Create a Mac Allow Standard Users to Approve Screen Share Policy

Some apps and websites can access and record the contents of your screen on your Mac device. This policy lets you select and control which apps and web sites standard users are allowed to record and share the contents of their screen. This policy works on all JumpCloud-supported macOS devices.

Starting with macOS Big Sur, end-users with standard permission no longer have the ability to grant applications the permissions to screen share and record unless explicitly granted access via an MDM payload.

A list of applications that have permissions to screen record can be found  in System Preferences > Privacy & Security > Screen & System Audio Recording.

To create an Allow Standard Users to Approve Screen Sharing & Recording policy for Mac:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
  2. Go to DEVICE MANAGEMENT > Policy Management.
  3. In the All tab, click (+).
  4. On the New Policy panel, select the Mac tab.
  5. Select the Allow Standard Users To Approve Screen Sharing & Recording policy from the list, then click configure.
  6. (Optional) In the Policy Name field, enter a new name for the policy or keep the default. Policy names must be unique.
  7. (Optional) In the Policy Notes field, enter details like when you created the policy, where you tested it, and where you deployed it.
  8. Under Settings, select the applications that you want to grant screen sharing and recording permissions.

Note:

The Authorization Key in the ScreenCapture payload is set to AllowStandardUserToSetSystemService for applications selected from the policy Settings. This allows end users with standard permissions to allow these applications to screen share.

  1. (Optional) Select the Device Groups tab. Select one or more device groups where you’ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
  2. (Optional) Select the Devices tab. Select one or more devices where you’ll apply this policy.
  3. Click save.

Note:
  • Devices must have user approved JumpCloud MDM profiles for this policy to be applied successfully.
  • Applications must be installed on the local system in addition to selected in this policy to show up in system preferences.
  1. To grant permissions to the selected apps in the policy, go to System Preferences > Privacy & Security > Screen & System Audio Recording and manually grant permissions.

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case