I wanted to share my method of ensuring Users have the Camera and Microphone enabled for Teams.
Background: As many of you may be aware, the Microphone and Camera TCC privacy options are only adjustable by Users. Some of our users were having issues with the Microphone or Camera for Skype for Business, (not allowing the permissions). I wrote out the following EA and Script to resolve this issue. As we transitioned to Teams, I have redeployed this script to our users.
Solution: I built this script to check for the current logged in User's TCC Camera and Microphone permission. If it see that the Camera or Microphone has been set to not allow,
The script will:
1- Check if the app is open, and present the user an AppleScript alert that the app will close in 10 minutes
2- Reset the corresponding permission
(Please be aware that for machines running Mojave and below resetting a single Application's TCC bundle ids does not work properly so the entire microphone or camera TCC settings will be reset. If you have multiple apps that require TCC, please consider the necessity of this script.)
Extension Attribute:
Name: Disabled Microsoft user TCC Values
Script:
#!/bin/bash
#This script is created to report disabled Camera or Microphone Security and Privacy access within a logged in user's TCC preferences
#Shaquir Tannis 3-15-2020
# Get current logged in user
loggedInUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
# Get current logged in user's home directory
[[ "$loggedInUser" ]] && loggedInUser_home="$(/usr/bin/dscl /Local/Default read /Users/"$loggedInUser" NFSHomeDirectory | /usr/bin/awk '{print $2}')"
if [[ -z "$loggedInUser" ]]; then
exit
elif [ "${loggedInUser}" != "itadmin" ] || [ "${loggedInUser}" != "root" ] || [ "${loggedInUser}" != "" ]; then
#Report
disabledValues=$(/usr/bin/sqlite3 "$loggedInUser_home/Library/Application Support/com.apple.TCC/TCC.db" 'SELECT service, client FROM access WHERE allowed = '0'' | grep "com.microsoft")
IFS=" "
echo "<result>$disabledValues</result>"
fi
Smart Group:
Name: Teams Webcam or Microphone Disabled
Criteria:
Disabled Microsoft user TCC Values is not <Leave Blank>
And (
Disabled Microsoft user TCC Values like kTCCServiceCamera|com.microsoft.teams
Or
Disabled Microsoft user TCC Values like kTCCServiceMicrophone|com.microsoft.teams
)
Policy:
Name: Fix Teams Microphone or Camera
Frequency: Once every day
Trigger: Check-in
Scope: Teams Webcam or Microphone Disabled
Script: https://github.com/shaquir/ShellScript/blob/master/Reset_Teams_TCC_Camera_or_Microphone.sh