Enterprise networks may be required to audit all network traffic by policy; therefore, iCloud Private Relay must be disabled. Network administrators can also prevent the use of this feature by blocking DNS resolution of mask.icloud.com and mask-h2.icloud.com. Audit: Verify the macOS system is configured to disable the iCloud Private Relay with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\ .objectForKey('allowCloudPrivateRelay').js EOS If the result is not "false", this is a finding. Remediation: Configure the macOS system to disable TouchID for unlocking the device by installing the "com.apple.applicationaccess" configuration profile with 'allowCloudPrivateRelay' key set to false

[Yes/No]

Configure the macOS system to disable TouchID for unlocking the device by installing the "com.apple.applicationaccess" configuration profile with 'allowCloudPrivateRelay' key set to false