E ndpoints that had the management profile deployed retroactively r ecognize the management profile after upgrade and gain approval once the upgrade completes. Upgrade the Mac connector to a newer version than the one currently deployed.
Manual approval of the macOS Extensions on endpoints that had the management profile deployed retroactively.Ģ.
If the MDM profile is not deployed prior to install of the connector then the approvals are not granted and additional intervention is required in one of two forms:ġ. NOTE: macOS Extensions cannot be retroactively approved via MDM. System and Kernel extensions can be approved manually from the macOS Security & Privacy Preferences pane.Īpproval of the Mac Connector macOS Extensions with MDM Approval of the Mac Connector macOS Extensions at the Endpoint These approvals can be granted in the macOS Security & Privacy Preferences on the endpoint, or through Mobile Device Management (MDM) profiles.
Approve connector Kernel Extensions to load.The approvals required for macOS 10.14 and macOS 10.15: ** Mac connector version 1.14.0 also required these approvals on macOS 10.15. These approvals are no longer required on macOS 10.15 for Mac connector 1.14.1 or newer. Allow Cisco Secure Endpoint Filter to filter network content.Approve Cisco Secure Endpoint Filter to load.Approve Secure Endpoint File Monitor to load.
The approvals required for macOS 11** and later: The two legacy Kernel Extensions, ampfileop.kext and ampnetworkflow.kext, are included for backwards compatibility on older macOS versions that do not support the new macOS System Extensions.
Mac connector version 1.20 introduces support readiness for Cisco Orbital on Apple silicon hardware, planned for release with Orbital Node 1.21. Refer to the Cisco Orbital sections of this document for details on how to grant the additional full disk access permissions needed for Orbital. Orbital can be enabled in policy with the Advantage or Premier Tier and is installed automatically when enabled and installed on a supported OS version and supported hardware. Mac connector verison 1.16 introduced support for Cisco Orbital on Intel hardware. Older Mac connectors do not work on these versions of macOS. Mac connector 1.14 or newer is required to ensure endpoint protection on macOS 11 and later. Mac connector version 1.14 introduced changes that require attention: Refer to the Known Issues section later in this document if MDM cannot be used. MDM profiles must be installed before install, upgrade, or removal of the Mac connector to ensure the needed permissions are recognized. It is highly recommended to deploy the Mac connector with an MDM profile that grants the required approvals. This document describes recent changes and steps for administrators to deploy Mac connector 1.14 and newer.