Gatekeeper is a security feature on macOS that is designed to protect your system from malicious software by limiting the apps that can be installed and run on your system. Only allowing apps that are downloaded from either the Mac App Store or from those who have signed their apps with a certificate issued by Apple.
While it’s extremely useful for keeping your macOS environment secure, there are times when a user may need to disable Gatekeeper temporarily.
My organization’s use-case for this is that we have a team of developers who are often running test builds of applications that are unsigned because they’re in development. So we have a process for user’s to go through to disable Gatekeeper temporarily.
However, we want to ensure that there are no gaps and that Gatekeeper will always be re-enabled across the environment.
To accomplish this, we leverage Jamf Pro’s Smart Groups to detect if Gatekeeper is disabled (the status of machines in this group will update after an inventory scan on each device) and a script deployed via a Jamf policy to re-enable it on the machines that show up in our smart group.