Privacy Preferences Policy Control (PPPC) payloads are used for granting certain applications access, for example to files or microphone/camera. Enforcing a PPPC payload negates the need for intervention from an Admin to grant access to certain apps that may require extra accessiblity priviledges such as TeamViewer or Sophos.


Before we can deploy a PPPC payload we first have to create one.


Prior to creating a PPPC payload we will need to get the Bundle Identifier and the Code Requirement of the application we are giving extended access to.



Getting the Bundle Identifier and Code Requirement


1. Open Terminal by clicking Lauchpad in the Dock.

2. Click Other

3. Click Terminal

4. To get the Bundle Identifier type codesign -dv "Path of Application" (In this example we will use terminal) and press enter

5. Take note of the text after "Identifier=" (this is the Bundle Identifier, image below)



6. Get the Code Requirement by typing codesign -dr - "Path of Application" (In this example we will use terminal) and press enter

7. Take note of the output after "designated =>" (this is the Code Requirement, image below)



Creating a PPPC payload


1. Click Policies in the navigation menu

2. Click Catalog

3. Click MDM Configurations

4. Click Add Configuration +



5. Select macOS

6. Click Privacy Preferences Policy Control



7. Create a name for the Payload (Required)



8. Click Add New on any of the items you would like this application to have access to

9. Fill in the Identifier and Code Requirement with the information gathered previously

10. Make sure the Allowed checkbox is selected (Static Code verifies the Code Requirement of the application on the storage device. If set to false, it verifies the application in-memory)

11. Click Create Configuration



You have created your custom PPPC profile. The only thing left to do is deploy it to a policy.


Deploying to a Policy


1. Click on Policies

2. Click on the Policy you would like to deploy the PPPC Profile to

3. Click MDM Configurations

4. Scroll and find the profile you created and click Add Configuration



5. Click on Deploy Changes of the policy being worked on

6. Click Confirm All



If you want to deploy the changes immediately then click Deploy Now, otherwise the deployment will happen when the policy runs again (every 30 minutes).


You're all set! You created a PPPC Profile and deployed it to a policy! If you experience any issues with this workflow, please reach out to the Addigy Support team by email support@addigy.com.