Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9652: User Approval of MDM enrollment introduced with macOS High Sierra 10.13.2

Centrify Identity Service, App Edition ,   Centrify Identity Service, App Plus ,  

5 January,18 at 05:00 PM

Question:

User Approval of MDM enrollment has been introduced with macOS High Sierra 10.13.2. How does that impact Mac enrollment with Centrify Identity Platform?

Apple Reference for User Approved MDM enrollment: (link provided as a courtesy and subject to change):
https://support.apple.com/en-us/HT208019



Answer:

An Administrator or User will now see a notice under the Centrify Identity Platform Profile, indicating: "Functionality may be limited until this profile is approved.":

User-added image

In working with Apple, Centrify noticed the following two things;
 
1. Users do not need to approve the profile and it does not affect any MDM profiles.

2. As of 10.13.2, the only MDM functionality that will be unavailable to a un-approved MDM enrollment is the ability to install the new (to 10.13.2) "Secure Kernel Extension Loading" payload. Centrify does not do 'Secure Kernel Extension Loading' in the MDM profiles.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-10010: FileVault2 fails to initiate for macOS 10.13.x High Sierra systems using Centrify Group Policy and/or cannot add a mobile account as a FileVault unlocker account articleKB-9048: Login fails after installing macOS High Sierra with Centrify DirectControl Agent for Mac articleKB-5765: How to block OS X updates via Group Policy articleKB-3016: Troubleshooting steps for mobile device enrollment articleKB-2798: How to setup a workstation-authentication certificate for auto-enrollment for Mac OS X. articleKB-6963: Mac re-enrollment fails because certificate-based profiles from the previous enrollment fail to remove articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-4275: How to setup a user-authentication certificate for auto-enrollment for Mac OS X. articleKB-10410: Recovery key not send back to Active Directory for OS X 10.13.x and Centrify 5.5.x after enabling FileVault