What are System Extensions?
Addigy Mobile Device Management (MDM) capabilities offer System Extensions Whitelisting functionality. As Kexts, also known as legacy system extensions, are being deprecated for newer macOS systems (Catalina and above) System Extensions allow software (network extensions and endpoint security) to extend functionality without requesting kernel-level access.
In order to use this functionality, the device must be managed by Addigy MDM and have checked into the Addigy MDM Server properly. For help setting up Addigy MDM, see our article Addigy Mobile Device Management (MDM) Integration. Also, System Extensions Whitelisting payloads will fail to deploy unless the Addigy MDM Profile has been Approved on the device. To make sure your MDM Profiles are approved, follow our article Approved MDM Profiles.
Configuring the System Extensions Policy
For building a System Extensions Whitelisting payload, first, let's navigate to Policies > Catalog > MDM Configurations.
Scroll down towards the System Extensions option and select it.
Load the appropriate Team ID or Identifiers for the corresponding software, each software would be unique and require its unique identifiers. (If you already have the Team ID or Identifiers, skip the next step and go to Deploying the Payload)
Obtaining System Extensions Identifiers
Finding the correct Identifiers is much easier than you might expect. We’ve written a KB article for you to follow before heading over to the next step.
Through the steps above you will be able to obtain the Identifiers as well as Code Requirement for the specified application.
Deploying the Payload
You can allow Allowed System Extensions, Allowed System Extensions Types, or Allowed Team Identifiers (Only fill out one of them).
Once the identifiers are set, select Create Configuration to complete the process.
Additionally, if your software has multiple Bundle Identifiers, you can add multiple by using a comma (,) to separate them, see the example below:
After the MDM Configuration is created, assign it to the Policy which requires the Kernel Extension Approvals.
Then confirm the changes in the Deploy Changes section by clicking Confirm All.
Lastly, you will hit Deploy Now and a pop-up window will appear where you will hit Deploy once more.