Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MacOS Scripted Deployment - Security Permissions

Hi Sophos Community,

I'm looking for some guidance. We have a requirement to deploy Sophos Endpoint to a number of MacOS devices. This guide has proved useful https://support.sophos.com/support/s/article/KB-000035045?language=en_US

However we find this incomplete as the Mac user then must perform additional steps, namely doc.sophos.com/.../index.html to enable Sophos protection. This has proved difficult to manage - does anyone have experience on how the security permissions element be automated / scripted?

We have an RMM tool which we can run remote commands using. The result should be that when deploying MDR. the changes to security permissions as part of installation. Can anyone help?



This thread was automatically locked due to age.
Parents
  • Hi Jay, I have been successful using Intune. I tried posting my code but the forum ate the post as "Spam"

    However, i'll suggest this.

    If you extract your Sophos install ZIP, you'll find some mobileconfig files for different MacOS versions, deploying these through your MDM solution should set the access permissions needed.

    I have our MDM check if the Sophos folder exists in /Applications, if not, it downloads the install from our tenant (just grabbed the install URL), installs, and if the MDM applied the Mobileconfig, extensions, notifications, and file access should be set to acceptable settings.

Reply
  • Hi Jay, I have been successful using Intune. I tried posting my code but the forum ate the post as "Spam"

    However, i'll suggest this.

    If you extract your Sophos install ZIP, you'll find some mobileconfig files for different MacOS versions, deploying these through your MDM solution should set the access permissions needed.

    I have our MDM check if the Sophos folder exists in /Applications, if not, it downloads the install from our tenant (just grabbed the install URL), installs, and if the MDM applied the Mobileconfig, extensions, notifications, and file access should be set to acceptable settings.

Children
No Data