Hi @haniel,
For macOS, the Guest Account restriction should be delivered through the MDM configuration profile associated with the device. If the policy is already associated and other payloads are applying correctly, this is usually not caused by a separate enrollment requirement.
A useful check is to confirm whether the restriction is visible on the Mac under the installed management profile:
- On the Mac, open System Settings.
- Go to General > Device Management.
- Select the Hexnode management profile or the relevant policy profile.
- Check whether the Guest User Profile restriction is listed there.
If the restriction is present in the profile but Users & Groups still allows the Guest user to be enabled, refresh the policy association from Hexnode:
1. Open the policy in Hexnode.
2. Click Manage.
3. Choose Modify.
4. Save the policy without making changes.
5. Confirm that the Associate Policy action completes successfully in Action History.
This pushes the existing policy configuration to the Mac again and can refresh restrictions that were acknowledged but not fully reflected in System Settings.
Best Regards,
Isabel Lora
Hexnode UEM