What are Kernel Extensions?

Addigy Mobile Device Management (MDM) capabilities offer Kernel Extension (Kext) Whitelisting functionality. If you are unsure as to what Kernel Extension Approvals are in macOS, feel free to review Apple's documentation on Kexts from the following articles:

https://support.apple.com/en-us/HT208019

https://support.apple.com/en-us/HT208488


Prerequisites

In order to use this functionality, the device must be managed by Addigy MDM and have checked into the Addigy MDM Server properly. For help setting up Addigy MDM, see our article Addigy Mobile Device Management (MDM) Integration. Also, Kext Whitelisting payloads will fail to deploy unless the Addigy MDM Profile has been Approved on the device. To make sure your MDM Profiles are approved, follow our article Approved MDM Profiles.


Configuring the Kernel Extension Policy

For building a Kext Whitelisting payload, first, let's navigate to Policies -> Catalog -> MDM Configurations.



Once you are in the MDM Configurations section in the Catalog, select Add Configuration.


Select the Device type macOS for which the Kernel Extensions apply.



Load the appropriate Team ID or Identifiers for the corresponding software, each software would be unique and require its unique identifiers.


Obtaining Kext Identifiers

Find the software and team identifies for your software may prove challenging. The MacAdmins community shares an open-source community-maintained spreadsheet which has many identifiers provided by community members. Addigy cannot guarantee the accuracy or completeness of the community list, but it has proved itself to be a great resource for many Addigy partners.

https://docs.google.com/spreadsheets/d/1IWrbE8xiau4rU2mtXYji9vSPWDqb56luh0OhD5XS0AM/edit#gid=0


If your software identifiers are not listed in that sheet, then you will need to to find them manually. Here are some good resources for finding the necessary software identifiers:


Deploying the Payload

Once the identifiers are set, finish the configuration by pressing Create Configuration.



After the MDM Configuration is created, assign it to the Policy which requires the Kernel Extension Approvals.



Then confirm the changes in the Deploy Changes section by clicking Confirm All.