How are people deploying Sopho's endpoint per macOS profiles? Are you creating smart groups for each OS and then assigning them to Sopho's endpoint profile for that OS? What happens when a user upgrades to another OS, do they get popups when old profile removes but does not have the new profile yet?

Deploying Sophos Endpoint per macOS profiles

I have Sophos Intercept X agent installed on all Mac OS (current support 12.13.14) we using the profiles that including in Installer package to make sure all extensions in function

You just need to create a Smart Group for specific version then and apply the configuration profile corresponding with MAC Os version

I have Sophos Intercept X agent installed on all Mac OS (current support 12.13.14) we using the profiles that including in Installer package to make sure all extensions in function

You just need to create a Smart Group for specific version then and apply the configuration profile corresponding with MAC Os version

What happens when the user updates the OS? If you are using a smart group per OS for each profile I would assume the profile is removed and then a new one automatically applied when Jamf gets updated OS information. In-between the time the old OS profile is removed and new one applies does the user get popups from Sophos saying an extension needs to be approved?

Has anyone figure out how to grant permission using JAMF to filter network content?

I granted Network Extension, but content (image below) is still prompting for permission.

Any help would be appreciated. MacOS version = Sequoia

Has anyone figure out how to grant permission using JAMF to filter network content?

I granted Network Extension, but content (image below) is still prompting for permission.

Any help would be appreciated. MacOS version = Sequoia

https://docs.sophos.com/central/customer/help/en-us/PeopleAndDevices/ProtectDevices/EndpointProtection/MacDeployment/index.html#download-macos-configuration-profiles

Download from the attached link and select the profile according to your OS, then deliver it via Jamf to the device or device group you manage.

@agungsujiwo I did get the config file from there and i created a policy using that config. The issue i am having is, after granting network extension permission (using a config profile), i am still getting that pop up to grant content filter network extension access. Before deploying, i want to make sure that there’s no pop ups during deployment (reduce the chance of users selecting Dont Allow).

So my question is, after granting the net. extension permission with a config profile. How can i do the same for the content filter extension? I cant seem to find a bundle ID for the Content Filter Network Extension.

Any help would be appreciated.
Thank you.

@agungsujiwo I did get the config file from there and i created a policy using that config. The issue i am having is, after granting network extension permission (using a config profile), i am still getting that pop up to grant content filter network extension access. Before deploying, i want to make sure that there’s no pop ups during deployment (reduce the chance of users selecting Dont Allow).

So my question is, after granting the net. extension permission with a config profile. How can i do the same for the content filter extension? I cant seem to find a bundle ID for the Content Filter Network Extension.

Any help would be appreciated.
Thank you.

Hi @L0GAN876 ,

Things to note:

The configuration profile must be delivered before installing the app to prevent any pop-ups. Make sure there are no pending items when sending the profile.
Once the configuration profile has been applied, the next step is to send the policy to install the app.

Note: If an app installation policy is deployed before the profile, you will need to uninstall the app first.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded