Apple Mobile File Integrity Disabled¶
Apple Mobile File Integrity (AMFI) enhances the security of the macOS platform by enforcing code signature validation for all apps and executable files that run on macOS devices. During development, temporarily disabling AMFI may be required in order to run and test unsigned or self-signed applications.
Creating a new Apple Mobile File Integrity Disabled policy¶
To create a new Apple Mobile File Integrity Disabled policy:
-
From the Device Posture tab, select + ADD:
-
Select Add to macOS.
The Add new device policy to macOS dialog appears.
Note
The Apple Mobile File Integrity Disabled device policy is currently supported for macOS devices.
-
Select Apple Mobile File Integrity Disabled from the Select policy type dropdown.
-
Configure the following attribute:
- Action: Select Enforce or Review.
-
Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices.
-
Select SAVE.
The policy is created with the configured settings.
Note
When Apple Mobile File Integrity is disabled on a macOS device, an Apple Mobile File Integrity disabled ticket type is created.
The policy can be viewed by selecting the dropdown next to Apple Mobile File Integrity Disabled on the Device Posture tab. See: Device posture configuration overview.
The following policy details are displayed:
-
Device labels applicable to the policy.
-
The action(s) applicable to the policy, for example, Enforce.