Apple Device Policy Explorer
Back to Explorer
GitHub YAMLApple Docs

Disk Management:Settings ()

The declaration to configure disk management settings on the device.

macOS(15.0)
Branch: release

Settings (3)

SettingTypeRequiredDefaultManual InstallSupported OS
Restrictions
Restrictions
The restrictions for the disk.
2 subkeys
dictionaryoptional
Yes
macOS (15.0+)
└─
External Storage
ExternalStorage
Specifies the mount policy for external storage: - `Allowed`: The system can mount external storage that is read-write or read-only. - `ReadOnly`: The system can only mount read-only external storage. Note that external storage that is read-write will not be mounted read-only. - `Disallowed`: The system can't mount any external storage.
stringoptional
Yes
macOS (15.0+)
└─
Network Storage
NetworkStorage
Specifies the mount policy for network storage: - `Allowed`: The system can mount network storage that is read-write or read-only. - `ReadOnly`: The system can only mount read-only network storage. Note that network storage that is read-write will not be mounted read-only. - `Disallowed`: The system can't mount any network storage.
stringoptional
Yes
macOS (15.0+)

Apple MDM & DDM Policy Explorer

Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.

Reference: policy categories & common keys

Policy categories

  • Configuration Profile
  • Declarative Configuration
  • Declarative Activation
  • Declarative Asset
  • Declarative Management

Common policy keys

  • com.apple.wifi.managedWi-Fi network configuration
  • com.apple.vpn.managedVPN configuration
  • com.apple.applicationaccessApp and feature restrictions
  • com.apple.security.pkcs1Certificate (PKCS#1) payload
  • com.apple.security.pkcs12Identity certificate (PKCS#12) payload
  • com.apple.security.scepSCEP certificate enrolment
  • com.apple.mail.managedMail account configuration
  • com.apple.eas.accountExchange ActiveSync account
  • com.apple.MCXManaged Client (macOS) preferences
  • com.apple.MCX.FileVault2FileVault 2 disk encryption
  • com.apple.dockmacOS Dock configuration
  • com.apple.screensaverScreensaver configuration
  • com.apple.loginwindowmacOS login window configuration
  • com.apple.systempolicy.managedGatekeeper / system policy
  • com.apple.systempreferencesSystem Preferences pane restrictions
  • com.apple.SoftwareUpdateSoftware update behaviour
  • com.apple.TCC.configuration-profile-policyPrivacy Preferences Policy Control (PPPC)
  • com.apple.notificationsettingsPer-app notification settings
  • com.apple.webcontent-filterWeb content filter
  • com.apple.dnsSettings.managedDNS settings (DoH / DoT)
  • com.apple.relay.managedNetwork relay configuration
  • com.apple.extensiblessoExtensible Single Sign-On
  • com.apple.configuration.passcode.settingsDDM: passcode policy
  • com.apple.configuration.softwareupdate.enforcement.specificDDM: enforced software update
  • com.apple.configuration.services.configuration-filesDDM: service configuration files
  • com.apple.configuration.management.status-subscriptionsDDM: status subscriptions
  • com.apple.activation.simpleDDM: simple activation predicate
  • com.apple.management.organization-infoDDM: organization information