I'm curious if anyone else has found a solution to this particular situation. We're currently deploying the 'Security & Privacy' payload in a configuration profile to all of our Macs, however we're only really interested in configurations within the General and FileVault tabs. For us, the issue lies in how the Firewall tab is treated and how a configuration choice must be made. Either we disable the firewall entirely or we enable it and manage all configurations from the MDM.
Our Security team has indicated that they do not want Jamf Pro to configure the firewall in any way. They would like end users to be able to configure the local firewall as they see fit.
I've thought about potentially converting our current config profile down to XML, extract the Firewall elements and re-upload. Has anyone tried something like that? I'm concerned how that might effect the Filevault recovery key escrow settings. Any other clever ideas out there?
Wow first time I've heard of a Security team NOT wanting to lock something down, and instead give the user a choice! :)
As far as I've seen, the way you mentioned by hacking out those bits from the profile and re-distributing is the only way to accomplish this, which stinks. I don't even think this is a Jamf issue, but an Apple one. I don't think Configurator will let you do this either (though I suppose you could try it).