Jamf Nation Community

Weekly is a bit much. Could see customers, especially executive Mac users getting annoyed. Maybe a monthly, or quarterly notification?

Yes we are also seeing this on our Sequoia beta machine. I was hoping it was a bug in the beta, but if not this is going to cause issues for us as we rely heavily on VNC.

My IT leadership is going to hate this, and my tickets will increase. It's not a Deployment Blocker for my org, but its making it painfully obvious that Apple doesn't really understand what the rest of the enterprise market wants or expects.

agreed; a truly awful idea; feedback filed.

I also thought it was strange that these permissions were referred to as Screen Recording, I mean technically that may be what is occurring, but I always thought that was a poor way to name the permission for remote access. The whole pricay and security UI and concept needs to be rethought if you ask me. THe UI, the concept, the commands that are outside of MDM, even for company bought devices, the whole thing is a mess, rant over.

This will certainly be a blocker for us - we have users who will be very unhappy with the frequency of these prompts. Feedback filed.

We also very heavily rely on remote assist tools, which users already have to manually authorize one due to our use of 0-touch. Im waiting for the first support situation where some VIP disables a Conferencing Apps screen recording (Teams, Zoom, WebEx, etc) due to the notifications, then has a call where they need to present and it's not working. Contrary to Apples belief, most users do not know how to toggle this stuff off and on at will.

It wont be a blocker for us, but it will be a headache for our support team. I anyone has not yet, I suggest filing feedback on this. If anyone wants insperation this is the template I used to submit feedback for this.

INTRO: With macOS 15.0 (24A5309e) Beta Apple changed the behavior of the behavior of how macOS notifies users of Applications with Screen Recording access. The original behavior was a user had to manually grant this access once for each individual application, the new behavior is they have to "regrant" this access weekly for each application.

This feedback is about a change in default behavior for macOS Sequoia that, if left unmanaged, will impact our ability to upgrade existing Macs and deploy new ones.

SCOPE OF IMPACT:

* ### Macs eligible (or likely) to upgrade to Sequoia;

* ### Macs refreshed annually;

* ### Macs across the entire organization;

* ### computers across all operating systems.

PROBLEM: Many organizations like (company name) have several applications on devices that request or require Screen Recording access. Mac users are already inundated with user awareness popups, and this workflow is just adding more. What is being done with the good intentions of making users more aware and secure, its just creating noise that users dismiss and don't read.

 

ISSUES & CONCERNS:

1. Users ignoring important system notifications due to the amount of notifications the system is giving them.

2. Users requiring support due to disabling Screen Recording on tools they use that need the access.

3. Distracting users with frequently and needless notifications.

 

WHY THIS MATTERS:

Each of our devices are loaded with multiple conferencing tools like (list tools); as well as remote assist tools such as (list tools); as well as productivity tools like (list tools). Each time this pops up it gives a chance for a user to "break" one of their applications, which will lead to support events to advise a user they need to re-enable Screen Recording.

 

 

### Further details on why this matters###

 

Dependent Applications

1. Teams

2. WebEx

3. Snagit

4. Display Link

5. Zoom

6. Many more applications I cannot even think of to list

 

 

REQUESTS &/OR SUGGESTIONS:

Provide a new MDM payload that facilitates management & control of:

- Limiting the number of popups, for example if MDM is has a configuration deployed to allow non-admin users to approve screen recording access for an app bundle, disable these notification for that app bundle.

- Add functionality to ScreenCapture to allow an MDM to deploy a force "Allow" to manage Screen Recording on Supervised devices to reduce the touch points of a user on the OS configuration. Currently MDM can only issue Deny or AllowStandardUserToSetSystemService.

- Ultimately these Supervised devices are organizationally owned, Organizations have every right to set the configuration on their own devices for both security and user simplicity.

---

feedback can be easily entered by entering applefeeback:// into safari

I am running Beta 24A5298h and see this daily and/or any time I quit and relaunch Teams, not weekly. So it already has bugs and needs to just go away :)

Hopefully developers will have some API call they can make if their app is signed/notorized/sealed with a kiss/watermarked to bypass this. If I install an app that meets all of Apple's requirements I'd appreciate the ability to permanently approve screen recording (at least until the annual OS upgrade or app upgrade). Now, apps that don't meet all of Apple's requirements... sure, weekly prompts with the optional additional step to verify them in the Security System Settings is fine too.

Flipped to monthly now. A semi-win?

https://9to5mac.com/2024/08/14/macos-sequoia-screen-recording-prompt-monthly/

I've updated my request to ask what the point of signing & notarizing an app is if it still prompts the user for system access 'regularly'. I should get the message once, be required to go through the manual steps to give it access, and then not worry about it unless the app or the OS receives a major upgrade. Monthly or quarterly is still an annoyance as my first thought would be - what changed in the app? Didn't I already do this? Why do I have to keep doing this?

Make it more frequent for non-'approved' Apple apps and give the developer a reason to get the app approved. But it's already been reviewed by Apple and /should/ be as non-malicious as possible. These warning would make me second guess that review process.

At least they listened when they got enough blowback...

I have received the following response from Apple regarding the feedback I submitted:

---

As mentioned in Developer and AppleSeed for IT release notes, applications utilizing deprecated APIs for content capture such as CGDisplayStream & CGWindowListCreateImage can trigger system alerts indicating they may be able to collect detailed information about the user. Developers need to migrate to both ScreenCaptureKit and SCContentSharingPicker to prevent these alerts.

I'm hoping Apple will release a payload to bypass this or at least setup a custom permitted list to reduce the number of prompts and reduce the noise.

I've submitted feedback via the AppleSeed program and others should be doing the same too if you want Apple to do something about it!

I would assume if the capability was there that Jamf would have included the payload in 11.9. I can't find it if they have. I might open a ticket with Jamf to ask. We usually allow new major versions on day zero, so if we cannot control this from MDM then we will have to create a KBA and notify users of the new prompts.