Allow System Extensions on macOS using mobileconfig

nylle

We have a package to be distributed from your MDM and during the installation the users have to click Allow on System Extension. So how to allow System Extensions on macOS using MDM and a mobileconfig file?

Tools used

  • iMazing Profile Editor (Available for download in the macOS app store)
  • Terminal kommando; systemextensionsctl

First need to find out the Apple Team ID and Bundle ID.

In the example below, we have used an imaginary:
Team ID: B23J89K123

Bundle ID: com.blabla.tset & com.blabla.tset.systset

Open the terminal and type: systemextensionsctl list

As we see in the picture, there is only 1 extension installed on the computer right now. 

Image description
You can also check under /Library/SystemExtensions and there should only be a folder with lots of letters and numbers.
Image description

Install the application

Start the installation of the application. During installation, this box will appear:

Image description
Open System Settings / Privacy & Security and scroll down a bit and you will see this image:

Click Allow 

Image description

You can also see this image, click Details and approve the program you are installing.

Image description
After the installation of the application is complete, we check again with the command “systemextensionsctl list” in Terminal. Now on this computer we have (may vary depending on your application) two new system extensions installed.
Image description

Create *.plist file

Then we will create a plist file that will need to be imported later in the “iMazing Profile Editor”.
Below I have created a plist file that we can use. Just make sure to change the Team ID and Bundle ID to the system extension that was installed.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>B23J89K123</key>
    <array>
        <string>om.blabla.tset</string>
        <string>com.blabla.tset.systset</string>
    </array>
</dict>
</plist>

Save the plist file with example: filename: Allowed System Extensions.plist

Create *.mobileconfig fil

Download “iMazing Profile Editor” and start the program.

Fill in the “General” information first.

Image description

Image description

Look in the corner for “system extension policy” and click + Add Configuration Payload.

Image description

Select choose on Allowed System Extensions

Image description

Select your created “Allowed System Extensions.plist” and click Open

Image description

Your plist is now added

Image description

Save your mobileconfig profile.

Image description

Upload the mobileconfig file to your MDM and test it.

Comments

You should also read:

nylle

macOS apps - How to find Bundle IDs

There are several common ways to find the Bundle ID / CFBundleIdentifier of a macOS app. We'll focus on utilizing the Apple onboard macOS software tools Terminal and Finder. Terminal with osascript You can find the Bundle ID of an application on a macOS system using…

Continue reading...
nylle

Create a macOS package with Packages

In this guide we will go through two ways to use the application Packages to create a macOS packages from a pkg or dmg. Package can after its build be used to distribute with your favorite MDM. The Packages application used to create the pkg…

Continue reading...