniil_michine I tried the profile manager way. I could not find a option where i could block access to KEYCHAIN ACCESS ( icloud keychain is available) the reason we would like to block is disallow export of certificates


#6

I am not sure you can block keychain as the user account would still need to be able to use the keychain in order to access the certificates inside.

Perhaps you can put the certificates into a system keychain so that the user cannot unlock and the keychain and take out the certificates?