Following Sophos Mac Endpoint: How to Configure JAMF Privacy Preferences for 10.15+ Compatibility …
… still results in users receiving multiple prompts after upgrading from macOS 10.15.7 (19H15) as detailed here:
macOS 11 Big Sur (previously known as 10.16)
I am also seeing this same behavior. I have completely audited the instructions and believe I have everything configured correctly. I continue to see messages stating "System Extension Blocked" for SophosWebNetworkExtension and SophosScanD.
I can confirm that the configuration profile is being installed before Sophos and it has the relevant information contained within it, but macOS is still notifying.
I believe I have found an issue in the documentation. The System Extension portion that currently instructs people to add SophosWebNetworkExtension and SophosScanD should instead read com.sophos.endpoint.networkextension and com.sophos.endpoint.scanextension as seen in this image.
Now that I have the System Extensions loading properly, I am also being prompted to add a Proxy Configuration. There is no existing documentation related to this dialog.
Thanks for the heads-up, mscottblake.
I'll test and advise.
Apologies for the documentation error, we'll get that fixed right away.
The instructions should allow enablement of the extensions and setting their permissions correctly but the Proxy Configuration is triggered by the OS when our network extension attempts to create and configure a proxy, which it requires in order to intercept network traffic.
I understand the need for the proxy configuration. These instructions are intended for administrators to be able to predefine the configurations and avoid user interaction. For instance, I do not wish to allow my users to disable the proxy by choosing "Don't Allow" at the prompt.
The instructions should be amended to include steps to enable the proxy configuration with an MDM such as Jamf Pro.
This solved a lot of install issues, however now Sophos reports the error "This is an invalid address for updating from a network volume".
I am using the same preconfig as previously and all of our non-Big Sur clients use the same preconfig and have no issues with the address...Any ideas?
Would it be possible to export the mobileconfig so we can view the configuration in it as we are stuggling to make this work...
Would you be willing to share the text of your config profile, I am trying to build the profile for a non-jamf mdm, and I"m not 100% on the exact key names / values I need.