{"id":74566,"date":"2023-06-05T13:09:52","date_gmt":"2023-06-05T17:09:52","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=74566"},"modified":"2024-09-13T11:52:44","modified_gmt":"2024-09-13T15:52:44","slug":"create-mac-system-extension-policy","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy","title":{"rendered":"Create a Mac System Extension Policy"},"content":{"rendered":"\n<p>The MacOS System Extension policy lets you pre-approve specific System Extensions before they are installed.\u00a0System Extensions run in the user space, rather than in the kernel space like Kernel Extensions do.\u00a0System Extensions are an important way to support Mobile Device Management (MDM) because they allow extensions to load without user interaction.\u00a0<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>MacOS 15 Sequoia will disable the option to toggle system extensions under\u00a0<strong>System Settings &gt; General &gt; Login Items &amp; Extensions &gt; Endpoint Security Extensions<\/strong>\u00a0for end users.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>To create a macOS System Extension policy<\/strong>:<strong>\u00a0<\/strong><\/p>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/login\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to&nbsp;<strong>DEVICE MANAGEMENT<\/strong>&nbsp;&gt;&nbsp;<strong>Policy Management<\/strong>.<\/li>\n\n\n\n<li>In the&nbsp;<strong>All<\/strong>&nbsp;tab, click (<strong>+<\/strong>).<\/li>\n\n\n\n<li>On the&nbsp;<strong>New Policy<\/strong>&nbsp;panel, select the&nbsp;<strong>Mac<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>Select&nbsp;<strong>System Extension Policy&nbsp;<\/strong>from the list, then click&nbsp;<strong>configure<\/strong>.<\/li>\n\n\n\n<li>(Optional) In the <strong>Policy Name<\/strong> field, enter a new name for the policy or keep the default. Policy names must be unique.<\/li>\n\n\n\n<li>(Optional) In the&nbsp;<strong>Policy Notes<\/strong> field, enter details like when you created the policy, where you tested it, and where you deployed it.<\/li>\n\n\n\n<li>Enter your application\u2019s&nbsp;<strong>Apple Team ID<\/strong>&nbsp;for the System Extension you want to preapprove.&nbsp;For instructions on locating your Team ID and Bundle ID, see&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/create-mac-application-privacy-preferences-policy\">Create a Mac Application Privacy Preferences Policy<\/a>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Add Bundle ID<\/strong>&nbsp;and enter the unique identifier for the System Extension you want to preapprove. For example,&nbsp;com.webfilter_cloud.se-agent.extension.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Security Extension<\/strong>&nbsp;to preapprove Endpoint Security Framework as the extension type for this app.&nbsp;For example, an antivirus software app can monitor system events to improve security.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Driver Extension<\/strong>&nbsp;to preapprove Hardware Driver Framework as the extension type for this app.&nbsp;For example, a driver for USB or Serial devices can perform installations.<\/li>\n\n\n\n<li>Select&nbsp;<strong>Network Extension<\/strong>&nbsp;to preapprove Network Extension Framework as the extension type for this app. Examples include a content filter, DNS proxy, or VPN client and require the following fields:\n<ul>\n<li><strong>Filter Data Provider Bundle ID<\/strong>&nbsp;&#8211; Enter the unique identifier for the Data Provider included in your System Extension. Locate this identifier by consulting the documentation for your System Extension. For example,&nbsp;com.webfilter_cloud.se-agent.extension.<\/li>\n\n\n\n<li><strong>Filter Data Provider Designated Requirement<\/strong>&nbsp;&#8211; Paste the code block for the Data Provider included in your System Extension. To locate the code block, see&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/create-mac-application-privacy-preferences-policy\">Create a Mac Application Privacy Preferences Policy<\/a>.<\/li>\n\n\n\n<li><strong>Filter Grade<\/strong>&nbsp;&#8211; Click this field and choose the priority of your filter. Firewall grade traffic is reviewed before Inspector grade traffic.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Select&nbsp;<strong>Filter Packets<\/strong>&nbsp;to let the System Extension monitor inbound and outbound packet traffic.<\/li>\n\n\n\n<li>Select<strong>&nbsp;Filter Sockets<\/strong>&nbsp;to allow the System Extension to monitor inbound and outbound socket traffic.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Filter Type<\/strong>&nbsp;and choose the type of filter you\u2019ll use.&nbsp;<strong>Plugin<\/strong>&nbsp;is the most common filter type.<\/li>\n\n\n\n<li>For&nbsp;<strong>Organization<\/strong>, enter your Organization name if your app requires it.<\/li>\n\n\n\n<li>For&nbsp;<strong>Plugin Bundle ID<\/strong>, enter the unique identifier for the app included in your System Extension.&nbsp;Locate this identifier by consulting the documentation for your System Extension.&nbsp;For example,&nbsp;com.webfilter_cloud.se-agent.extension.&nbsp;Locate this identifier by consulting the documentation for your System Extension. <img decoding=\"async\" width=\"2272\" height=\"1588\" class=\"wp-image-84642\" style=\"width: 800px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png 2272w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy-300x210.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy-1024x716.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy-768x537.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy-1536x1074.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy-2048x1431.png 2048w\" sizes=\"(max-width: 2272px) 100vw, 2272px\" \/><\/li>\n<\/ol>\n\n\n\n<ol start=\"18\">\n<li>(Optional) Select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab. Select one or more device groups where you want to apply this policy.&nbsp;For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Devices<\/strong>&nbsp;tab. Select one or more devices where you want to apply this policy.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Save<\/strong>. If prompted, click&nbsp;<strong>Save<\/strong>&nbsp;again.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>The MacOS System Extension policy lets you pre-approve specific System Extensions before they are installed.\u00a0System Extensions run in the user [&hellip;]<\/p>\n","protected":false},"author":200,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2852,2930],"support_tag":[],"coauthors":[2841],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create a Mac System Extension Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to Create a Mac System Extension Policy so you can preapprove specific System Extensions before they are installed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Mac System Extension Policy\" \/>\n<meta property=\"og:description\" content=\"Learn how to Create a Mac System Extension Policy so you can preapprove specific System Extensions before they are installed.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-13T15:52:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"natecopt\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy\",\"url\":\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy\",\"name\":\"Create a Mac System Extension Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png\",\"datePublished\":\"2023-06-05T17:09:52+00:00\",\"dateModified\":\"2024-09-13T15:52:44+00:00\",\"description\":\"Learn how to Create a Mac System Extension Policy so you can preapprove specific System Extensions before they are installed.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create a Mac System Extension Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create a Mac System Extension Policy - JumpCloud","description":"Learn how to Create a Mac System Extension Policy so you can preapprove specific System Extensions before they are installed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy","og_locale":"en_US","og_type":"article","og_title":"Create a Mac System Extension Policy","og_description":"Learn how to Create a Mac System Extension Policy so you can preapprove specific System Extensions before they are installed.","og_url":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy","og_site_name":"JumpCloud","article_modified_time":"2024-09-13T15:52:44+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes","Written by":"natecopt"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy","url":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy","name":"Create a Mac System Extension Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png","datePublished":"2023-06-05T17:09:52+00:00","dateModified":"2024-09-13T15:52:44+00:00","description":"Learn how to Create a Mac System Extension Policy so you can preapprove specific System Extensions before they are installed.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/03\/Mac_SystemExtension_policy.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/create-mac-system-extension-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create a Mac System Extension Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74566"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/200"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74566\/revisions"}],"predecessor-version":[{"id":115507,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74566\/revisions\/115507"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=74566"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=74566"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=74566"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=74566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}