The importance of Unified Logs
With each release of macOS, more and more logs are migrated to the new database style which means that information is subject to Apple’s strict privacy controls. With default settings, unified logs border on unusable for risk management purposes.
Up until very recently, it was not easy to reveal data Apple marks as private at scale.
What is in the fields of unified logs?
The data that is marked private in unified logs is typically the details about an action that could identify the user or computer.
In most cases, enterprise software running on company-owned Mac computers does not share the same privacy concerns. In fact, MDM tools, like Jamf Pro, have access to far more information about a user and computer than unified log private data would provide.
With that in mind, unified logs private data is only private in the context of a personal-owned computer and not a company-owned machine used for work. I strongly agree with Apple’s default log privacy settings to help protect Mac security on personal-use computers from unscrupulous data collection practices that seek to compromise personally identifiable information (PII).
Example log data
NOTE: Before deploying the profile
You will need to sign the profile before uploading to MDM tools like Jamf, as many of them do not currently support this profile key. If you upload an unsigned profile, the process may change the profile in a way that breaks the private data settings. The certificate that signs the configuration profiles may be potentially visible to users, allowing them to see the name of the certificate that signed the profile.
How to sign a configuration profile
Profile to enable (reveal) private data
Dive deeper into Mac endpoint health with Jamf Protect
Have market trends, Apple updates and Jamf news delivered directly to your inbox.