NETransparentProxyManager configuration via MDM

Developer Tools & Services General
eldred OP
Created Dec ’20
Replies 5
Boosts 0
Views 756
Participants 3
Hello,

I'm developing an app with with Network Extension (NEAppProxyProvider). At launch of the application a configuration of the network interface is normally saved to System Preferences via call [NETransparentProxyManager saveToPreferencesWithCompletionHandler:]. Then a dialog about allowing the network configuration appears to user and everything works fine.

But for some users I need to provide a MDM .plist so that they can push this network configuration to their Macs, because they don't want the configuration approval dialog to appear.

Is it possible to create such MDM .plist for this type of network extension configuration?
Replies  5
Boosts  0
Views  756
Participants  3
Systems Engineer OP
Apple
Dec ’20
I have not tried this with NETransparentProxyManager and NEAppProxyProvider on macOS, but I suspect if you needed to setup a MDM profile to configure the NETunnelProviderProtocol and you could take a look at the reference for VPN on the Profile-Specific Payload Documentation as a cross reference. Also, you should try loading up Configurator 2 and creating a few profiles to what the options are available between the two. This is where I would start.

Regarding:

But for some users I need to provide a MDM .plist so that they can push this network
configuration to their Macs, because they don't want the configuration approval dialog
to appear.

For a NEAppProxyProvider this is not possible. You can auto-approve the System Extension prompt with this payload, but not the Network Configuration prompt.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Matusss OP
Apr ’21
Matt, is adding this function in Apple's to-do list to auto-approve Network Configuration prompt it via MDM (like JAMF)?
If yes, when it's expected to be released?

You can imagine that allowing to accept/decline dialog to the user in a company is not the best idea.

Thank you
0
Systems Engineer OP
Apple
Apr ’21

auto-approve Network Configuration

I do not know if this is on a road map or not. However, allowing users to know when they are installing a network configuration is important. This makes them aware and consent to what is being installed on their machine.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Matusss OP
Apr ’21
I fully agree, that if Macs are not managed, such consent is required - it's according to long-term Apple Privacy initiative and openness to the user.
However, the situation is different in case Macs are managed, where admin is the one who is giving consent in name of all users. But in such case, it's not possible as Apple is not allowing it via MDM tools.

I'd very much like to ask you to find of, if it is or not on a roadmap. If not, what could we do to influence the decision?

Thank you
0
Systems Engineer OP
Apple
Apr ’21

If not, what could we do to influence the decision? 

You can open an enhancement request for such an API or a setting to perform this behavior.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
NETransparentProxyManager configuration via MDM
First post date Last post date
 
 
Q