Security & governance
The admin console
One in-app surface to author a fleet policy, start from a preset, and read back what a managed machine is actually running.
An admin writes the deny-list a fleet runs on here. The console lives inside the desktop app at /app/admin, reachable by URL or the quiet “org policy” command. It produces a configuration profile you hand to your MDM. Its only action is a local file download; it never contacts Conifer. How that profile lands and clamps a machine is the MDM policy page. This is the surface that authors it.
Author a policy
A policy is a deny-list. The console exposes five capability toggles and a row per recognized integration, and every control does the same thing: it turns a capability off. There is no affordance that grants one. So whatever you author is a strict subset of the consumer default, and an empty policy restricts nothing.
| Toggle | What it denies |
|---|---|
| File writes | Agents cannot create, edit, or append files. |
| Program execution | No running commands, tests, or git. |
| App automation | No accessibility automation or app scripting. |
| Network fetch | No outbound fetch from a tool call. |
| Cloud routing | The route dial pins local-only, no cloud lane. |
Below the toggles, an integration row per connector (Slack, Mail, Notes, web search, MCP, and the rest) strips that connector before it reaches the agent grammar or the broker.
A what this denies preview lists the exact restriction tokens the policy carries, in schema order, and updates as you toggle. These are the same strings the policy reader reports once the profile is pushed. The preview is what a machine will attest to, not a cosmetic summary. With nothing toggled, it says the policy leaves the install ungoverned: the honest reading of an empty deny-list.
Start from a preset
Most regulated teams never start from a blank list. The preset menu drops in a deny-list shaped for a vertical, which you then tune toggle by toggle. Picking one replaces the current state rather than layering onto it, so a preset is always a clean base. Hand-edit it and the menu drops back to custom: the policy is no longer the preset.
- Privileged work (legal)
- Closes every egress path and program execution so privileged material stays on the machine. Document and calendar reads are kept.
- Healthcare (HIPAA-aligned)
- A minimum-necessary posture for PHI: no egress, and Messages and Slack stripped so patient data has no path off the endpoint.
- Finance
- Material non-public information stays off the wire: no egress, no execution, and Slack stripped as the common leak vector.
- Maximum lockdown (read-only)
- The strict floor. Nothing mutates, nothing runs, nothing leaves. Loosen from here as a fleet needs.
Export the profile
The authored policy exports as a .mobileconfig profile, or a bare .plist if your tooling prefers it. The file downloads to your own disk. Ship it through Jamf, Kandji, Intune, or whatever already manages the machines, and it lands at the root-owned path the app reads on launch.
/Library/Managed Preferences/build.conifer.desktop.plistThe reader strips any denied capability kernel-side, before the request reaches the model grammar or a connector, the same fail-closed seam every grant takes. The console authors the file; it does not enforce it, and the export touches neither the network nor Conifer.
Read the audit trail
A managed fleet has no server log to read, because there is no server. The audit trail is per machine: each managed install writes a posture document, and the console reads it back in place. The panel shows the live document this endpoint reports, byte for byte what your EDR collects from the documented path, with no callback to anyone to fetch it.
The load-bearing line is the policy fingerprint, a stable content hash of the deny-list. Match it against the profile you pushed and the machine is running the policy you think it is. A mismatch means it is not. When the console runs on a machine that is itself managed, it surfaces that machine’s status inline: the fingerprint, and the restrictions currently in force. The full schema, the collection path, and what the document does and does not prove live on the posture attestation page.
Serverless by construction
The console performs exactly one write, a local file download, and one read, this machine’s own posture. It opens no socket and posts nothing. Policy goes out through your MDM, posture comes back through your EDR, and Conifer sits at neither end of that pipe. The local-first guarantee holds on the admin’s machine too. For the rails this console feeds, see deploy across a team.