MDM troubleshooting for MacOS

How to resolve MDM Deployment issues on MacOS

Symptoms

1. Disk space rapidly fills the system directory /Library/SystemExtensions/.staging.
2. Users will receive a “Perimeter 81 Would like to Add Proxy Configurations” notification giving users the ability to “Don’t Allow” connection.
   
3. Users will receive a “System Extensions Blocked” notification until the Perimeter 81 system extensions are enabled.
4. Users cannot log in to the agent with the error "Further steps are needed" after deploying the agent with MDM
   

Solution using an MDM tool

1. Create a Content Filter for Perimeter 81
   • To Create a Content Filter profile, please add the following “Device Profile” with the provided configuration:
     • Filter Type: Plug-in
     • Connection Name: Perimeter 81
     • Identifier: com.safervpn.osx.smb
     • Filter Webkit traffic: Yes
     • Filter Socket Traffic: Yes
     • Socket Filter Bundle ID: com.safervpn.osx.smb
     • Socket Requirement: identifier "com.safervpn.osx.smb" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "924635PD62"
     • Filter Network Pockets: Yes
     • Pocket Bundle ID: com.safervpn.osx.smb
     • Packet Requirement: identifier "com.safervpn.osx.smb" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "924635PD62"
     • Filter Grade: Firewall
       
       
2. Configure P81 System Extensions
   • Navigate to where you add the VPN Payload Profiles and add a “MacOS” profile and context “Device Profile”
     • Allow User Overrides: Yes
     • Allowed System Extension Types: Network
     • Team ID: 924635PD62
     • Bundle Identifier: com.safervpn.osx.smb.proxy