Professional Documents
Culture Documents
MDM Instructions
MDM Instructions
-------------------------------
VMware, Inc.
-----------------------------------------------------------------------------------
-------------------------------
Carbon Black Cloud Sensor MDM-instructions.txt (August 18, 2020)
-----------------------------------------------------------------------------------
-------------------------------
Approving Carbon Black KEXTs via MDM can be accomplished via a KEXT Approval
Configuration Payload.
The recommended way to deliver this configuration is through the provided MDM-KEXT-
approval.mobileconfig file.
This mobileconfig provides the necessary configuration which can be uploaded to
your organization's
MDM-compatible software deployment tool.
To construct this configuration manually, you must specify the Apple Team ID and
KEXT bundle in your configuration profile
-----------------------------------------------------------------------------------
-------------------------------
KEXT post install approval on Big Sur (Introduced in Big Sur Beta 10):
In order to allow the KEXT to load on MacOS Big Sur, the OS either requires a local
action from an admin to approve the KEXT after install, or a customized reboot
command from your MDM, to rebuild the Kernel Cache. Please see Apple documentation
here:
https://developer.apple.com/documentation/devicemanagement/restartdevicecommand/
command
-----------------------------------------------------------------------------------
-------------------------------
Approving Carbon Black System Extensions via MDM can be ac#complished via a System
Extension Approval Configuration
Payload. The provided MDM-SYSEXT-approval-mobileconfig-sample.txt provides a
snippet of an example mobileconfig
that correctly implements this profile.
To construct the correct configuration, you must specify the Apple Team ID and
System Extension bundle in your
configuration profile
-----------------------------------------------------------------------------------
-------------------------------
-----------------------------------------------------------------------------------
-------------------------------
IV. MDM Privacy Preferences Payload Configuration
Granting an application full disk access via MDM can be accomplished via a Privacy
Preferences Payload.
The recommended way to deliver this configuration is through the provided MDM-
privacy-config.mobileconfig file.
This mobileconfig provides the necessary configuration which can be uploaded to
your organization's
MDM-compatible software deployment tool.
To construct this configuration manually, we must add four identifiers into this
Privacy payload.
The fields should be completed exactly as follows. Please copy and paste for
accuracy.
1)
Identifier: com.vmware.carbonblack.cloud.daemon
Code Requirement:
2)
Identifier: com.vmware.carbonblack.cloud.se-agent.extension
Code Requirement:
3)
Identifier: com.vmware.carbonblack.cloud.osqueryi
4)
Identifier: com.vmware.carbonblack.cloud.uninstall
Code Requirement:
5)
Identifier: com.vmware.carbonblack.cloud.uninstallerui
Code Requirement: