2.3.1.2 Ensure AirPlay Receiver Is Disabled

Information

In macOS Monterey (12.0), Apple has added the capability to share content from another Apple device to the screen of a host Mac. While there are many valuable uses of this capability, such sharing on a standard Mac user workstation should be enabled ad hoc as required rather than allowing a continuous sharing service. The feature can be restricted by Apple ID or network and is configured to use by accepting the connection on the Mac. Part of the concern is frequent connection requests may function as a denial-of-service and access control limits may provide too much information to an attacker.

https://macmost.com/how-to-use-a-mac-as-an-airplay-receiver.html

https://support.apple.com/guide/mac-pro-rack/use-airplay-apdf1417128d/mac

This capability appears very useful for kiosk and shared work spaces. The ability to allow by network could be especially useful on segregated guest networks where visitors could share their screens on computers with bigger monitors, including computers connected to projectors.

Solution

Profile Method:

Create or edit a configuration profile with the following information:

- The PayloadType string is com.apple.applicationaccess
- The key to include is allowAirPlayIncomingRequests
- The key must be set to <false/>

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

Impact:

Turning off AirPlay sharing by default will not allow users to share without turning the service on. The service should be enabled as needed rather than left on.

See Also

https://workbench.cisecurity.org/benchmarks/15551