How Setting Up PPPC Profiles Can Improve Security on macOS Devices
Managing Apple devices for your team or organization involves several layers of device protection. It’s crucial that individual devices and applications have secure pathways on which to run. Otherwise, you may expose your entire framework to cybersecurity threats and vulnerabilities.
To provide individual users with increased data protection and privacy, Apple implemented a new security feature in macOS 10.14 and above, requiring user consent before any app or process could access protected files or application data. This change had notable implications for users of corporate-owned devices, which are subject to company settings and privacy guidelines.
For IT admins managing Macs, this created a challenge for remote deployment of applications. User consent would now be required before certain actions could be performed on a device. Not only would consent prompts be disruptive to users, they could also be ignored, leaving IT admins unable to accomplish their work.
To combat these challenges, Addigy provides IT admins the ability to manage consent approvals on behalf of their users through PPPC, or Privacy Preferences Policy Control.Â
In this post, we’ll discuss what PPPC profiles are and how you can leverage them. Keep reading to learn more about setting up and maintaining PPPC profiles on the Apple devices in your work environment.
What are PPPC Profiles?
The  Privacy Preferences Policy Control (PPPC) profile allows administrators to grant or deny specific applications access to device features and tools without consent prompts for end users.Â
Enforcing a PPPC payload negates the need for administrative intervention for granting access to certain apps. In many scenarios, apps will request extra accessibility privileges (which is the case with SentinelOne or Sophos).Â
Create and Deploy a PPPC Payload
Before you create and deploy a PPPC payload with Addigy, it is best practice to confirm the PPPC permissions required for an application by first installing it on a test machine. Also, it’s recommended that you have only one PPPC payload per software. This is because multiple PPPC payloads for the same software can conflict with each other and cause unwanted behavior.Â
The process for creating and deploying a new payload within Addigy is threefold.
- Get the bundle identifier and code requirement
- Create a new PPPC payload
- Deploy your payload to a specific policy
For detailed instructions, refer to the Addigy help documentation on creating and deploying new PPPC payloads.
Default PPPC Profiles
When administrators enroll devices in Addigy’s MDM service, the default Privacy Policy Preferences Control profiles for Addigy and its tools are automatically installed. Devices that are not currently part of the MDM functionality may need to be imported from their solution.
For full documentation on changing, uploading, or importing default PPPC profiles, refer to the Addigy help docs.
How a PPPC Profile Improves SecurityÂ
PPPC profiles improve security first and foremost by ensuring the latest macOS technology can be applied to devices. Apple goes to great lengths to provide security assurances internally, and it’s to the benefit of administrators and end users to adopt those policies with each new upgrade.
PPPC profiles also improve corporate or organizational security by controlling or limiting the type of access that apps gain to each device. Without this, non-secure apps could read and secure data from any device (with user consent).
On occasion, users may not know or understand the security implications of the permissions they select. PPPC profiles can reduce honest mistakes or user errors by streamlining what is and is not acceptable in a given environment.Â
Connection to Addigy’s Smart Software
Addigy’s Smart Software helps administrators reduce frustrations associated with packaging and deploying software to macOS devices, particularly those that run on macOS 10.14+ and higher.
With Addigy, Smart Software automatically generates the necessary PPPC profiles for software to install and run. The device user is not prompted for approval, which eliminates wait times and extra steps. On the other hand, administrators can set and deploy preferences without unnecessary delays or hassle.
Use Addigy to Remotely Manage Mac Security and Privacy Preferences
Mac privacy settings are an integral part of maintaining a secure and up-to-date inventory of devices. Your MDM platform should allow you to check these boxes quickly and easily while providing end users with a great experience that empowers them to do their work effectively.
If you’re struggling to maintain remote management of your Mac security and device privacy preferences, sign up for a free Addigy demo to speak with our team today!
