Gatekeeper technology and runtime protection ensures that only trusted software runs on a user’s macOS device.
Gatekeeper verifies that software, plug-ins, and installer packages that users download outside of the Apple App Store are safe to use. Gatekeeper also verifies that downloads originate from identified developers, the downloads have not been altered or contain malicious content, and user approval is requested before the software is opened for the first time.
When the Gatekeeper Control policy is applied to a device, it controls which applications are allowed to install and run based on selected options, such as only allowing downloads from the App Store’s identified developers.
To create a Gatekeeper Control Policy for Mac:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Policy Management.
- In the All tab, click (+).
- On the New Policy panel, select the Mac tab.
- Select the Gatekeeper Control policy from the list, then click configure.
- (Optional) In the Policy Name field, enter a new name for the policy or keep the default. Policy names must be unique.
- (Optional) In the Policy Notes field, enter details like when you created the policy, where you tested it, and where you deployed it.
- Under Settings, select Enable Gatekeeper Control to allow the user to download and install apps from the App Store.
- Select Allow Apps From Identified Developers to allow apps from identified developers who sign their applications with Apple credentials.
- Select Disable Gatekeeper Override to prevent a user from overriding the Gatekeeper control by opening apps with the context menu in Finder.
- (Optional) Select the Device Groups tab. Select one or more device groups where you'll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
- (Optional) Select the Devices tab. Select one or more devices where you'll apply this policy.
- Click save.