Modify sysprefs_siri_disable to use "com.apple.assistant.support" instead of "com.apple.ironwood.support"

[qharouff]

Problem to solve

The sysprefs_siri_disable rule currently recommends the "com.apple.ironwood.support" payload with "Ironwood Allowed" set to "false". Although this control may still function, it was deprecated after macOS 10.13.

The "com.apple.assistant.support" payload now provides support for this functionality in newer version of macOS with the "Assistant Enabled" key set to "false".

Further details

The "com.apple.assistant.support" payload is also used within the "sysprefs_improve_siri_dictation_disable" rule.

This payload should work macOS 10.12 and above.

Proposal

Modify the sysprefs_siri_disable rule to recommend the "com.apple.assistant.support" payload configuration in modern versions of macOS.

Documentation

Apple Developer "com.apple.ironwood.support" Deprecated: https://developer.apple.com/documentation/devicemanagement/parentalcontroldictationandprofanity Rich Trouton Article on Blocking Siri on macOS Sierra (and higher): https://derflounder.wordpress.com/2016/09/20/blocking-siri-on-macos-sierra/

Testing

Test behavioral functionality in different OS versions. Confirmed working for macOS 12 (Monterey).

[robertgendler]

We'll have to test to make sure it works happily. But good find!

[robertgendler]

Turns out com.apple.assistant.support does not disable Dictation under Keyboard which uses Siri for diction, sending the data off to Apple's servers to analyze. So while com.apple.assistant.support does disable Siri in the Siri system preference, it does not disable all of Siri services, at least on Monterey

[jeolsen]

<key>UserHasDeclinedEnable</key><true/> in com.apple.Siri should disable Siri

[robertgendler]

com.apple.siri - UserHasDeclinedEnable - this does not appear to disable Siri in my testing.

[jeolsen]

what about also adding com.apple.assistant.support: "Assistant Enabled" to FALSE (bool) com.apple.assistant.support: "Siri Data Sharing Opt-In Status" to "2" (Integer)

[qharouff]

what about also adding com.apple.assistant.support: "Assistant Enabled" to FALSE (bool) com.apple.assistant.support: "Siri Data Sharing Opt-In Status" to "2" (Integer)

This is the configuration I've tested on my end and can confirm @robertgendler's findings. This does not disable dictation on macOS 12.

Thanks for looking into this one Bob!

[jeolsen]

i didn't think disabling siri and disabling dictation were the same thing. Apple is stating that dictation can be disabled with the "allowDictation" key set to false in com.apple.applicationaccess payload. They stated on 101823390766 that this worked on Ventura during internal testing.

[robertgendler]

https://github.com/apple/device-management/blob/seed_iOS-16-1_macOS-13-0/mdm/profiles/com.apple.applicationaccess.yaml

According to this allowDictation existed since 10.13. Will do some more testing against Monterey and Ventura.

[robertgendler]

com.apple.applicationaccess has the key for allowAssistant though supposedly not supported in macOS, but it appears to work in macOS with Ventura at least. This disables Siri and Dictation.

com.apple.assistant.support with the key Assistant Enabled is not an officially supported key. But will disable Siri. Then with allowDictation you can disable Dictation as well.

I think the project for now will continue using Ironwood as that disables both features and is "technically" supported by Apple even though it is deprecated. But if an organization chooses to do it a different way, they are welcome to do that.

We will continue to monitor this due to Section 508 IT Accessibility rules and laws, Apple should provide better methods to disabling Siri, Allowing Dictation, and doing forceOnDeviceOnlyDictation like they do on iOS. Please file feedback to Apple.