Is Allowed Team Identifiers necessary for System Extensions?

Question

So I was getting this error constantly on every machine.

When I checked the Approved System Extensions, I noticed there was 'Allowed Team Identifiers' for a few Applications, one being Cisco AnyConnect.

So I created a new Approved System Extensions policy and removed the 'Allowed Team Identifiers' portion for Cisco AnyConnect. As you can see in the NEW policy, the 'Allowed Team Identifiers' is gone.

Question for clarity... I assume if the Team Identifier is already being entered within Allowed System Extension Types, it would be unnecessary to also add Allowed Team Identifiers. That option seems to be for applications that do not need System Extension or System Extension Types. Is this correct? After I removed the Allowed Team Identifiers in the NEW policy, I didn't see anymore errors... So for clarity, is Allowed Team Identifiers necessary, or can I delete that portion without causing any harm?

sdagley · Accepted Answer

Update:I just read the documentation from here: https://developer.jamf.com/developer-guide/docs/kernel-and-system-extensionsIt seems the answer is... Allowed Team Identifiers = Allow all System Extensions from the same Team IdentifierAllowed System Extensions = Allow explicit System Extensions by defining each one by Bundle IdentifierSo it seems you would need to use one or the other. If you go with the former, you allow all System Extensions. If you go with the latter, you need to specific which System Extensions. Hence the reason for the error from JAMF if you use both simultaneously. Someone please confirm I am understanding this correctly, thanks! &#128526;@janzaldua You are understanding it correctly, you do not want to use both simultaneously for the same extension.

janzaldua · Answer

Update:I just read the documentation from here: https://developer.jamf.com/developer-guide/docs/kernel-and-system-extensionsIt seems the answer is... Allowed Team Identifiers = Allow all System Extensions from the same Team IdentifierAllowed System Extensions = Allow explicit System Extensions by defining each one by Bundle IdentifierSo it seems you would need to use one or the other. If you go with the former, you allow all System Extensions. If you go with the latter, you need to specific which System Extensions. Hence the reason for the error from JAMF if you use both simultaneously. Someone please confirm I am understanding this correctly, thanks! &#128526;

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded