Configuration guide: macOS compliance
The configuration options on this page are only accessible to administrators.
Refer to the Usage guide: macOS compliance to use library content as a standard user.
This library pack will help you monitor and manage macOS operating systems to ensure stability, compliance, and performance. This page will guide you through the structure of the content.
Prerequisites
This library pack contains content from the following required expansion products:
Some of these products offer default access to their respective content and can still be used without expansion products.
To learn more about default thresholds for expansion products, visit the extended documentation.
Included content and dependencies
This library pack contains the following content and dependencies:
macOS compliance
Helps to monitor and manage macOS operating systems to ensure their stability, compliance, and performance
none
Get XProtect status
Provides information about the status of the macOS XProtect (macOS built-in antivirus software) automatic update setting on macOS devices.
Required to populate specific dashboard widgets.
Get firewall options
Provides information about the status of the macOS firewall on macOS devices.
Required to populate specific dashboard widgets.
Invoke macOS enterprise compliance
This remote action provides information about the status of macOS, performing a compliance evaluation on macOS devices by checking several configurations related to security settings, certificate checks, and software validations.
Required to populate specific dashboard widgets.
Get encryption information
Gets an APFS file system disk encryption and decryption information in addition to checking whether FileVault is enabled or not.
Required to populate specific dashboard widgets.
Get macOS updates and restart information
Gets information about macOS devices - the number of days since the last restart, whether there are pending updates, a list of names of pending updates, and others.
Required to populate specific dashboard widgets
Test pending reboot
Checks if the device is waiting to reboot for an update.
Required to populate specific dashboard widgets.
Set firewall options
Configures firewall settings under System Preferences - Security & Privacy - Firewall on macOS devices.
none
Set auto updates
Configures additional macOS automatic update settings under System Preferences - Software Update - Advanced on macOS devices.
noone
OS targeted quality update version
Defines the target quality update versions of Windows and macOS operating systems.
Required to populate specific dashboard widgets.
OS supported version
Determines which Windows and macOS operating system versions, editions, and builds are supported.
Required to populate specific dashboard widgets.
OS targeted feature update version
Defines the target feature update versions of Windows operating systems. Typically, this custom field requires version updates every month.
Required to populate specific dashboard widgets.
Configuring macOS compliance
Adapt these suggested configuration steps to edit and customize content according to your organizational needs.
Follow these steps to install and configure content:
Before configuration - Install library pack content from Nexthink Library
Step 1 - Configure remote actions
Step 2 - Configure custom fields
Step 1 - Configure remote actions
Navigate to the manage remote actions administration page to review and edit your remote actions.
We recommend the following configurations for these remote actions:
Get XProtect status
Scheduled, daily
Get firewall options
Scheduled, daily
Invoke macOS enterprise compliance
Scheduled, daily
Get encryption information
Scheduled, daily
Get macOS updates and restart information
Scheduled, daily
Set firewall options
Manual, can be triggered on multiple devices
Manual actions cannot be scheduled
Set XProtect status
Manual, can be triggered on multiple devices
Manual actions cannot be scheduled
Set auto updates
Manual, can be triggered on multiple devices
Manual actions cannot be scheduled
Step 2 - Configure custom fields
Navigate to the manage custom fields administration page to review and edit your custom fields.
Operating system versions in the custom fields below are subject to change due to regular patches released by vendors and Apple and Microsoft support policies.
Typically, these versions must be updated in the custom fields once a month to ensure you have the most current patch versions.
We recommend the following configurations for these custom fields:
OS targeted quality update version
os_targeted_quality_update_version
macos_sonoma
device
OS targeted quality update version
os_targeted_quality_update_version
macos_ventura
device
OS targeted quality update version
os_targeted_quality_update_version
macos_monterey
device
OS targeted quality update version
os_targeted_quality_update_version
windows_10_quality_update
device
OS targeted quality update version
os_targeted_quality_update_version
windows_11_quality_update
device
OS targeted feature update version
os_targeted_feature_update_version
windows_10_feature_update
device
OS targeted feature update version
os_targeted_feature_update_version
windows_11_feature_update
device
OS supported version
os_supported_version
macos_unsupported_version
device
OS supported version
os_supported_version
macos_supported_version
device
OS supported version
os_supported_version
windows_unsupported_version
device
OS supported version
os_supported_version
windows_supported_version
device
RELATED TOPICS
Last updated