Forum Discussion
macOS - Privacy Preference Policy Controls - MDM Settings Catalog
Hello Experts
I'm trying to roll out some Privacy Preferences Policy Controls for our macOS devices.
We have a requirement to make our main Mac users 'Standard' users once they have enrolled their Macs. After this, they cannot approve the Privacy Controls within their own user profiles.
Microsoft Endpoint Manager has introduced Settings Catalog within the Configuration Profiles for macOS. We should be able to set the Privacy Controls to automatically approve the setting for users for our most used applications, such as Microsoft Teams, where they require Accessibility and Screen Capture enabled in order to share and give remote control of their screen.
We have created a policy based on the recommendations from Apple for creating the XML/.mobileconfig files, translated these settings into what Microsoft Settings Catalog requires and published the policy to a test group. This all seems to have worked well and the policy is created.
The policy deployment fails on each item within the policy with a type 2 error : error code : 10022
The Mac logs give no suggestion that the policy install has even been attempted.
Endpoint Management portal gives no further information.
I'm hoping one of the Microsoft experts will come across this and be able to shed some light on how we can troubleshoot this further.
Thanks in advance
Steve
- rrenstromBrass Contributor
The work-around I used to eliminate the error code 10022 for SystemPolicyAllFiles Privacy Preferences Policy Control payload settings was to remove the Authorization key in the settings payload, since it shouldn't have this key when using the Allowed key.
As noted in Apple's MDM reference:The Authorization key is an optional replacement for the Allowed key. Every payload must specify either Authorization or Allowed, but not both.
https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services/identity- WyomingBoundCopper Contributor
rrenstrom
This fixed the issue for me.
I removed the "Authorized Parameter" and the policy started working.- VpushpaCopper Contributor
WyomingBound What is the authorization parameter in the code requirements? In the below image, I did not see any word called 'Authorization' or 'Allowed' in the code requirements. Kindly help me understand.
- somesh_pathakIron Contributor
Hi Statler ,
Could you try to use configure the privacy policies using and also please share the error screenshot
Best Regards,
Somesh
If you find this helpful and it answers your question, please mark it as an “Accepted Solution”.
- StatlerCopper Contributor
Hi Somesh
I used that link to create the policy in conjunction with this
https://support.apple.com/en-gb/guide/deployment/dep38df53c2a/web
and this
https://support.apple.com/en-gb/guide/deployment/dep9ddb7e0b5/1/web/1.0This is the screen grab of the errors
and the errors themselves
There is really nothing to go on and in this instance neither Google or Bing are my friend.... 😞
Thanks
Steve
- StatlerCopper ContributorJust a bump to see if Intune_Support_Team notices this. Thx
- nhtkidIron Contributor