We are currently looking at making the jump over from JAMF to Meraki - partially give us more control over other non-apple devices. (which we will be deploying in the future ) for the moment we are pretty much 100% MacOS based. (just portable systems, not IOS)
I've hit a pretty hard block though, and I'm hoping others here have run into this and can provide me with some ideas.
User Approved Kernel Extensions. the Kextpocylipse.
Introduced in 10.13.2 this was a major major impact across all of our managed systems.
Cisco anyconnect, crowdstrike, vmware fusion, google file stream, and multipe other applications are part of our standard system deployment. The end users needing to go into system pref/security and hit "allow" each time they try to run these apps (the first time) after upgrading, is totally unacceptable. I have many users who will NOT go and do this - as such, things like our endpoint protection (crowdstrike) will not even be able to run. I still have a good 50% of my user base running 10.12.x - When they upgrade all of them will hit this wall, UNLESS I have some sort of profile I can push out to them. If it applies fast enough during login, they may not get the wall of "system extension blocked!" error messages (I had almost 12 of them when I first upgraded)
In JAMF I was able to use their user approved kernel extensions policy to specify a list of team pre-approved TeamIDs - thus making the system just automatically allow these applications to work, without the user having to go into system preferences/security and hit "allow"
I'm now trying to figure out how I can accomplish this in Meraki Systems Manager - they do not (yet?) have a payload option for this -
Is there a 3rd party program I can use to make a whitelist profile, then user Systems Manager to push it to my 10.13.2+ systems?
I tried Apple Configurator 2, but it doesn't have a kext part as of yet.
I'm stuck in a hard place here. What have any of you done to get past this?