This KB will guide you through how to create a PPPC MDM payload to allow applications Full Disk Access to avoid your end-users being prompted for application permissions.
Note: Some applications, such as antiviruses, have many different binaries. Each different binary will likely have different identifiers, and these identifiers may be hard to locate. To ensure you have the proper information needed to whitelist an app via Full Disk Access, we recommend consulting any documentation from the app manufacturer or reaching out to them for further details.
Gathering the Code Requirement and Bundle ID
For steps on how to gather this information, please reference our article here: How To Get The Team ID, Bundle ID, and Code Requirement
Creating the PPPC MDM Profile:
In this step, you will take the previously gathered Code Requirements and Identifiers and put them in the payload.
The fields you want to fill out to grant Full Disk Access (FDA) are Access to All Protected and System Administration.
Below is how the payload should look:
Save your changes, add the configuration to your policy, and feel free to deploy!
Additional Notes:
- It is required for a permissions profile such as PPPC to be present before installing the app it is set to allow. If not, the users may see a prompt and it may not retroactively allow/.
- It's normal to see the applications in question have their checkbox "unchecked" in Security & Privacy -> Privacy -> Full Disk Access panel.
- Having issues granting app permissions? Check out our FAQ guide here:
FAQ: Issues Allowing App Permissions via MDM Profiles (PPPC, System Extensions, etc...)