Category filter

Disable macOS App Store using configuration profile

The App Store offers a convenient way for users to discover, download, and install applications on their Apple devices. Organizations looking to implement strict application management and maintain accurate application compliance on macOS devices can choose to disable the App Store. Disabling the App Store helps manage unauthorized app installations, possibly reducing distractions from non-essential applications for users in an organization. This document provides a way to disable the macOS App Store using a configuration profile. IT administrators can deploy this configuration profile using Hexnode’s Deploy Custom Configuration feature.


The sample configuration profile provided below is created using various profile creator applications.


  • The following configuration profile only works for devices running macOS 10.14 and above.
  • For devices running macOS 10.10 to 10.13, this configuration profile restricts the installation of software updates from the App Store.

Disable App Store

The following configuration profile uses the restrict-store-softwareupdate-only key to disable App Store on a macOS device. This key supports two input values:

true – To disable the App Store.

false – To enable the App Store.

What happens at the device end?

Upon successful installation of the configuration profile on a macOS device, the App Store will be disabled and inaccessible to the user. When a user attempts to access the App Store, they will be shown an error message stating, “You don’t have permission to use the App Store”.



  • Removing the configuration profile from the macOS device will re-enable the App Store.
  • Admins can still remotely deploy applications to macOS devices from the Hexnode UEM console.
  • To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
  • Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
  • Ensure that you do not associate conflicting configurations with the devices.
  • It is recommended to manually validate the configuration profile on a system before executing it in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.

  • Configuration Profile Repository