>
    Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Mobile Device Management
    4. Suppress Notifications on the GlobalProtect App for macOS Endpoints
    5. Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints
    Download PDF
    GlobalProtect

    Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints

    Table of Contents

    Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints

    Starting with macOS 10.13, Apple introduced a software change that requires users to approve kernel extensions before they can use them.
    While users can manually enable the kernel extension on macOS (System PreferencesSecurity & Privacy and selecting Allow for the kernel extension), you can use any Qualified MDM vendor to create a policy and automatically approve the kernel extension. Apple Technical Note TN2450 describes the process.
    The following workflow has been tested using Workspace ONE.
    1. Create a kernel extension policy.
      1. Log in to Workspace ONE UEM as an administrator.
      2. Select DevicesProfiles & ResourcesProfiles, and then select AddAdd Profile from the drop-down.
      3. In the Add Profile area, click Apple macOS, and then click the Device Profile icon.
      4. In the General area, specify the name for the profile.
        You can also select an existing kernel extension profile (DevicesProfiles & ResourcesProfiles) in the list.
    2. Add a kernel extension and distribute the relevant policy to macOS devices.
      1. Select Kernel Extension Policy.
      2. Enter the Team Identifier used by the GlobalProtect app (PXPZ95SK77).
      3. Enter the Bundle ID (com.paloaltonetworks.kext.pangpd).
      4. Click Save and Publish to save your changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.