Jan 17 2023 07:41 AM
Hello Experts
I'm trying to roll out some Privacy Preferences Policy Controls for our macOS devices.
We have a requirement to make our main Mac users 'Standard' users once they have enrolled their Macs. After this, they cannot approve the Privacy Controls within their own user profiles.
Microsoft Endpoint Manager has introduced Settings Catalog within the Configuration Profiles for macOS. We should be able to set the Privacy Controls to automatically approve the setting for users for our most used applications, such as Microsoft Teams, where they require Accessibility and Screen Capture enabled in order to share and give remote control of their screen.
We have created a policy based on the recommendations from Apple for creating the XML/.mobileconfig files, translated these settings into what Microsoft Settings Catalog requires and published the policy to a test group. This all seems to have worked well and the policy is created.
The policy deployment fails on each item within the policy with a type 2 error : error code : 10022
The Mac logs give no suggestion that the policy install has even been attempted.
Endpoint Management portal gives no further information.
I'm hoping one of the Microsoft experts will come across this and be able to shed some light on how we can troubleshoot this further.
Thanks in advance
Steve
Jan 22 2023 11:42 AM
Hi @Statler ,
Could you try to use configure the privacy policies using and also please share the error screenshot
Best Regards,
Somesh
If you find this helpful and it answers your question, please mark it as an “Accepted Solution”.
Jan 23 2023 01:47 AM
Hi Somesh
I used that link to create the policy in conjunction with this
https://support.apple.com/en-gb/guide/deployment/dep38df53c2a/web
and this
https://support.apple.com/en-gb/guide/deployment/dep9ddb7e0b5/1/web/1.0
This is the screen grab of the errors
and the errors themselves
There is really nothing to go on and in this instance neither Google or Bing are my friend.... :(
Thanks
Steve
Feb 07 2023 04:06 AM
Feb 07 2023 08:42 AM - edited Feb 07 2023 08:43 AM
Thanks for the tag! If you continue facing an issue where current macOS policies are not working as expected, please open a support request via the Microsoft Endpoint Manager admin center's "Help and support" blade or any of the other methods here: aka.ms/IntuneSupport, as this will help provide our team with the necessary information to resolve the issue. Please send us a direct message with your support case number for further follow-up. Thanks!
Feb 08 2023 01:28 AM
Feb 13 2023 05:15 AM
Feb 13 2023 06:11 AM
Feb 27 2023 06:15 AM
Have You manged to sort the problem out ? i have been trying to add some permissions for MS Teams and i'm getting the same error :(
Regards
Zaidan
Feb 27 2023 06:26 AM - edited Feb 27 2023 06:27 AM
Working with the Microsoft InTune Engineers, I’ve been gradually stepping back through the technological advances and went right back to basics.
I created a .mobileconfig file using JAMF’s free PPPC Utility app and was able to apply that as a Custom Template, which seems to have worked for Microsoft Teams.
This is the result of my findings then from the newest Technology, working backward:
Option 3, while it appears to be the oldest technology and the one that has the most complicated steps, in terms of generating the .mobilconfig file does appear to work as required.
This is it so far.
I'm hoping for an update from the Intune Engineers this week.
HTH
Stephen
Feb 27 2023 06:33 AM
Feb 27 2023 07:16 AM - edited Feb 27 2023 07:52 AM
Sorry if you know this.
Create a new Profile
Then upload the file
You can make your own .mobileconfig files with the PPPC Utility
GitHub - jamf/PPPC-Utility: Privacy Preferences Policy Control (PPPC) Utility
Rgds
Stephen
Feb 27 2023 07:40 AM
Feb 27 2023 07:45 AM - edited Feb 27 2023 07:51 AM
It's now called Screen Recording in the Settings on the Mac
Looks like they haven't updated the XML to match
I've taken the file down as I've just noticed our Org name is shown in it.
I appreciate your discretion.
Feb 27 2023 07:49 AM
Feb 27 2023 08:39 AM
Apr 12 2023 12:16 PM
The work-around I used to eliminate the error code 10022 for SystemPolicyAllFiles Privacy Preferences Policy Control payload settings was to remove the Authorization key in the settings payload, since it shouldn't have this key when using the Allowed key.
As noted in Apple's MDM reference:
The Authorization key is an optional replacement for the Allowed key. Every payload must specify either Authorization or Allowed, but not both.
https://developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services/...
Sep 15 2023 03:10 PM
@rrenstrom
This fixed the issue for me.
I removed the "Authorized Parameter" and the policy started working.
Dec 26 2023 02:41 AM
@WyomingBound What is the authorization parameter in the code requirements? In the below image, I did not see any word called 'Authorization' or 'Allowed' in the code requirements. Kindly help me understand.
Jan 12 2024 03:02 AM
@WyomingBound Great post and the only one I can find online.
Im having problems with the screen capture for macOS. I tried removing the authorization option, it still didnt work, so I removed Allow (which is deprecated anyway) and left only authorization but still shows error 10022.
How can I have this enable screen capture (guess this covers screen sharing/recording) for teams? We're in a proof of concept of using macOS for our developers so I need these settings to work if we end up with 20 of them.