Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Replies 4 replies
  • Subscribers 13 subscribers
  • Views 1956 views
  • Users 0 members are here
Options
Suggested

MacOS Agent Deployment via Intune - Allowing System Extensions

Jason Bristow

Hello,

I am looking for help with deploying Sophos Endpoint to MacOS via Intune. Specifically, I would like help configuring the configuration profile to set the permissions for:

  • Full Disk Access
  • system extensions
  • notifications

You have a good article for Jamf Pro available here Installing Endpoint Protection using Jamf Pro - Sophos Central Admin which details downloading the .mobileconfig files and uploading them to Jamf. I'm looking for something similar to this I can use with Intune.

This will prevent us having to manually allow the system extensions, disk access and notifications after the package is installed.

Thank you,

Jason



Added tags
[edited by: GlennSen at 7:46 AM (GMT -8) on 4 Nov 2024]
Parents Reply
  • 0 in reply to Qoosh

    Hi   Thanks for posting that article, that's exactly what I've been trying to do but the .mobileconfig doesn't import into Intune. I don't know if it's corrupt or just doesn't support Intune since it seems to import properly when I try it on a Jamf Pro environment.

    I'm hoping that Sophos can create a new profile/XMF file that we can use for Intune and provide instructions. Is that doable?

Children
  • +1 in reply to Jason Bristow

    Try doing the following on a macOS device. 

    • Download the installer
    • Move the .mobileconfig file to a directory of your choice
    • Open Terminal
    • Enter the command "security cms -D -i name_of_config_file.mobileconfig > NewMobileconfig.xml"

    Without the chevron, this will just output the contents of the .mobileconfig to the terminal if you'd like to inspect/confirm the contents beforehand. 

    Let me know if you find success with the resulting XML file as I'm certain others will also find this helpful.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    The steps you provided are helpful and worked to convert the mobileconfig into an XML that Intune can read.


    I would like to have Sophos update the documentation to provide steps specifically for Intune deployment, so the process is vetted and can be followed easily by others.

    Is it possible for Sophos to do internal testing with Intune deployment and update the documentation?

Unfiltered HTML