Extensions MDM payload settings for Apple devices
Use the Extensions payload to control which extensions can be used on a Mac computer enrolled in a mobile device management (MDM) solution.
The Extensions payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.NSExtension
Supported operating systems and channels: macOS device, macOS user.
Supported enrollment methods: Device Enrollment, Automated Device Enrollment.
Duplicates allowed: True—more than one Extensions payload can be delivered to a user or device.
You can use the settings in the table below with the Extensions payload.
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Allowed extensions | Add the bundle identifier for each extension allowed to run on the Mac. Any extensions not listed are unable to run. | No | |||||||||
Disallow all extension points | Users can’t use any extension points for their Mac. | No | |||||||||
Allow all extension points | Users can use all extension points except ones you specify can’t be used. | No | |||||||||
Disallow some extensions points | Disallow specific extensions by their bundle identifier and also disallow specific extension points:
| No |
Note: Each MDM vendor implements these settings differently. To learn how various Extensions settings are applied to your devices and users, consult your MDM vendor’s documentation.