Any kernel extensions signed with the team IDs you enter are allowed and trusted. Meaning, only extensions included in the configuration profile are allowed.įor more information on this feature, see user-approved kernel extension loading (opens Apple's web site).Īllowed Team Identifiers: Use this setting to allow one or many team IDs. By default, the OS might prevent users from allowing extensions not included in the configuration profile. When set to Not configured (default), Intune doesn't change or update this setting. Settings apply to: User approved device enrollment, Automated device enrollmentĪllow User Overrides: Yes lets users approve kernel extensions not included in the configuration profile. If you use the kernel extensions settings, then consider excluding macOS devices with M1 chips from receiving the kernel extensions profile. This behavior is a known issue, with no ETA.įor any macOS devices running 10.15 and newer, we recommend using system extensions (in this article). Kernel extensions don't work on macOS devices with the M1 chip, which are macOS devices running on Apple silicon.
