MDM auto-approve NETransparentProxyManager configuration (App proxy)

Hello, I'd like to know if it is possible to pre-approve NETransparentProxyManager configuration using Apple MDM software or third party alternative like jamf, so that users won't see the approval dialogue. If so, is there any documentation for it?

Thanks, Jakub

Answered by Systems Engineer in 680586022

I'd like to know if it is possible to pre-approve NETransparentProxyManager configuration using Apple MDM software or third party alternative like jamf

I have asked around about this in the past and pre-approving the Network Configuration used to be not possible and was an Enhancement Request. However, recently, there seems to be some movement on this so here is what I will recommend: try setting the following in a profile:

<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
...
<key>VPN</key>
<dict>
	<key>ProviderBundleIdentifier</key>
	<string>com.example.apple-yourtransparent-proxy</string>
	<key>ProviderDesignatedRequirement</key>
	<string>The Provider's DesignatedRequirement</string>
	<key>ProviderType</key>
	<string>app-proxy</string>
</dict>

com.apple.vpn.managed

Along with the other values that make sense. If this does not work, then please open a bug report and provide the Feedback ID here.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

There’s two parts to configuring a transparent proxy:

  • Enabling the sysex

  • Setting up the NE configuration

You can do the former using the com.apple.system-extension-policy payload. I’m not sure about the latter, so let’s ask Matt…

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

I'd like to know if it is possible to pre-approve NETransparentProxyManager configuration using Apple MDM software or third party alternative like jamf

I have asked around about this in the past and pre-approving the Network Configuration used to be not possible and was an Enhancement Request. However, recently, there seems to be some movement on this so here is what I will recommend: try setting the following in a profile:

<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
...
<key>VPN</key>
<dict>
	<key>ProviderBundleIdentifier</key>
	<string>com.example.apple-yourtransparent-proxy</string>
	<key>ProviderDesignatedRequirement</key>
	<string>The Provider's DesignatedRequirement</string>
	<key>ProviderType</key>
	<string>app-proxy</string>
</dict>

com.apple.vpn.managed

Along with the other values that make sense. If this does not work, then please open a bug report and provide the Feedback ID here.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
MDM auto-approve NETransparentProxyManager configuration (App proxy)
 
 
Q