Jamf Nation Community

spowell01 · ‎07-11-2022

Hi Everyone, I feel bad making this post as its been hashed over quite a few times but I cant seem to get what was working, working again now. I am seeing an issue with freshly imaged laptops on 12.4 running the latest Teams version 1.5.00.17261 where the app does not seem to respect the allowed screen recording permission. We've had a pppc in place for some time now and to my knowledge its been working. I recreated the PPPC, with various combinations of settings, downloaded the all apps PPC from github and also had the same behavior. Teams prompts for permission, but when system prefs is viewed its already set. You can toggle it off and on, reopening the app but we are still seeing the prompt. Is there something that's recently changed I'm missing here? No change with restarting nor reinstalling teams.

Profile 1:

Profile 2, with the same behavior as above.

spowell01 · ‎07-13-2022

I have this figured out. It appears the existing PPPC profile we have had in place for some time has a different certificate leaf string value. Anything we create now through the PPPC utility has an updated leaf string ID. From my testing if that original profile is layed down, we must remove the profile and then actually delete the teams entry in security and privacy before laying down the new profile which is what i was missing initially. If you simply remove the old profile and install the new profile, screen sharing does not work. I'm thinking that our users out in the wild who have an updated teams app very well may not be able to screen share since their pppc profile has old app information. I've got a smart group setup for devices imaged after todays date and am scoping the new profile to that group. I've tested multiple machines after reimaging and everything seems to be working as expected.

View solution in original post

mfletch · ‎07-12-2022

If the question is, how can you have the the Profile configure this for you, so users don't have to deal with it? I believe this cannot be done as its more of a privacy concern for Apple so for these type of things, it requires that the user makes the changes manually so they know (in theory) what they are doing by giving Teams and any other apps access to share the screen or camera etc.

spowell01 · ‎07-12-2022

Thanks mfletch, but that is not the question/scenario. Teams is prompting the user to open system preferences and allow it permission to record the screen. We proceed to system preferences, and due to the PPPC profile, teams is available to be checked by the user. We are prompted to close and reopen teams but its just a loop at that point. We try to screen share again and are told that we need to allow permission, even though its 100% checked.

mfletch · ‎07-12-2022

Is this for all machines or just 1 machine having this problem?

spowell01 · ‎07-12-2022

At this point, its affecting any new or freshly reimaged machines. Some or many of our laptops out in the wild I'm assuming are still working as expected.

spowell01 · ‎07-13-2022

I have this figured out. It appears the existing PPPC profile we have had in place for some time has a different certificate leaf string value. Anything we create now through the PPPC utility has an updated leaf string ID. From my testing if that original profile is layed down, we must remove the profile and then actually delete the teams entry in security and privacy before laying down the new profile which is what i was missing initially. If you simply remove the old profile and install the new profile, screen sharing does not work. I'm thinking that our users out in the wild who have an updated teams app very well may not be able to screen share since their pppc profile has old app information. I've got a smart group setup for devices imaged after todays date and am scoping the new profile to that group. I've tested multiple machines after reimaging and everything seems to be working as expected.

Jamf Nation Community

MacOS 12.4, Teams version 1.5.00.17261 does not respect screen recording setting.