I successfully deployed the CrowdStrike with this instruction; however, the user has to manually allow the Full Disk Access in the Security & Privacy.
Does anybody know how to do it or can lead me to the instruction? I have read several articles and got confused.
Sure. Otherwise it would have been very, very, painful to deploy. The PPPC should look something like this:
<key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113622.214.171.124.6] /* exists */ and certificate leaf[field.1.2.840.1136126.96.36.199.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.crowdstrike.falcon.Agent</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> </array>
Could you make a healthy distribution in this way? Could you make a healthy distribution in this way? Is there a medium where you can share this PPPC file? There is one more thing that I am wondering about. Should I send the Profile file to the client before installing the Falcon agent? Or later?
You need to distribute the config profile first, otherwise your users will get those dialogs.
Just enter the value in the PPPC like this:
You'll probably want to allow the system extension as well: