Property List Check
Automatically adjust Trust Levels and enforce security policies based on whether specific property list file keys match their defined values on macOS devices
- Updated on May 21, 2024
- Property List Check Overview
- Property List Overview
- Matching Value Syntax
- Recommended approach to determining a property list value
- How to add Property List Check as a Trust Factor
- How to add a property list to the Property List Check Trust Factor
- How to edit or delete a property list from the property list check Factor
Property List Check Overview
Security policies often require that devices match certain configurations. One method of checking configurations is to evaluate a property list’s key value pairs. Using the Property List Check Trust Factor, admins can establish a list of keys with corresponding values required on devices in their organization. This Trust Factor supports macOS devices only.
Property List Overview
Adding a property list to the Property List Check Trust Factor requires that admins enter the property list’s location (i.e., the file path). The property list path can be the user path or the absolute path. A property list must contain a key and a value associated with that key.
Matching Value Syntax
To match the key to its corresponding value, Cloud Secure Edge (CSE) uses the ‘Default Read’ command (for macOS devices). This command outputs values in a specific format based on type:
Note: Complex data types (such as Data, Array, and Dictionary) are not evaluated for the key’s corresponding value. The Property List factor can still check if these keys exist (by entering the key without the value).
Property List Value Type | Default Read Command Format |
---|---|
String | String (no change) |
Integer | String (no change) |
Floating Point | String (no change) |
Date | ISO 8601 Format (e.g., 2023-01-01 14:30:15 +0000) |
Boolean | ‘1’ for True, ‘0’ for False |
Data | Not Supported |
Array | Not Supported |
Dictionary | Not Supported |
Recommended approach to determining a property list value
To check the value of a particular property list key, use the following command on macOS devices:
defaults read <file path> <key>
Example:
defaults read
/Library/Preferences/com.apple.networkd.networknomicon.plist
LastAttempt
Next, copy the output of the command into the value section of the property list.
How to add Property List Check as a Trust Factor
-
In the Command Center, navigate from Trust > Profiles.
-
Either select an existing Trust Profile or create a new one.
-
Under the Trust Factors tab, select + Add Trust Factors if creating a new Trust Profile; select Edit and then +Add Trust Factors if adding new Trust Factors to an existing Trust Profile. Select Property List Check.
- Set the Trust Effect.
For steps on how to add a property list to the Property List Check Trust Factor, proceed to the next section.
How to add a property list to the Property List Check Trust Factor
- In the Command Center, navigate from Secure Access > Trust Factors. Then, select the Property List Check Trust Factor, and select Create a Property List.
-
Enter a property list name.
-
Enter a file path. The file path can be set relative to the root or home directory.
-
Enter a key and a corresponding value.
-
Select Save.
How to edit or delete a property list from the property list check Factor
-
Navigate to an existing Trust Profile to the Trust Factors tab.
-
To delete a selected property list, locate the Property List Check factor, hover over the selected property list name, and select the x.
-
To edit a selected property list, locate the Property List Check factor, hover over the selected property list name, and select the name. This will allow you to modify the property list name, the file path, the key, and/or the value.