recoveryOS protection

Platform compatibility
How to set it up
Modifying or removing the control
How it works

Platform compatibility

macOS	Windows	Linux	iOS / iPadOS	Android
✅

How to set it up

Select targeting

No additional configuration is required. Choose which devices to apply the control to: all macOS devices, specific device groups, or a custom target.

Modifying or removing the control

Disable the control from the profile settings. Disabling stops enforcement but does not remove existing configurations from devices.

How it works

Primo delivers a macOS security configuration payload via MDM that applies restrictions to the recoveryOS environment. These settings are enforced at a firmware level on Apple Silicon Macs and at the security policy level on Intel Macs.

On Apple Silicon Macs, recoveryOS restrictions are integrated with the Secure Enclave. Full enforcement requires that the device is enrolled in MDM with the appropriate supervision level.

Password & Screenlock

Remote access

Introduction

Onboardings & Offboardings

Device Management

Endpoint Protection

Identity & SaaS Management

Global Purchasing

Guides

Platform compatibility

How to set it up

Modifying or removing the control

How it works

Introduction

Onboardings & Offboardings

Device Management

Endpoint Protection

Identity & SaaS Management

Global Purchasing

Guides

​Platform compatibility

​How to set it up

​Modifying or removing the control

​How it works

Platform compatibility

How to set it up

Modifying or removing the control

How it works