{"id":75949,"date":"2023-05-17T13:32:04","date_gmt":"2023-05-17T17:32:04","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=75949"},"modified":"2023-06-05T13:11:02","modified_gmt":"2023-06-05T17:11:02","slug":"create-mac-kernel-extensions-policy","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy","title":{"rendered":"Create a Mac Kernel Extensions Policy"},"content":{"rendered":"\n<p>Some macOS apps require access to macOS Kernel Extensions (kexts), which can perform low-level tasks. JumpCloud\u2019s Kernel Extensions Policy lets you preapprove access to specific Kernel Extensions before or after the app installation. This saves you time when managing Apple devices with Mobile Device Manager (MDM) because you don\u2019t have to ask the end user to handle approvals because the policies are automatically approved.<\/p>\n\n\n\n<p>This Kernel Extensions Policy requires a Team ID and Bundle ID for the app that you want to preapprove.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Kernel Extensions are of limited use beginning with macOS 11 Big Sur. Apple has deprecated a number of\u00a0<a href=\"https:\/\/developer.apple.com\/support\/kernel-extensions\/\" target=\"_blank\" rel=\"noreferrer noopener\">key features of Kernel Extensions<\/a>\u00a0with macOS 11 Big Sur, and provided additional options for System Extensions. Organizations should not expect Kernel Extensions to work on Apple silicon devices without manual interventions and decreased security. Because of that, and because of the deprecation warnings from Apple regarding their use, organizations should consider replacing any Kernel Extensions with System Extensions.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Locating the Team ID and Bundle ID<\/h2>\n\n\n\n<p>MacOS system services rely on code-signing information to identify apps that access key resources. Every signed, compiled app on macOS has a code signature that identifies the process that is running the app. Only signed apps can access these key system services, and Apple silicon Macs require signed apps. All Kernel Extensions are signed with a code-signing certificate that contains the Team ID of the organization that is responsible for the application.\u00a0<\/p>\n\n\n\n<p>To locate an app\u2019s Team ID and Bundle ID:<br>These instructions help you find the Team ID and Bundle ID so that you can set up access for an app that requires a Kernel Extension. The procedure uses a sample app called MacFUSE, an open source project that allows macOS devices to read and write alternative file systems that are not natively supported by the OS. You\u2019ll substitute the app that requires a Kernel Extension.<\/p>\n\n\n\n<ol>\n<li>Run this command in Terminal to open a SQLite3 database:<\/li>\n<\/ol>\n\n\n\n<p><code>sqlite3 \/var\/db\/SystemPolicyConfiguration\/KextPolicy<\/code><\/p>\n\n\n\n<p>The device must have Kernel Extensions installed and approved.<\/p>\n\n\n\n<ol start=\"2\">\n<li>Run this command to view the Team ID and Bundle ID:&nbsp;<\/li>\n<\/ol>\n\n\n\n<p><code>SELECT * FROM kext_policy;<\/code><\/p>\n\n\n\n<p>The resulting list contains all active non-Apple Kernel Extensions and their Bundle IDs. For example, this list is from a device with MacFUSE and other extensions installed:<br><code>3T5GSNBU6W|io.macfuse.filesystems.macfuse|1|Benjamin Fleischer|1<br>FC94733TZD|com.ATTO.driver.ATTOThunderLinkFC16|1|ATTO Technology, Inc.|1 EQHXZ8M8AV|com.google.drivefs.filesystems.dfsfuse|1|Google, Inc.|1 Y2CCP3S9W7|com.symantec.kext.wssa|0|Broadcom Inc|4<\/code><\/p>\n\n\n\n<ol start=\"3\">\n<li>Locate the Team ID, which is the first value. For MacFUSE, it\u2019s\u00a0<code>3T5GSNBU6W<\/code>.<\/li>\n\n\n\n<li>Locate the Bundle ID, which is the second value. For MacFUSE, it\u2019s\u00a0<code>io.macfuse.filesystems.macfuse<\/code>.<\/li>\n\n\n\n<li>In JumpCloud\u2019s Kernel Extension Policy, add the Team ID and Bundle ID. For instructions, See\u00a0<a href=\"https:\/\/jumpcloud.com\/support\/create-mac-application-privacy-preferences-policy\" target=\"_blank\" rel=\"noreferrer noopener\">Create a Mac ApplicationPrivacy Preferences Policy<\/a>.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Some macOS apps require access to macOS Kernel Extensions (kexts), which can perform low-level tasks. JumpCloud\u2019s Kernel Extensions Policy lets [&hellip;]<\/p>\n","protected":false},"author":202,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852,2862,3082],"support_tag":[],"coauthors":[2836],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create a Mac Kernel Extensions Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn to create a Mac Kernel Extensions Policy to preapprove access to specific Kernel Extensions before or after the app installation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Mac Kernel Extensions Policy\" \/>\n<meta property=\"og:description\" content=\"Learn to create a Mac Kernel Extensions Policy to preapprove access to specific Kernel Extensions before or after the app installation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-05T17:11:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"denasteward\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy\",\"url\":\"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy\",\"name\":\"Create a Mac Kernel Extensions Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-05-17T17:32:04+00:00\",\"dateModified\":\"2023-06-05T17:11:02+00:00\",\"description\":\"Learn to create a Mac Kernel Extensions Policy to preapprove access to specific Kernel Extensions before or after the app installation.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create a Mac Kernel Extensions Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create a Mac Kernel Extensions Policy - JumpCloud","description":"Learn to create a Mac Kernel Extensions Policy to preapprove access to specific Kernel Extensions before or after the app installation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy","og_locale":"en_US","og_type":"article","og_title":"Create a Mac Kernel Extensions Policy","og_description":"Learn to create a Mac Kernel Extensions Policy to preapprove access to specific Kernel Extensions before or after the app installation.","og_url":"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy","og_site_name":"JumpCloud","article_modified_time":"2023-06-05T17:11:02+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"denasteward"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy","url":"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy","name":"Create a Mac Kernel Extensions Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-05-17T17:32:04+00:00","dateModified":"2023-06-05T17:11:02+00:00","description":"Learn to create a Mac Kernel Extensions Policy to preapprove access to specific Kernel Extensions before or after the app installation.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/create-mac-kernel-extensions-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create a Mac Kernel Extensions Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75949"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/202"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75949\/revisions"}],"predecessor-version":[{"id":85989,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75949\/revisions\/85989"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75949"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75949"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75949"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}