Big Sur - Disable Find My Service

Information

The Find My service _MUST_ be disabled.

A Mobile Device Management (MDM) solution _MUST_ be used to carry out remote locking and wiping instead of Apple's Find My service.

Apple's Find My service uses a personal AppleID for authentication. Organizations should rely on MDM solutions, which have much more secure authentication requirements, to perform remote lock and remote wipe.

Solution

This is implemented by a Configuration Profile.

mobileconfig profile info:

com.apple.applicationaccess:
allowFindMyDevice:
False
allowFindMyFriends:
False
com.apple.icloud.managed:
DisableFMMiCloudSetting:
True

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-20, 800-53|CM-7, 800-53|CM-7(1), CCE|CCE-85426-5

Plugin: Unix

Control ID: 8003c90d07d1e8600e7f2d71e0b6baff3cf60403a1c9e0d0d5d7b22042850c77