Kernel extensions are used to add features at the kernel-level and access parts of the OS that are inaccessible to regular programs. Currently, they are only supported by Intune for Intel-powered macOS devices.
Kernel extensions will not work on macOS devices with the Apple Silicon chip at the moment. We recommend you to only use system extensions for any macOS devices running 10.15 and later. Read Support Tip: Using system extensions instead of kernel extensions for macOS Catalina 10.15 in Intune to learn more.
If you are using the kernel extensions settings, consider excluding macOS devices with Apple Silicon chips from receiving the kernel extension profile, as these devices refuse to install a profile if the mobile device management (MDM) policy doesn’t have a bootstrap token escrowed. You can do this by adding a group of devices to the “Exclude groups” section in the “Assignments” step of creating a profile.
Example of the "Add groups" assignment option for macOS Extensions
For more information on system extensions in Intune:
- macOS extension settings in Microsoft Intune - Azure | Microsoft Docs
- Create macOS system and kernel extensions with Microsoft Intune - Azure | Microsoft Docs
Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.
Microsoft
