Device Management Profile

SystemPolicyKernelExtensions

The payload for configuring the kernel extension policies.

Properties

The dictionary representing a set of kernel extensions that are always allowed to load on the computer. The dictionary maps team identifiers (keys) to arrays of bundle identifiers.

AllowedTeamIdentifiers
[string]

The array of team identifiers that define which validly signed kernel extensions are allowed to load.

AllowUserOverrides
boolean

If true, users can approve additional kernel extensions that aren't explicitly allowed by configuration profiles.

Discussion

Specify com.apple.syspolicy.kernel-extension-policy as the payload type.

Profile Availability

Device Channel

macOS

User Channel

-

Allow Manual Install

-

Requires Supervision

-

Requires User Approved MDM

macOS

Allowed in User Enrollment

-

Allow Multiple Payloads

macOS

Topics

Objects

object SystemPolicyKernelExtensions.AllowedKernelExtensions

The dictionary representing a set of kernel extensions.

See Also

System Policy

object SystemPolicyControl

The payload for configuring the system policy for assessments.

object SystemPolicyManaged

The payload for configuring the Finder's contextual menu to bypass the system policy.

object SystemPolicyRule

The payload for configuring the system policy.