Service configuration files declarative configuration for Apple devices
Use the Service configuration files configuration to provide managed settings for common system services in a robust and tamper-resistant way. When the configuration is activated, the archive is downloaded and expanded into a special tamper-proof, service-specific location. The service-specific location can be found by calling a function in a public library, so that any service can adopt managed service configuration files. The following built-in services are modified to look for the managed service configuration files, which take precedence over built-in settings:
sshdsudoPAMCUPSApachezsh (/private/etc/zprofile)bash (/private/etc/profile)
The Service configuration files configuration supports the following:
Minimum supported operating system versions and channels: macOS 14 device.
Requires supervision: Yes.
Supported enrollment methods: Device Enrollment, Automated Device Enrollment.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
ServiceType | The identifier of the system service the managed configuration files are related to. Use a reverse DNS style for this identifier. | Yes | |||||||||
DataAssetReference | An asset declaration that contains the service configuration files. The files must be distributed as a .zip archive of a directory that can contain one or many files and that should mirror the layout of the directory it replaces. | Yes | |||||||||
Note: Each MDM vendor implements these settings differently. To learn how various Service configuration files’ settings are applied to your devices and users, consult your MDM vendor’s documentation.