I am in the middle of cleaning up our config profiles due to some including kernel, PPPC and system extensions and we are seeing issues because of this. My plan is to break all the profiles into seperate ones for PPPC,kernel ext and sys ext.
Has anyone does this before? how are you scoping to machines? Will it cause any issues if I break these apart and assign them to machines, then once the seperate profiles are on all machines I will go back and unscope the profiles that included all three in one
This is how we are actually doing it, we are deploying a number of security agents and apps that need PPPC and extension pre-approval. So currently deploy separate configuration profiles for each agent or software. That means one CP for PPPC, one for system extensions, one for content filtering and eventually one for kernel extensions (for OS compatibility) for each software. Also looks cleaner.
If you dont mind me asking are you pushing kernel extensions to machines that are on catalina or older and then pushing sys extensions to big sur and above and any M1 machines? Or what scope do you use for kernel extensions vs sys extensions? I guess thats what im confused on when to use which one
Its predicated upon your workflow ADE vs Self Enrolled on Big Sur (with M1)
Monterey & Up, Kernel Extensions are a No Go & must be a system extension. Most enterprise software developers have moved their Kernel Extensions to the new System Extension platform.