Deploying to MacOS via MDM
Is there a mobileconfig file for deploying Gorelo Connect via MDM?
Solution:Jump to solution
App: GoreloConnect
App Code Requirement: identifier "com.gorelo.connect" and anchor apple generic and certificate leaf[subject.CN] = "3rd Party Mac Developer Application: Gorelo Tech, Inc. (5Y2N37BXYC)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */
Allow {APP} to have access to All protected files (Full Disk Access)...
11 Replies
@Tengin can you chime in here when you get a sec
When I installed manually, I still had to accept permissions. Ideally, I can push the profile with MDM to set permissions. Also, you confirm what permissions are needed?
Would be interesting to see how this works actually as were in the process of going the MDM route with Gorlo for Mac devices
You can push all three permissions via MDM:
- Full Disk Access
- Accessibility
- Screen & System Audio Recording
However, ‘Screen & System Audio Recording’ will still require the end user to allow manually as this is an Apple security requirement.
Solution
App: GoreloConnect
App Code Requirement: identifier "com.gorelo.connect" and anchor apple generic and certificate leaf[subject.CN] = "3rd Party Mac Developer Application: Gorelo Tech, Inc. (5Y2N37BXYC)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */
Allow {APP} to have access to All protected files (Full Disk Access)
Allow {APP] to have access to Accessibility
Allow standard User to set {APP] to have access to Screen Capture
[image]
typically, don't we need a mobileconfig file that's signed for it work with MDM?
security cms -S -N "Developer ID Application: YourCompany" -i unsigned.mobileconfig -o signed.mobileconfig
Not if you’re pushing it via an already trusted MDM. You only need to sign a .mobileconfig if you’re distributing it for manual install. What MDM are you using?
What I described is how you'd push a PPPC profile via your MDM. GoreloConnect itself would be installed via the RMM agent (and even deployed via your MDM if that's the flow you'd like to use).
Right, I've pushed it with RMM but then the user had to accept permissions. I was hoping to bypass that by using MDM. We have some clients iwth Apple Business Essentials and some with Intune.
Yep this is what the PPPC above will do... you can bypass the prompt for 'Full Disk Access' and 'Accessibility' -- however, 'Screen Capture' will always prompt the user as this is an Apple security requirement. The PPPC above is allowing the 'Screen Capture' prompt for standard users.
ok, thanks. I'll go that direction