Configuring Kernel Extensions (macOS)
Use the Kernel Extensions profile configuration to enable the installation of kernel extensions on devices when:
Restriction: Requires macOS 10.13.2 or later. For details, see
Apple's Developer documentation.
| Allow User to Approve Additional Kernel Extensions | This option allows device users to approve additional kernel extensions that are not explicitly allowed in this profile configuration. |
| Valid Signed Kernel extensions | Use this section to add or delete allowed team identifiers for kernel extensions. All
valid signed kernel extensions of the specified team identifiers can
load onto the device. An example of a team identifier is
com.example.kext.mydriver. |
| Kernel Extensions | Use this section to add or delete kernel extensions that are allowed to load. Enter
the bundle and team identifiers for each kernel extension allowed to
load. For unsigned legacy kernel extensions, leave the team
identifier empty. Examples of bundle and team identifiers are
com.example.mydriver and
com.example.kext.mydriver respectively. |
Note: To set Apple silicon Mac's security policy to Reduced Security when it is not enrolled in
Apple School Manager or Apple Business Manager, review Apple's support documentation.