macOS 15 - Sequoia
The macOS system must disable iCloud Desktop and Document folder sync
Description
The macOS system's ability to automatically synchronize a user's Desktop and Documents folder to their iCloud Drive must be disabled.Apple's iCloud service does not provide an organization with enough control over the storage and access of data and, therefore, automated file synchronization must be controlled by an organization-approved service.
Check
Verify the macOS system is configured to disable iCloud Desktop and Document folder synchronization with the following command:/usr/bin/osascript -l JavaScript << EOS$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\.objectForKey('allowCloudDesktopAndDocuments').jsEOSIf the result is not "false", this is a finding.
Fix
Configure the macOS system to disable iCloud Desktop and Document folder synchronization by installing the "com.apple.applicationaccess" configuration profile.