m_agent Events access

Solved
_aDiedericks
Getting noticed

m_agent Events access

Hi there,

Can anyone confirm if m_agent on MacOS requires any System Extension permissions to be added. We're seeing the below popup when pushing a notification to devices that have m_agent privacy permissions already configured for accessibility, full disk access and screen record.

Screenshot 2022-06-22 at 17.21.05.png

1 Accepted Solution
MattMorg
Meraki Employee
Meraki Employee

macOS devices should get a profile (automatically) called "Meraki Agent Settings for {network_name}". This profile contains all the appropriate Privacy Preferences Policy Control (PPPC) settings for the SM agent to function. First check and see if this profile is installed or not, you should see it installed locally in the Systems Preferences app on macOS, or in the Profile List in Dashboard. If this profile is installed fine but not enabling these permissions, please open a support case and share the example device + SM agent version. Also, if there's a specific action (such as send notification) causing this prompt, please share it in the support case for further review. Thank you! 

View solution in original post

6 Replies 6
MattMorg
Meraki Employee
Meraki Employee

macOS devices should get a profile (automatically) called "Meraki Agent Settings for {network_name}". This profile contains all the appropriate Privacy Preferences Policy Control (PPPC) settings for the SM agent to function. First check and see if this profile is installed or not, you should see it installed locally in the Systems Preferences app on macOS, or in the Profile List in Dashboard. If this profile is installed fine but not enabling these permissions, please open a support case and share the example device + SM agent version. Also, if there's a specific action (such as send notification) causing this prompt, please share it in the support case for further review. Thank you! 

We're seeing a similar issue onboarding Sophos onto the end user's machine our process if manual.
1. Enroll via enrollment string

2. Wait for PPPC to be pushed to the machine
3. Install Sophos

Once we install Sophos we still get a message like the above for a system extension that's made for Network Filtering even though we've added it to System Extension config in profiles   

You are 100% correct, we had a few causes where the above popup appeared. None of those devices have the SM agent policy pushed

JRogers
Comes here often

Is this profile automatically created in the Meraki Dashboard, or is this something we must create?

I ask because I have a profile in Meraki Dashboard that is named Meraki Agent Settings for ...  However, it is a "custom Apple profile"  (.mobileconfig).

It's been a while, and I can't remember if this is something I did, or if this just appeared.

We are seeing issues where this profile is installed, but end user is still being prompted to allow.

@JRogers the profile for the agent's permissions should be created automatically. If you're not seeing that: make sure the device is enrolled with the MDM profile (not just the agent), and using a newer version of the agent (anything over 3.1.X should be good) which can be set in SM > Configure > General. After that, the agent's permission profile should be installed from SM automatically on macOS devices. 

Richard_W
A model citizen

So why am I still not able to control via remote access/screenshot without the screenshot from above. I posed this question to support and they stated that I had to deploy my own PPPC and that @MattMorg  was incorrect in his statements. Any solutions?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels