Add the Privacy Preferences Profile
Introduced in macOS Mojave, the Privacy Preferences Policy payload allows administrators to grant or deny access to protected resources on a user's behalf. This ensures applications work as expected and minimizes disruption to the device user by preemptively granting user consent for data access.
In this section, you'll configure User Consent for Data Access via a Privacy Preferences Policy for your test device.
1. Add a macOS Device Profile
In the Workspace ONE UEM console:
- Select Devices
- Select Profiles & Resources
- Select Profiles
- Select Add
- Select Add Profile
2. Select Profile Platform
Select the macOS icon.
3. Select the Profile Context
Select the Device Profile icon.
4. Profile General Settings
Configure the device profile as follows:
- Select General if it is not already selected.
- Enter
macOS Privacy Preferences
for the profile name. - Select
Auto
for the Assignment Type. - Scroll down to view the Smart Groups field, and click in the search box. This will pop-up the list of created Smart Groups. Enter
All Devices
and select the All Devices ([email protected]) group.
Note: You DO NOT need to click Save or Save & Publish at this point. This interface allows you to move around to different payload configuration screens before saving.
5. Select the Profile Payload
- Enter
Privacy
in the Profile search box. - Click Privacy Preferences
- Click Configure
6. Add App to Privacy Preferences Payload
Click Add App
7. Understanding App Privacy Preferences
Some applications simply require access to protected services and data locations. In these cases, you can simply choose which service or data location should be allowed or denied. In this specific step, you'll simply grant the VMware Horizon client access to Accessibility features.
More detail about User Consent for Data Access and how to locate the bundle identifier or code requirement can be found on VMware's TechZone Blog: https://techzone.vmware.com/blog/vmware-workspace-one-uem-apple-macos-mojave-user-consent-data-access
8. Configure App Privacy Preferences
- Enter
com.vmware.horizon
as the identifier - Click Bundle ID
- Enter
identifier "com.vmware.horizon" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EG7KH642X6
as the Code Requirement
NOTE: Remember that you can select text in the manual and drag-and-drop the text into the workstation console to copy and paste!
9. Configure Accessibility
- Scroll down until you see the option for the service Accessibility
- Select the option Allow from the dropdown
- Click Save
Additional detail and sample Privacy Preference settings can be found on the VMware Samples GitHub Repository: https://github.com/vmware-samples/AirWatch-samples/tree/master/macOS-Samples/Privacy%20Preferences%20Policy%20Control
10. Add App to Privacy Preferences Payload
Click Add App
11. Configure App Privacy Preferences
Some applications require access to protected services and data locations, as well as access to other applications. In these cases, you can also augment your app definition by specifying which applications can be sent Apple Events from the app in the definition. In this specific step, you'll grant Microsoft Outlook the rights to send Apple Events to Skype for Business.
More detail about User Consent for Data Access and how to locate the bundle identifier or code requirement can be found on VMware's TechZone Blog: https://techzone.vmware.com/blog/vmware-workspace-one-uem-apple-macos-mojave-user-consent-data-access
12. Add Privacy Preferences for Outlook
- Enter
com.microsoft.Outlook
as the identifier - Click Bundle ID
- Enter
identifier "com.microsoft.Outlook" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
as the Code Requirement
NOTE: Remember that you can select text in the manual and drag-and-drop the text into the workstation console to copy and paste!
13. Configure Apple Events
- Scroll down until you see the option for Apple Events.
- Click Allow for Apple Events
- Enter
com.microsoft.SkypeForBusiness
as the identifier - Click Bundle ID
- Enter
identifier "com.microsoft.SkypeForBusiness" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AL798K98FX
as the Code Requirement
NOTE: Remember that you can select text in the manual and drag-and-drop the text into the workstation console to copy and paste! - Click Save
Additional detail and sample Privacy Preference settings can be found on the VMware Samples GitHub Repository: https://github.com/vmware-samples/AirWatch-samples/tree/master/macOS-Samples/Privacy%20Preferences%20Policy%20Control
14. Save and Publish Profile
Click Save and Publish
0 Comments
Add your comment