Reviewing New Payloads for macOS High Sierra Profile

All profiles are broken down into two basic sections, the General section and the Payload section.

  • The General section has information about the Profile, its name and some filters on what device will get it.
  • The Payload sections define actions to be taken on the device.

Every Profile must have all required fields in the General section properly filled out and at least one payload configured.

1. Add a macOS Device Profile

Add a macOS Device Profile

In the Workspace ONE UEM console:

  1. Select Devices.
  2. Select Profiles & Resources.
  3. Select Profiles.
  4. Select Add
  5. Select Add Profile.

1.1. Select Profile Platform

Select Profile Platform

Select the macOS icon.

1.2. Select the Profile Context

Select the Profile Context

Select the Device Profile icon.

2. Configure Security & Privacy Payload

  1. Select Security & Privacy
  2. Click Configure.

3. Review Security & Privacy Payload Settings

  1. Select the Delay Updates check box.
  2. Note the box where you can specify how long (1 to 90 days) to delay updates.

Note: The delay starts from the day the update is released. For example, if Apple publishes an update and the device is offline for the first 30 days the update is released, a 90-day update delay period would end 60 days later (even though technically the device has only known about the update for 60 days).  

4. Review the Kernel Policy Extension Payload

In the same profile screen:

  1. Select the Kernel Extension Policy payload.
  2. Click Configure.

4.1. Review Kernel Extension Policy Settings

  1. Note the User Override setting. You can allow the user to add their own Kernel Extensions
  2. Click Add under Allowed Team Identifiers.
  3. Note the Allowed Team identifier setting. This allows all Kernel Extensions signed by that team identifier.
  4. Click Add under Allowed Kernel Extensions.
  5. Note the Allowed Kernel Extensions setting. You can enter a constrained list of Kernel Extension bundle IDs and their associated developer.

Note: The Kernel Extension Policy requires the device to be enrolled through User Approved MDM Enrollment methods.

Note: To facilitate admins discovering Kernel Extensions (KEXTs) in their environment, VMware created a script that writes details about kernel extensions found in three common folders to the Custom Attributes database.

Download the KEXT Custom Attributes via Products script from GitHub.  

4.2. Close Profile Window

  1. Click the X in the upper-right corner to close the Add Profile window.
  2. Click OK to confirm and discard your changes.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.