Jamf Nation Community

ajamfadmin1810 · ‎02-11-2022

Hello all

I am in the middle of cleaning up our config profiles due to some including kernel, PPPC and system extensions and we are seeing issues because of this. My plan is to break all the profiles into seperate ones for PPPC,kernel ext and sys ext.

Has anyone does this before? how are you scoping to machines? Will it cause any issues if I break these apart and assign them to machines, then once the seperate profiles are on all machines I will go back and unscope the profiles that included all three in one

Phantom5 · ‎02-12-2022

This is how we are actually doing it, we are deploying a number of security agents and apps that need PPPC and extension pre-approval. So currently deploy separate configuration profiles for each agent or software. That means one CP for PPPC, one for system extensions, one for content filtering and eventually one for kernel extensions (for OS compatibility) for each software. Also looks cleaner.

ajamfadmin1810 · ‎02-14-2022

If you dont mind me asking are you pushing kernel extensions to machines that are on catalina or older and then pushing sys extensions to big sur and above and any M1 machines? Or what scope do you use for kernel extensions vs sys extensions? I guess thats what im confused on when to use which one

Hugonaut · ‎02-15-2022

https://support.apple.com/en-us/HT211860

@ajamfadmin1810

Its predicated upon your workflow ADE vs Self Enrolled on Big Sur (with M1)

Monterey & Up, Kernel Extensions are a No Go & must be a system extension. Most enterprise software developers have moved their Kernel Extensions to the new System Extension platform.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

Jamf Nation Community

System Extensions vs Kernel Extensions