3.2.1.5 Ensure 'Allow iCloud documents & data' is set to 'Disabled'

Information

This recommendation pertains to the storage and syncing of data through iCloud from institutionally-owned devices.

Rationale:

Institutionally-owned devices are often connected to personal iCloud accounts. This is expected and normal. The data from institutionally-owned devices, however, should not co-mingle with the end-user's personal data. This creates a potential avenue for data leakage.

Solution

Open Apple Configurator.

Open the Configuration Profile.

In the left window pane, click on the Restrictions tab.

In the right window pane, under the tab Functionality, uncheck the checkbox for Allow iCloud documents & data.

Deploy the Configuration Profile.

See Also

https://workbench.cisecurity.org/benchmarks/15548