Support Tip: Using system extensions instead of kernel extensions for macOS Catalina 10.15 in Intune

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

By Anya Novicheva | Program Manager, Microsoft Endpoint Manager

 

With the release of macOS Catalina 10.15, Apple has introduced system extensions that are currently working alongside kernel extensions on the device. Apple also announced that with the release of 10.15.4, system extensions will replace kernel extensions entirely. Kernel extensions will not be supported on macOS devices running 10.15.4 and later.  

 

Apple’s goal is to “modernize the platform, improve security and reliability, and enable more user-friendly distribution methods.” System extensions run in the user-space rather than at the kernel level. Thus, the capabilities of the operating system can be extended and the extensions don’t jeopardize the security of the operating system.  Apple documentation about system extensions is available here - https://developer.apple.com/documentation/systemextensions 

 

In macOS 10.15.4, the use of deprecated Kernel programming interfaces (KPIs) triggers a notification to the user that the software includes a deprecated API and asks the user to contact the developer for alternatives. The user will then be asked to contact the software developer for a substitute. To transition your kernel extensions for any apps you may have with them, Apple’s documentation points here -https://developer.apple.com/support/kernel-extensions/ 

 

Currently you can configure the kernel extensions payload in the Device configuration profiles blade for macOS under Profile type “Extensions”. These settings will continue to stay in the admin console. Were working on a native experience for the system extensions payload as well. In the meantime, to configure the system extensions payload you can use custom configuration to send the profile (.mobileconfig file) down to your devices. Please note that system extensions require macOS devices running 10.15 and later, with user approved device enrollment. When multiple system extensions profiles are installed, the keys are combined as follows:  

  • AllowUserOverrides is false if any profile sets it to false. 
  • All the other values are combined together. 

 

System extensions payload documentation for configuring system extensions is here) - https://developer.apple.com/documentation/devicemanagement/systemextensions 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.