How to deploy Full Disk Access permissions to the Exclaimer Cloud Signature Agent for macOS via Intune

You have deployed the Exclaimer Cloud Signature Update Agent for macOS via Intune by following the steps outlined here: Install Exclaimer Cloud Signature Update Agent for macOS. Now, you would like to deploy the Full Disk Access settings required by the application.

Resolution

To deploy the Full Disk Access settings:

1. Log in to the Endpoint Manager https://endpoint.microsoft.com.

2. Navigate to Devices > Configuration Profiles.

3. Click + Create Profile.

4. Under Platform, select macOS.

5. Under Profile Type, select Templates.

6. Under Template name, select Device restrictions.

7. Click Create.

8. Enter a name for your policy; example: "Exclaimer Full Disk Access".

9. Enter a description - this step is optional.

10. Click Next.

11. Expand Privacy preferences, then click Add.

12. In Name enter Exclaimer Signature Agent.

13. In Identifier type enter Bundle ID.

14. In Identifier enter com.exclaimer.csua.

15. In Code requirement enter
    identifier "com.exclaimer.csua" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = EEUF3NPG73
    

16. In Full disk access select Allow.

17. Click Save, then click Next.

18. In Assignments, select the required Mac devices.

19. Click Next, then click Create.

CAUTION! The method described above will not show the app as having full disk access in System Preferences > Security and Privacy; however, it will show up in System Preferences > Profiles, similar to this: