To create an MDM profile for macOS Big Sur and Airwatch / JAMF:
Open the JAMF or Airwatch MDM Server, go to Device > Profiles, and click Add to add a new macOS Profile.
It is important to specify which OS the profile is for to prevent format issues.
- Go to Security and Privacy.
- Under Gatekeeper, select Anywhere or Allow apps outside Mac App store
For more information about macOS' Gatekeeper, read this article from Apple: Using Gatekeeper in macOS deployments.
- Go to Kernel Extension Policy, and tick the Allow User Overrides option.
- Indicate the Allowed Kernel Extensions for Apex Mac Service:
- identifier "com.trendmicro.icore" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32
- identifier "com.trendmicro.tmsm.MainUI" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32
- identifier "com.trendmicro.icore.es" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32
Apple Identifier in exact keywords:
- Go to Privacy Preferences.
- Navigate to the Apple Identifier section, and add the following value to the "Receiver Code Requirement" field:
Identifier "com.apple.systemevents" and anchor apple
After deploying the MDM profile to the Mac machines, configure the browser plugin information and MDM configuration for older versions of macOS. Check the following article for reference: Information needed when configuring MDM Profile for Apex One (Mac).