Post
FollowHow to allow Syncplicity's kernel extensions for MDM-managed Mac machines (Jamf, AirWatch, etc.)
For a while, now (since macOS 10.13), kernel extensions on a Mac machine require user consent to load.
Kernel extensions do not require authorization if they meet some of the following criteria:
- Kernel extensions were on the computer before the upgrade to macOS 10.13 or later.
- Kernel extensions are replacing previously approved extensions.
- Kernel extensions are allowed to load without user consent by using the spctl command while booted to macOS Recovery.
- Kernel extensions are installed on a computer enrolled in Mobile Device Management (MDM).
- Kernel extensions are allowed to load via MDM configuration. Starting with macOS High Sierra 10.13.2, you can use MDM to specify a list of kernel extensions that will load without user consent. This option requires a computer running macOS 10.13.2 or later which is either enrolled in MDM via Automated Device Enrollment (formerly DEP) or whose MDM enrollment is User Approved.
If you are using an MDM solution such as Jamf, you will need to safelist a few Syncplicity kernel extensions to ensure every version of the Syncplicity client for Mac works seamlessly. The following should be added to your Configuration/Policy profile in your MDM's control panel:
com.syncplicity.filesystems.syncdrive
io.macfuse.filesystems.macfuse
io.macfuse.filesystems.fs.macfuse
Team ID: 9MAQ4GMJ3D, Team Display name: Syncplicity, Inc
Instructions on how these kernel extensions can be added to your Configuration/Policy profile can be found in the documentation for your MDM solution. Instructions for the most popular MDMs can be found at the below links:
Jamf: https://docs.jamf.com/jamf-school/documentation/Kernel_Extensions_Safelist.html
SimpleMDM: https://simplemdm.com/kernel-extensions-system-extensions/
Please sign in to leave a comment.