iCloud – How to Disable iCloud Drive for Standard Users

icloudiosmacos

We are a small company using several Apple devices. We do not want to store our documents in the Apple cloud for several reasons. Therefore, we haven't activated iCloud Drive on any of our devices.

However, every now and then the user is requested to reconnect to the iCloud, especially after system updates. During this reconnect, the user is usually asked to activate iCloud Drive. The request is made so insistently that it happened that a user has accidentally activated iCloud Drive on his device. I am looking for a way to disable this.

Is there a way to disable the option that a user can activate iCloud Drive? I guess it is not possible on an iOS device, but is there a way on Macs at least?

Best Answer

It is possible to disable iCloud Drive in both, macOS and iOS, using a profile.

A profile can be created using the Apple Configurator. Under Restrictions, disable (uncheck) Allow iCloud documents & data to create a profile that disables the iCloud Drive setting in the system preferences.

This is done by setting allowCloudDocumentSync to false as shown in this example mobileconfig here.

After installing the profile, the iCloud Drive option is greyed out in the system preferences.

For the sake of completeness, here is a copy of the example profile:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadDescription</key>
            <string></string>
            <key>PayloadDisplayName</key>
            <string>Restrictions</string>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>B315497E-0527-4FD1-926C-7071895B6992</string>
            <key>PayloadOrganization</key>
            <string>Company Name Here</string>
            <key>PayloadType</key>
            <string>com.apple.applicationaccess</string>
            <key>PayloadUUID</key>
            <string>B315497E-0527-4FD1-926C-7071895B6992</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>allowCloudDocumentSync</key>
            <false/>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Prevents iCloud Drive and iCloud Document Sync from being enabled.</string>
    <key>PayloadDisplayName</key>
    <string>Disable iCloud Drive</string>
    <key>PayloadEnabled</key>
    <true/>
    <key>PayloadIdentifier</key>
    <string>8942D1B1-C883-4EA2-8E3E-A3DB5ABD60B2</string>
    <key>PayloadOrganization</key>
    <string>Company Name Here</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>8942D1B1-C883-4EA2-8E3E-A3DB5ABD60B2</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

As mentioned in Apple's Configuration Profile Reference, it seems to be possible to also skip the iCloud storage setup window by including the property SkipiCloudStorageSetup with a value of true, but I haven't tested that.

Note that the same approach can be used to disable other iCloud services that might be unwanted due to security considerations, such as iCloud backup or iCloud keychain.

Related Question