One of my most important software vendors still has not updated their software to not use a kernel extension. Previously, we were able to approve the kernel extension using a profile. It's not so easy now, and Apple Silicon Macs have complicated the matter further. What is the best practice for managing extensions until the developers stop using them? From what I understand, no matter what I do with Jamf Pro, users would still need to reboot into recovery to change the security setting to allow for approval of KEXTs. I don't like that if we send a user a Mac direct from Apple, and they go through the whole DEPNotify process, they have to reboot into recovery, change the security setting, install the software from Self Service, and then reboot again to approve the extension. I would appreciate some advice on this. Thanks!
