In macOS Big Sur, Apple introduced changes to who can approve their Privacy Preferences. As of macOS Big Sur, Standard Users are no longer able to approve applications requesting access to Screen Recording or Listen Events.
Note: In order to allow Standard Users to approve these controls without converting the account to an Admin User, a PPPC MDM Configuration needs to be applied to macOS 11 Big Sur devices to allow Standard User Approval.
macOS Big Sur 11 and up
User Approved MDM
Configuring the PPPC Profile for Standard Users
Note: If you are using Addigy MDM this will be automatically deployed to devicesIn order to configure a PPPC Profile to allow Standard Users to approve the following fields should be leveraged:
- Navigate to Policies > Catalog > MDM Configurations > New > Privacy Preferences Policy Control
Identify the fields Access to Listen Events and Ability to Screen Capture
Add the Identifier and Code Requirement and set Allowed to Allows Standard User To Set System Service.
Below we have also provided the Identifier and Code Requirement for Splashtop.Identifier:
identifier "com.splashtop.Splashtop-Streamer" and anchor apple generic and certificate 1[field.1.2.840.1136184.108.40.206.6] /* exists */ and certificate leaf[field.1.2.840.1136220.127.116.11.13] /* exists */ and certificate leaf[subject.OU] = CPQQ3AW49Y
Approving the Screen Recording via End-User
Once this configuration is applied to a device, Standard Users will have the ability to approve the applications that have been approved using these MDM Configurations.
Once a session is started for the first time, you will see the following prompt appear on the device letting you know what needs to be approved still:
After clicking okay, click Allow next to the options to allow Screen Recording. If you'd like to also allow the microphone, allow that as well. This will lead you to the following page where you will toggle the box next to Splashtop Streamer: