Jamf Nation Community

Yvan · ‎09-14-2023

Hi everyone,

I am trying to deploy DLP profile for Microsoft purview.
I follow this link to deploy profile with jamf:

https://learn.microsoft.com/en-us/purview/device-onboarding-offboarding-macos-jamfpro-mde

I can see both profile on mac os (see image)

but by default its OFF. I have to enable it manually (Asking for admin password).

Is there anyway I can enable it with a script i can deploy from JAMF pro ?

Thanks

jtrant · ‎09-14-2023

Deploy the preferences using an MDM profile, not a script - Computers > Configuration Profiles. From there, choose the "Privacy Preferences Policy Control" payload for Full-Disk Access and Accessibility for that part of things. You can also simply upload the sample profiles provided by Microsoft.

Note that whatever you push via MDM does not show up in the GUI. If you don't get prompted on a fresh Mac with the profile installed, you're good to go. You can verify that the profiles are installed by going to System Settings > Privacy & Security > Profiles.

Yvan · ‎09-15-2023

Hi - profiles are deployed withtout any issue.
With PPPC - I can make it availble for end-user without admin right but i can't force it to ON (enable) - or I dont know how.
Thanks

jtrant · ‎09-15-2023

If you're deploying PPPC via MDM, the settings are forced, regardless of what you see in the UI. What you're seeing is manually-added Full-Disk Access and Accessibility permissions.

Please see my previous reply in terms of testing and verifying that the profiles are applied.

Yvan · ‎09-18-2023

Hi - What I tought - when you deploy a PPPC profile - it will allow standart user to toogle ON without admin right but it wont enable it automatically.
Thats what I have for instance with screensharing with Teams apps - user can enable it but by default its not enable.
Thanks

Jamf Nation Community

Enable DLP profile in system preferences automatically