Enabling Privacy Accessibility setting for MS Teams

perweilerg
New Contributor III

What is the best way to enable the System Preferences/Privacy/Accessibility setting for Microsoft Teams? I deployed Teams, and I'm able to share screens, but I'm not able to control their screens. They can accept, but it doesn't hand over control. Or is there a way to unlock the System Preference since all of our users are non-admin and can not adjust this setting. We are running MacOS 10.13 - 10.15. I tried to make a PPPC, but it isn't working

13 REPLIES 13

perweilerg
New Contributor III

ae2b096ff80c4534b7fc0957256f4466

killer23d
New Contributor II

There are 2 parts for Teams to work: Profile and allow screen recording in Security & Privacy tab.

I used PPPC to allow Accessibility for Teams and deployed them. Then the user will have to ensure to allow Screen Recording in Security & Privacy tab for Teams.

All the Privacy setting for Camera, Microphone, Screen must be enabled by the user. MDM can only deny them.

Mojinkii
New Contributor II

I'm also unable to get it to work. It deploys the profile but doesn't enable accessibility tick for teams. What am I doing wrong?

Caleb_Anderson
New Contributor III

@Mojinkii read @killer23d 's response above - User's still have to accept screen sharing, camera and microphone themselves.

I was just looking into this as we are moving to remote working (as I'm sure you are too), because we have too many staff who (seemingly) can't follow the simple instructions on screen while we talk them through enabling it, but it looks like we'll have to grin and bear it.

snovak
Contributor

@Caleb.Anderson That doesn't require admin permissions does it..? If it does I'm going to be up a river here unload I modify the authorizationdb.

mwpanda
New Contributor

Anybody get this working?

SteveC
New Contributor III

@Mojinkii The profiles work, but there is no reflection the GUI on the client machine that any of your settings are applied. You will just have to test it functions as you expect after you deploy the profiles.

@snovak No, the screen recording/camera/microphone privacy settings do not require admin. Only accessibility/control requires admin but we are able to manage that setting with Jamf.

robb1068
Contributor

So is the secret sauce to get Teams control to work having the user allow screen recording? Because that limits the feature to 10.15.

perweilerg
New Contributor III

@killer23d I was able to use some workarounds early on, but am now circling back to this due to mass deploying Catalina. Can you please share your Config Profile for Teams? I understand users need to enable Camera and Microphone, but I'm running into users not being able to share their screens since the Privacy preference is locked and users are not Admin.

hkabik
Valued Contributor

@perweilerg You do not need to unlock the Privacy Preference. Microphone, Camera and Screen Recording are all accessible/editable by user's at any time. Even if the preference is locked.

As a side note, you can pre-approve Camera and Microphone app access on user machines via script (you cannot pre-approve Screen Recording however) by editing the TCC.db:

Examples:

Enable Microphone in Skype For Business for the currently logged in user -

#!/bin/sh

#get username
user=`stat -f "%Su" /dev/console`

sqlite3 /Users/$user/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT or REPLACE INTO access VALUES('kTCCServiceMicrophone','com.microsoft.SkypeForBusiness',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1541440109);" ".exit"

Enable Camera in Teams for the currently logged in user -

#!/bin/sh

#get username
user=`stat -f "%Su" /dev/console`

sqlite3 /Users/$user/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT or REPLACE INTO access VALUES('kTCCServiceCamera','com.microsoft.teams',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1541440109);" ".exit"

GetCart3r
New Contributor III

@hkabik wrote:

@perweilerg You do not need to unlock the Privacy Preference. Microphone, Camera and Screen Recording are all accessible/editable by user's at any time. Even if the preference is locked.

 

Possibly a change with Big Sur? End users do not have the ability to allow Screen Recording. We're have it set to "Let Standard Users Approve" with PPPC. This does work smoothly but Accessibility is still an issue. We have it set to allow and no changes.

Mitch_F
New Contributor

@hkabik, I tried combining the two examples you gave into a single script, but I got the following error. Is there somewhere I went wrong?

Running script Set Permissions for Microsoft Teams... Script exit code: 0 Script result: Error: table access has 13 columns but 12 values were supplied Error: table access has 13 columns but 12 values were supplied

Here is the script:

#!/bin/sh

#get username
user=`stat -f "%Su" /dev/console`

sqlite3 /Users/$user/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT or REPLACE INTO access VALUES('kTCCServiceMicrophone','com.microsoft.teams',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1541440109);" ".exit"
sqlite3 /Users/$user/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT or REPLACE INTO access VALUES('kTCCServiceCamera','com.microsoft.teams',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1541440109);" ".exit"

GetCart3r
New Contributor III

Has anyone had luck getting Accessibility to "allow" or "let standard user approve"?

We've used the PPPC Utility to "let standard user approve" Screen Recording but does not seem to work for accessibility.