Environment
- Cb Defense Web Console: All Versions
- Cb Defense Sensor: 3.0.x.x
- MacOS: 10.13.x and higher
Question
What information related to the Cb Defense sensor Kext is required in an MDM profile?
Answer
The Team ID and Bundle ID can be included in the MDM profile. While the inclusion of the Bundle ID includes a reference to the Team ID, the Team ID may require a dedicated entry. Please see the sample below for reference. This sample includes only the data required in an MDM profile for approval of the Cb Defense sensor version 3.0.x.x Kexts. Additional required and optional parameters included with MDM profiles are covered in Apple's developer documentation.
<plist version="1.0"> <dict> <key>AllowedTeamIdentifiers</key> <array> <string>JA7945SK43</string> </array> <key>AllowedKernelExtensions</key> <dict> <key>JA7945SK43</key> <array> <string>com.confer.sensor.kext</string> </array> </dict> </dict> </plist> |
Additional Notes
User Approved Kernel Extension Loading was introduced with macOS 10.13 High Sierra. As a result, the KEXT associated with the Cb Defense sensor must either be manually approved by end users or pre-approved with an MDM profile.
When User Approved Kernel Extension Loading was first introduced in macOS 10.13.0, it was bypassed as long as the Mac was managed with any MDM profile. Beginning with macOS 10.13.4, MDM management alone is not sufficient. The Cb Defense Team ID and Bundle ID must be added to the profile for KEXT approval.
The Team ID and Bundle ID vary depending on the Cb Defense sensor version.
Additional required and optional parameters included with MDM profiles are covered in Apple's developer documentation.
Related Content
Cb Defense: What Information Is Required In MDM Profile For KEXT Approval Of 3.1.x.x Sensor?
Mac supported sensors and agents
Cb Defense: How to approve KEXT on JAMF
macOS 10.13.4 Kext Approval Changes
Prepare your institution for macOS High Sierra 10.13.4
Apple Developer's Kernel Extension Policy Reference
