Home » Help » Application Control Mac Prerequisites

How to configure Mac pre-requisites in Application Control Plus?

The Mac agent will be automatically downloaded. For a successful policy deployment on Mac computers, two prerequisites need to be configured:

  1. System extension request
  2. Full disk access request

These prerequisites can be configured manually, or if you have a Mobile Device Management (MDM) solution in your network, you can automatically deploy pre-defined profiles using it.

Steps to configure Mac pre-requisites manually

To configure access for allowing 'System Extension Request' and 'Full Disk Access Request' in Mac, follow these steps.

  1. Upon the policy deployment, a pop-up with the list of pre-requisites to be configured appears on the endpoint.
  2. System Extension Request and Full Disk Access Request can be configured from this pop-up. Tap on Enable Access to configure System Extension Request and select Open System Settings.
  3. In the Privacy & Security section, tap Allow to load Application Control from system software.
  4. Tap Use Password and provide your credentials to proceed further.
  5. Once done, the System Extension Request will be enabled.
  6. Tap on Enable Access to configure Full Disk Access Request, and it will display the list of applications to configure access.
  7. Among the list, enable access to Application Control Driver and applications.
  8. Tap Use Password and provide your credentials to proceed further.
  9. Once done, the Full Disk Access Request will be enabled.

Steps to configure pre-requisites using MDM solutions

To complete the prerequisites, you can utilize an MDM solution. Download the pre-configured profile and deploy it to the Mac endpoints requiring management through Application Control Plus.

If you encounter any difficulty using the provided pre-configured profile, you have the option to manually upload it to your MDM solution and deploy it to the Mac endpoints. Below, you'll find the necessary details for configuring both prerequisites manually using an MDM solution.

System extension request

  1. Allowed Extension Categories - Endpoint Security extension
  2. Team identifier - TZ824L8Y37
  3. Extension bundle identifier - com.manageengine.appctrl.driver

Full disk access request

  1. Identifier Type - Bundle ID
  2. Identifier - com.manageengine.appctrl.driver
  3. Code sign requirement - anchor apple generic and identifier "com.manageengine.appctrl.driver" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TZ824L8Y37)
  4. Static code validation - Yes