As part of macOS Monterey, Apple has introduced the Erase All Contents and Settings function to macOS for Apple Silicon Macs. In my Monterey testing, this setting was very useful because it enabled me to reset my Mac to a factory default condition without having to spend extra time wiping the drive and installing a fresh copy of macOS.
However, having this functionality available may not desired in all environments. For Mac admins supporting these environments, Apple has provided a new profile management option, as part of the Restrictions payload, which disables the Erase All Contents and Settings functionality on Apple Silicon Macs.
For more details, please see below the jump.
I’ve written a profile to disable Erase All Contents and Settings functionality which does the following:
1. Removes the Erase All Contents and Settings… menu option from the System Preferences option.
2. Blocks the Erase Assistant app from running.
Note: When the profile is installed, the Erase Assistant app will show the following message:
Erase Assistant is not supported on this Mac.
In order to apply this profile, there are some pre-requisites:
- User Approved Mobile Device Management (UAMDM) must be enabled on the target Mac.
- Profile must be installed by an MDM server.
Those pre-requisites also apply to deploying this profile, which is available via the link below:
https://github.com/rtrouton/profiles/tree/main/DisableEraseAllContentsAndSettings
When deployed, the profile should appear similar to this in System Preference’s Profiles preference pane.
