FAQ - Managed macOS Features

Why am I not able to access some features on my ECU-managed macOS computer?

We are all responsible for the ECU information in our care. Some default features included with macOS do not comply with security guidelines and ECU regulations and may leave work data vulnerable.

To comply with auditing and regulation requirements, ECU is following the Center for Internet Security (CIS) benchmarks by enabling some features while disabling other, consumer-oriented features.

By following these best practices, we aim to provide users the utility required for work while protecting ECU data.

Which features are enabled?

  • Apple Account
  • Continuity Camera
  • Sidecar
  • Address Book
  • Free Form
  • Calendar

Which features are disabled?

Please Note: These disabled services have been identified as a possible avenue for ECU data to accidentally cross over to personal accounts which is not allowed. 

  • iCloud Backup
  • iCloud Keychain
  • iCloud Drive
  • iCloud AirDrop
  • iCloud Handoff
  • iCloud SharePlay/Screen Control
  • iCloud Notes
  • iCloud Photo Library/Photo Stream
  • iCloud Private Relay
  • iCloud Reminders
  • iCloud Messages
  • Screen Sharing
  • Apple Pay/Wallet
  • HomeKit
  • Family Sharing (consumer-oriented app) – Allows sharing of Apple services like iCloud storage with other family members. Sharing iCloud storage and photos with others is a concern if ECU data is unknowingly backed up to the iCloud space.
  • TV app (consumer-oriented app) -  Used to discover and watch TV on your device.
  • Game downloads – Default games that come with macOS are not affected. However, games downloaded by the user will be blocked.
  • Home app – (consumer-oriented app) Controls smart home products; uses iCloud keychain which contains all the user’s passwords, both personal and ECU-related. Not secure.
  • Password sharing – ECU does not allow any type of password sharing.
  • iCloud sync iCloud is NOT approved storage of ECU data. Approved storage for ECU data is Microsoft OneDrive cloud storage and Piratedrive.

What if I need any of these apps or services for my ECU work?

Submit an ECU Technology Request form through the ECUPORT system to request a software exception.

""

The Software and Data Collection Services Acquisition Regulation requires all software - purchased and free - "to be reviewed by the Technology Acquisition Committee for duplication/replication of an existing software/service, compatibility with existing infrastructure and applications, security and accessibility of the software or services and risks associated with its use" (https://policy.ecu.edu/080511/).

If the software stores or uses sensitive data but has not had a Technology Security Assessment, submit the TSA request. Part of this assessment addresses installation and remote access. If the software stores, processes, or transmits sensitive data, data steward(s) or committee(s) approval is required to prior to installation.

Why can’t I use the Family Sharing, Wallet & Apple Pay features?

These consumer-oriented features are disabled for ECU-managed systems to prevent accidental sharing of ECU data.

Family sharing allows a group to share access to Apple services like Apple Music, Apple TV+, iTunes, Apple Books and app store purchases as well as an iCloud storage plan and family photo album. Sharing iCloud space and photos with others is a concern if ECU data is unknowingly stored in that iCloud space (see the approved ECU data storage information in the Related Articles section.)

I see that Game Center is also disabled.

This consumer-oriented app allows access to game saves, high scores and friends on all Apple devices, both work and personal, through iCloud.

Apple’s Game Center terms document states the service allows participation in leader boards, multi-player games and tracking achievements. Use of this service could require certain software and fees may apply.

Other excerpts from the terms explain that:

  • “The personal information you share is visible to other users and can be read, collected or used by them. You are responsible for the personal information you choose to submit.“
  • “Features allow you to submit materials (including links to third-party content) on areas of the Service accessible and viewable by the public.”
  • “You agree to provide accurate and complete information in connection with your submission of any materials on the Service or in providing or marketing the Service, without any compensation or obligation to you.”

Will I be able to control lights and other smart home devices through the HOME app?

This computer-oriented feature is disabled as it requires that iCloud keychain be enabled. iCloud keychain contains all the user's  passwords, both personal and ECU-related and could leave this information vulnerable.

Can I share my WiFi password between my ECU-managed macOS computer and iOS phone?

No. ECU does not allow any kind of password sharing.

Why am I not able to sync my documents and desktop to iCloud?

iCloud is not an approved storage service for ECU data. For more information, see the article, File Storage Security, linked in the related articles section. Also helpful is the Storage Feature Comparison: OneDrive & Pirate.

What happens if I try to install a blocked program?

The program can be installed but will be automatically blocked on launch. A pop-up message will alert you that the program has been terminated or blocked.

Print Article

Related Articles (1)

Overview - ECU-Managed Computers & Default Features
Some default features included with the macOS and Windows operating systems do not comply with security guidelines or ECU regulations and are blocked on ECU-managed computers. Other features are managed by IT admins.