Scenario
You have deployed the Exclaimer Cloud Signature Update Agent for macOS via Intune by following the steps outlined here: Install Exclaimer Cloud Signature Update Agent for macOS. Now, you would like to deploy the Full Disk Access settings required by the application.
Resolution
To deploy the Full Disk Access settings:
-
Log in to the Endpoint Manager https://endpoint.microsoft.com.
-
Navigate to Devices > Configuration Profiles.
-
Click + Create Profile.
-
Under Platform, select macOS.
-
Under Profile Type, select Templates.
-
Under Template name, select Device restrictions.
-
Click Create.
-
Enter a name for your policy; example: "Exclaimer Full Disk Access".
-
Enter a description - this step is optional.
-
Click Next.
-
Expand Privacy preferences, then click Add.
-
In Name enter Exclaimer Signature Agent.
-
In Identifier type enter Bundle ID.
-
In Identifier enter com.exclaimer.csua.
-
In Code requirement enter:
identifier "com.exclaimer.csua" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = EEUF3NPG73 -
In Full disk access select Allow.
-
Click Save, then click Next.
-
In Assignments, select the required Mac devices.
-
Click Next, then click Create.
The method described above will not show the app as having full disk access in System Preferences > Security and Privacy; however, it will show up in System Preferences > Profiles, similar to this:
