What are System Extensions?
Addigy Mobile Device Management (MDM) capabilities offer System Extensions Whitelisting functionality. As Kexts, also known as legacy system extensions, are being deprecated for newer macOS systems (Catalina and above) System Extensions allow software (network extensions and endpoint security) to extend functionality without requesting kernel-level access.
Prerequisites
In order to use this functionality, the device must be managed by Addigy MDM and have checked into the Addigy MDM Server properly. For help setting up Addigy MDM, see our article Addigy Mobile Device Management (MDM) Integration. Also, System Extensions Whitelisting payloads will fail to deploy unless the Addigy MDM Profile has been Approved on the device. To make sure your MDM Profiles are approved, follow our article Approved MDM Profiles.
Configuring the System Extensions Policy
For building a System Extensions Whitelisting payload, first, let's navigate to Catalog > MDM Profiles.
Scroll down towards the System Extensions option and select it.
Load the appropriate Team ID or Identifiers for the corresponding software, each software would be unique and require its unique identifiers. (If you already have the Team ID or Identifiers, skip the next step and go to Deploying the Payload)
Obtaining System Extensions Identifiers
Finding the correct Identifiers is much easier than you might expect. We’ve written a KB article for you to follow before heading over to the next step.
Creating and Deploying a PPPC Payload
Through the steps above you will be able to obtain the Identifiers as well as Code Requirement for the specified application.
Deploying the Payload
You can allow Allowed System Extensions, Allowed System Extensions Types, or Allowed Team Identifiers (Only fill out one of them).
Once the identifiers are set, select Create Configuration to complete the process.
Additionally, if your software has multiple Bundle Identifiers, you can add multiple by using a comma (,) to separate them, see the example below: