Posted on 09-18-2024 06:07 AM
We deploy a number of security products that require specific privacy preferences be set so that users don't block them from working. A couple recent deployments I've witnessed a new privacy pop-up for local network devices. I'm using JAMF Pro 11.9.0, but do not see any privacy preference options for this new Sequoia option. Anyone else seeing this or perhaps I'm looking in the wrong place. Just wanted to confirm with the community before raising it to support.
Posted on 09-18-2024 06:09 AM
Should have included in the original post, but I did run across this post with the usual Apple response
Posted on 09-18-2024 08:17 AM
Welcome to macOS 15. It's not that Jamf does not have a button for Local Network Access, it's that Apple does not make a key pair to manage this. The best suggestion I have is to submit feedback to apple, but don't expect this one to be changed.
09-18-2024 08:58 AM - edited 09-18-2024 08:59 AM
Also need help with that
Posted on 09-18-2024 09:46 AM
as @AJPinto we are at Apple's mercy on this. I spoke with my account rep about it and they mentioned that I am not alone in this complaint (as well as the 30 day screen sharing authorization) and for whatever it is worth all the customer feedback is being brought back to the team that makes the decisions. To me this is reason enough not to offer Sequoia to the end users for as long as I can avoid it
Posted on 09-19-2024 01:29 AM
I was about to post the same question, has anything at all been released for additional privacy overrrides, such as the system window picker/screen recording?
Posted on 09-19-2024 08:02 AM
I hope they find a solution for this quickly.
For those that use NoMAD to communicate with on premises servers it broke the communication. Also broke communication with apps that communicate within the network for casting (I am in education).
You just have to allow the apps, but would be nice if we can get a plist or json file to do this across our fleet.
Posted on 09-19-2024 01:06 PM
For those that still use NoMad, retire it now. Not tomorrow, retire it now. If you are still using NoMad you are brokering credentials on a fully end of life product that has not been patched in 10 months and will never receive another patch.
https://www.jamf.com/blog/jamf-to-archive-nomad-open-source-projects/
4 weeks ago
We are also being impacted by this. Whilst the Screen Sharing/Recording change was heavily discussed before Sequoia was released, this 'Local Network' change seems to have been more under the radar.
In our case the main impact we are having is with the PaperCut client for a managed print solution.
All these changes may have some justification based on improving security but they have been making the user experience much worse since IT departments cannot pre-solve these things until they are triggered and each has to be individually done, this is particularly an issue for remote workers where IT will not even see the laptop beforehand and which is increasingly common these days.
3 weeks ago
Agree-- We also have a bunch of security products that produce these pop-ups-- I would be nice if we could automatically allow these on supervised/ADE enrolled devices. I commend apple on transparency with privacy to the end user and all, but in a corporate environment it can be a big pain, and bad user experience. And if the user says no to allowing access, it effects operation of those products
Tuesday
We are also having this issue and cannot upgrade our mac fleet until this is manageable, our students will just deny any request for anything as we had this issue on Ventura/Sonoma until i did all the PPCC Profiles. But will effect all or our mounted network shares, paper cut printing, safeguarding software just to mention a few. It does stem down to training but the staff are worse that then students and we will just be inundated and we only have a small team. Apple needs to allow this for Supervised devices, so fingers crossed otherwise we are on Sonoma indefinitely.
Tuesday
Just curious, has anyone tried creating a snapshot to capture allows local network access to an app?
Tuesday
FYI.
I have submitted Feedback to Apple via the Feedback Assistant but do not expect a direct response. When I have spoken to Apple SE engineers I am assured these do all get read despite the lack of response.
I have suggested this would logically be an extension to the PPPC settings and therefore allow IT admins to pre-approve trusted apps.
What is disappointing is that this pattern of not considering the effect to enterprise and education organisations is these days being regularly repeated by Apple. After all Apple themselves are a huge enterprise.