Block access to MacOS Migration Assistant

Revilo
New here

Block access to MacOS Migration Assistant

Hi,

 

At my place of work, we've recenty run into a problem with users migrating data from their old laptops, using Apples utility Migration Assistant.

 

This results in the profiles being transferred as well, which blocks the "correct" enrollment of the new device, rendering me unable to remove the profiles from their machines, as it is in a sort of "limbo".

 

My solution so far is, that I'd like to block the program Migration Assistant, as it's required for migration of data.

(I know it is possible for the user to uncheck "Network settings", but I don't trust that they'll read the documentation for a correct migration, which I'd have to make)

 

The idea is to add restrictions to the profile, utilizing "Show or hide apps".

Problem is, that Migration Assistant isn't showing up on the drop-down menu.

 

I've tried to manually add "com.apple.MigrateAssistant" which should be the correct name for the process, but this unfortunately did not work.

 

So if any of you have had succes with this, or something similar, help is much appreciated!

 

Best regards,

Oliver

1 REPLY 1
Hamish_Deas
Just browsing

Re: Block access to MacOS Migration Assistant

Hopefully you've figured this one out by now, but if not I think you should be able to restrict just based on the application name "Migration Assistant" or "Migration Assistant.app".

 

I use a different MDM at my organisation, so can't test this, but I noticed that the Meraki documentation states that using an application identifier only works for iOS + Android, so I'd imagine that may be what's causing this issue.

 

See: App allowing/denying list in security policies - Cisco Meraki

 

Application Name: This is the friendly display name of the app, and can be used across both desktop and mobile devices. Ex. "Google Chrome", "Facebook", "*SMS*".

 

Application Identifier: This can be the unique app ID or bundle ID for an app, and can only be used with iOS and Android. Ex. "com.meraki.sm", "com.google.*", "472572194".

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels