>
    Non-Removable System Extensions on macOS Sequoia Endpoints Using Jamf Pro
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Mobile Device Management
    4. Manage the GlobalProtect App Using Jamf Pro
    5. Manage the GlobalProtect App for macOS Using Jamf Pro
    6. Enable System and Network Extensions on macOS Endpoints Using Multiple Configuration Profiles
    7. Non-Removable System Extensions on macOS Sequoia Endpoints Using Jamf Pro
    Download PDF
    GlobalProtect

    Non-Removable System Extensions on macOS Sequoia Endpoints Using Jamf Pro

    Table of Contents

    Non-Removable System Extensions on macOS Sequoia Endpoints Using Jamf Pro

    Non-Removable System Extensions on macOS Sequoia Endpoints Using Jamf Pro
    Where Can I Use This?What Do I Need?
    • GlobalProtect Subscription License
    • Prisma Access Mobile Users license (for use with Prisma Access)
    • GlobalProtect Gateway license (for use with PAN-OS)
    • GlobalPortect app version 6.2.6 and later
    • Endpoints running macOS 15 (Sequoia)
    You can now use the new system extension type Non-removable system extensions from UI introduced by Jamf Pro for the devices running on macOS 15 Sequoia or later versions to prevent the end users from disabling the GlobalProtect system extensions on the endpoints. GlobalProtect app version 6.2.6 and later supports macOS 15 Sequoia. This functionality is available only for the devices running on macOS 15 Sequoia or later versions.
    You can configure this feature to prevent the end users from disabling GlobalProtect system extensions on their endpoints thereby reducing the risks associated with disabled system extensions.
    Previously, end users could disable the GlobalProtect system extension through the MDM settings (GeneralSettingsNetwork Extensions.) However, with this new feature, the Non-removable system extensions from UI system extension type in Jamf Pro restricts users from disabling the GlobalProtect system extension.
    1. Upgrade the GlobalProtect app to version 6.2.6 or later.
    2. Upgrade the macOS to version 15 Sequoia or later.
    3. In the mobile device management (MDM), Jamf Pro, create a configuration profile to prevent end users from removing GlobalProtect system extensions.
      1. Enter a Display Name.
      2. Set the System Extension Type as Non-removable system extensions from UI while configuring Configuration Profile.
      3. Enter the Team Identifier for the GlobalProtect app (PXPZ95SK77).
      4. Save the configuration profile.
      After you enable the Non-removable system extensions from UI, end users will not be able to disable the GlobalProtect system extension.
      If the GlobalProtect system extensions are disabled by the end-user, the following GlobalProtect features do not work:
      • Split-tunnel by Domain
      • Split-tunnel by App
      • Enforcer
      • Split-DNS
      • Traffic Enforcement

    © 2024 Palo Alto Networks, Inc. All rights reserved.