Security and Privacy
About this task
Use this configuration to configure various options such as enablement of Gatekeeper for security and privacy.
In the General section, you can configure the following:
- Gatekeeper settings
- Allow device users to change their password
- Enable users to set a lock screen message
- Enable unlocking of the Mac using an Apple watch
If the Custom Data for macOS is configured to read the file stored in a secure location such as a user home directory, the SOTI MobiControl agent cannot access the location, as the SOTI MobiControl agent runs with the root user privileges. To enable the SOTI MobiControl agent to access the data from secure folders, deploy the profile using the Security and Privacy configuration used in this procedure.
Use this procedure to read Custom Data from a secure location on a macOS device.
Procedure
- In the top left on the console, select Menu Profiles → New Profile.
- In the Add Profile window, select Apple → macOS Device.
- In the Create Profile window, select the Configurations tab.
- Select Add. In the Security & Restrictions window, select Security & Privacy.
- In the Security & Privacy window, go to Manage Privacy Preference, and select Add.
-
In the Add Privacy Preference section, enter the following
values:
- Privacy Service: All Files
- Application Access: Allow Admin
- Identifier type: Path
- Identifier: /Library/PrivilegedHelperTools/net.soti.mobicontrol.macOSHelper
- Code Signature: anchor apple generic and identifier "net.soti.mobicontrol.macOSHelper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = C2L25U7KQV)
-
Select OK.
The entry is created in the Manage Privacy Preference section.
-
Select Save.
The configuration is added.
- Go to the General tab.
- Enter a Profile Name and Description for the profile.
- Select Save and Assign to apply the profile to your device.