With the release of macOS Mojave (10.14), Apple introduced controls that let the users allow or restrict cross-application data requests. Subsequently, macOS Catalina (10.15) extended this list of requests to include permissions such as Camera, Photos, Accessibility, AppleEvents, and much more.
For example, certain apps or services might require users' permission(s) to access specific data or even other apps; similar to the permissions requested on mobile devices. The users must provide their consent, without which the apps and services might fail to function. Certain apps or services like Accessibility might even require admin privileges to grant access, which cannot be manually granted by a standard user.
Configuring Privacy Preferences Policy Control (PPPC) in MDM lets you remotely manage these security preferences/permissions. You can allow or restrict permissions requested by Mac applications, on the users' behalf.
PROFILE SPECIFICATION |
DESCRIPTION |
|
---|---|---|
Identifier | Specify the unique bundle identifier of the app. | |
Installation path | Specify the installation path, if a non-bundled app is used. | |
Code sign requirement |
Run the following command on a fresh installation of macOS 10.14 or later to obtain the Command: codesign --display -r - /Library/DesktopCentral_Agent/ManageEngine\ Desktop\ Central\ -\ Agent.app |
|
Static code validation | Enable this only if the app or process invalidates the dynamic Code sign requirement. By default, this will be disabled. | |
Permissions | Allowed Permissions | Specify permissions that you want to provide consent to, on behalf of the users. |
Other Permissions | Permissions which are not marked as allowed can be set to user controlled or restricted. | |
Specify apps for AppleEvents | If the app or service requires permission to access other apps or services, individually specify them under AppleEvents. |
|