Flextivity 1.8.2 introduces a new management architecture which requires client devices to be enrolled into an MDM (Mobile Device Management) solution.
In-Depth Explanation
macOS High Sierra 10.13.4 introduces a new security feature that requires user approval or MDM enrollment before loading a newly installed third-party kernel extension.
As a result, Flextivity installs two profiles on the client device:
- Intego Trust Certificate
- Intego MDM Profile
These profiles include high privileges to ensure proper management of the device.
As part of the QFE we issued to ensure proper function in macOS High Sierra, the certificates are using the defaults provided by Apple.
In the upcoming Flextivity 1.9 release, these profiles will be replaced and they will include permissions tailored by the administrator as part of a security policy.
Possible Actions
In the event you do not want to have these profiles on your systems, it is possible to remove them with the following caveats:
- You won’t benefit from the upcoming Flextivity 1.9 remote management update, including features like physical location detection
- You will have to manually approve Intego kernel extensions on each Flextivity client device
If you choose to remove the profiles (not recommended), here is how:
- Open System Preferences
- Go to the ‘Profiles’ section
- Remove the profiles installed with Flextivity. (You will need to type the computer’s admin password)
- Restart the device
- Upon restart, you may be prompted to approve the kernel extensions. If that is the case, macOS will present an alert similar to the one shown in Figure 1.
Figure 1: User approval required
To manually approve the kernel extensions:
- Open System Preferences
- Go to ‘Security & Privacy’
- In the ‘General’ tab, locate the ‘Allow’ button next to the text saying “System software from developer ‘Intego’ was blocked from loading”.
- Restart your device
0 Comments