macOSPrivacyAccessControlItem resource type
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Represents per-process privacy preferences.
Properties
Property | Type | Description |
---|---|---|
displayName | String | The display name of the app, process, or executable. |
identifier | String | The bundle ID or path of the app, process, or executable. |
identifierType | macOSProcessIdentifierType | A bundle ID is used to identify an app. A path is used to identify a process or executable. Possible values are: bundleID , path . |
codeRequirement | String | Enter the code requirement, which can be obtained with the command 'codesign –display -r –' in the Terminal app. Include everything after '=>'. |
staticCodeValidation | Boolean | Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature. |
blockCamera | Boolean | Block access to camera app. |
blockMicrophone | Boolean | Block access to microphone. |
blockScreenCapture | Boolean | Block app from capturing contents of system display. Requires macOS 10.15 or later. |
blockListenEvent | Boolean | Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later. |
speechRecognition | enablement | Allow or block access to system speech recognition facility. Possible values are: notConfigured , enabled , disabled . |
accessibility | enablement | Allow the app or process to control the Mac via the Accessibility subsystem. Possible values are: notConfigured , enabled , disabled . |
addressBook | enablement | Allow or block access to contact information managed by Contacts. Possible values are: notConfigured , enabled , disabled . |
calendar | enablement | Allow or block access to event information managed by Calendar. Possible values are: notConfigured , enabled , disabled . |
reminders | enablement | Allow or block access to information managed by Reminders. Possible values are: notConfigured , enabled , disabled . |
photos | enablement | Allow or block access to images managed by Photos. Possible values are: notConfigured , enabled , disabled . |
mediaLibrary | enablement | Allow or block access to music and the media library. Possible values are: notConfigured , enabled , disabled . |
fileProviderPresence | enablement | Allow the app or process to access files managed by another app’s file provider extension. Requires macOS 10.15 or later. . Possible values are: notConfigured , enabled , disabled . |
systemPolicyAllFiles | enablement | Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution. Possible values are: notConfigured , enabled , disabled . |
systemPolicySystemAdminFiles | enablement | Allow app or process to access files used in system administration. Possible values are: notConfigured , enabled , disabled . |
systemPolicyDesktopFolder | enablement | Allow or block access to Desktop folder. Possible values are: notConfigured , enabled , disabled . |
systemPolicyDocumentsFolder | enablement | Allow or block access to Documents folder. Possible values are: notConfigured , enabled , disabled . |
systemPolicyDownloadsFolder | enablement | Allow or block access to Downloads folder. Possible values are: notConfigured , enabled , disabled . |
systemPolicyNetworkVolumes | enablement | Allow or block access to network volumes. Requires macOS 10.15 or later. Possible values are: notConfigured , enabled , disabled . |
systemPolicyRemovableVolumes | enablement | Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later. Possible values are: notConfigured , enabled , disabled . |
postEvent | enablement | Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream. Possible values are: notConfigured , enabled , disabled . |
appleEventsAllowedReceivers | macOSAppleEventReceiver collection | Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process. This collection can contain a maximum of 500 elements. |
Relationships
None
JSON Representation
Here is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.macOSPrivacyAccessControlItem",
"displayName": "String",
"identifier": "String",
"identifierType": "String",
"codeRequirement": "String",
"staticCodeValidation": true,
"blockCamera": true,
"blockMicrophone": true,
"blockScreenCapture": true,
"blockListenEvent": true,
"speechRecognition": "String",
"accessibility": "String",
"addressBook": "String",
"calendar": "String",
"reminders": "String",
"photos": "String",
"mediaLibrary": "String",
"fileProviderPresence": "String",
"systemPolicyAllFiles": "String",
"systemPolicySystemAdminFiles": "String",
"systemPolicyDesktopFolder": "String",
"systemPolicyDocumentsFolder": "String",
"systemPolicyDownloadsFolder": "String",
"systemPolicyNetworkVolumes": "String",
"systemPolicyRemovableVolumes": "String",
"postEvent": "String",
"appleEventsAllowedReceivers": [
{
"@odata.type": "microsoft.graph.macOSAppleEventReceiver",
"codeRequirement": "String",
"identifier": "String",
"identifierType": "String",
"allowed": true
}
]
}
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for