Detections
Analytics

2.1.1.6 Audit Find My Mac

Information

Find My is Apple's consumer solution for device tracking of your devices. This allows a user to track the location of devices associated with their Apple ID. This is a great solution for consumer or user device management and tracking, but it is not meant to be an enterprise management solution to device tracking and information management on enterprise managed devices. There are multiple enterprise MDM solutions for managing organizational devices.

An enterprise solution should be used for tracking and information management of all devices, including Apple devices. Apple's Find My solution only handles Apple devices. If no enterprise solution is available, Find My provides capabilities for a user to manage and track Apple devices. It is not designed as an enterprise solution, and should not be used as one. It is better to allow the user to track devices that use their Apple ID than to have no tracking at all.

Solution

Graphical Method:

Perform the following steps to set Security Keys is set to your organization's requirements:

 - Open System Settings
 - Select Apple ID
 - Select iCloud
 - Select Show More Apps..
 - Set Find My Mac is set to your organization's requirements

Profile Method:

Create or edit a configuration profile with the following information:

 - The PayloadType string is com.apple.applicationaccess
 - The key to include is allowFindMyDevice
 - The key must be set to <<true/>or<false/>> depending on your organization's requirements

Note: Find My Device should only be disabled if your organization is using an enterprise solution for tracking devices.

Note: This key does not fully disable Find My Device. It removes the Device tab in the Find My... app. The key allowFindMyFriends can also be used to disable the Friends tab in the app as well. The DisableFMMiCloudSetting key in the com.apple.icloud.managed PaylodType can disable the Find My setting, but does not disable it if it is already enabled.

Impact:

There should be no impact on the user while using the device. If someone other than the user has access to tracking information, this can impact the user and needs to be researched. Users should audit to ensure that only authorized people have access to your location. Using multiple solutions for device tracking can unnecessary complexity.

One of the advantages of Find My... is that personal tracking is under the context of the user that is signed into their Apple Account on devices and that is secured against unauthorized access. Blocking this solution in favor of enterprise tools could result in personal information loss including the collection, and possible misuse, of personal location information. Organizations should make a risk assessment on device/user tracking for internal use only.

See Also

https://workbench.cisecurity.org/benchmarks/19973

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|AC-20(1), 800-53|AC-20(2), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: Unix

Control ID: 4bff88526b9e2b9e41c2b197b756cdbcd7bd4cdaac905c459f5e6f974048ce72