User Profile
Statler
Copper Contributor
Joined 8 years ago
User Widgets
Recent Discussions
Re: macOS - Privacy Preference Policy Controls - MDM Settings Catalog
Zaidan258 Sorry if you know this. Create a new Profile Then upload the file You can make your own .mobileconfig files with the PPPC Utility GitHub - jamf/PPPC-Utility: Privacy Preferences Policy Control (PPPC) Utility Rgds StephenRe: macOS - Privacy Preference Policy Controls - MDM Settings Catalog
Zaidan258 Working with the Microsoft InTune Engineers, I’ve been gradually stepping back through the technological advances and went right back to basics. I created a .mobileconfig file using JAMF’s free PPPC Utility app and was able to apply that as a Custom Template, which seems to have worked for Microsoft Teams. This is the result of my findings then from the newest Technology, working backward: Configuration Profiles > macOS > Settings Catalog > Privacy Preferences policy Control >>> This is delivered (according to the Microsoft Team) but not applied. Microsoft Engineers are investigating with a view to fixing it. Configuration Profiles > macOS > Template > Device Restrictions >>> This is applied and Accessibility is applied but Screen Recording cannot be applied to an 'Allow' state. A non-Admin user cannot switch Screen Recording on without some Admin credentials which is the exact opposite of what this is intended to do. Configuration Profiles > macOS > Custom Policy > Upload .mobileconfig file >>> This is applied, the settings for Accessibility and Screen Recording are applied as 'Allow'. Screen recording for the apps is shown in System Settings > Security and Privacy > Screen Recording. It can be controlled (on/off) by a non-Admin user Option 3, while it appears to be the oldest technology and the one that has the most complicated steps, in terms of generating the .mobilconfig file does appear to work as required. This is it so far. I'm hoping for an update from the Intune Engineers this week. HTH StephenRe: macOS - Privacy Preference Policy Controls - MDM Settings Catalog
somesh_pathak Hi Somesh I used that link to create the policy in conjunction with this https://support.apple.com/en-gb/guide/deployment/dep38df53c2a/web and this https://support.apple.com/en-gb/guide/deployment/dep9ddb7e0b5/1/web/1.0 This is the screen grab of the errors and the errors themselves There is really nothing to go on and in this instance neither Google or Bing are my friend.... 😞 Thanks StevemacOS - Privacy Preference Policy Controls - MDM Settings Catalog
Hello Experts I'm trying to roll out some Privacy Preferences Policy Controls for our macOS devices. We have a requirement to make our main Mac users 'Standard' users once they have enrolled their Macs. After this, they cannot approve the Privacy Controls within their own user profiles. Microsoft Endpoint Manager has introduced Settings Catalog within the Configuration Profiles for macOS. We should be able to set the Privacy Controls to automatically approve the setting for users for our most used applications, such as Microsoft Teams, where they require Accessibility and Screen Capture enabled in order to share and give remote control of their screen. We have created a policy based on the recommendations from Apple for creating the XML/.mobileconfig files, translated these settings into what Microsoft Settings Catalog requires and published the policy to a test group. This all seems to have worked well and the policy is created. The policy deployment fails on each item within the policy with a type 2 error : error code : 10022 The Mac logs give no suggestion that the policy install has even been attempted. Endpoint Management portal gives no further information. I'm hoping one of the Microsoft experts will come across this and be able to shed some light on how we can troubleshoot this further. Thanks in advance SteveMacBook has disconnected from Intune
Hi We've just completed a rollout of 38 MacBooks via Apple Business Manager / Intune. We're new to this but everything went to plan and all devices are showing in Endpoint Manager. They are all configured as per our scripts and Apps. We have no cleanup rules configured. Our compliance policy simply marks the device as non-compliant and sends an email to the user. This week we discovered that one of the MacBooks has lost all of its configuration profiles from System Preferences and hasn't checked into Endpoint Manager since 25th March 22. It no longer has the Intune MDM Agent installed or running. The Mac is still showing in Endpoint Manager with the correct user set to be the Primary user. Endpoint Manager still thinks is is in compliance. The mac is working as expected, except for the missing configurations set by our policies and the control offered by Intune. Trying to sync this Mac through Company Portal app returns a timeout, which is expected if the Management Profile is not installed on it and the Agent is missing. Re-installing the Company Portal app did not install a new copy of the Management Profile or Agent. My question then is, can I somehow reinstate the Profile / Agent and re-establish the existing connection with Intune without wiping, retiring or causing the user pain? He is at a remote location and a full rebuild is out of the question. thanks Stephen
