Learn how to edit the MDM profile to enable Full Disk Access on Symantec Data Loss Prevention (DLP) Endpoint Agent for Mac.

The DLP Agent is supported with use on macOS 10.15. 

• macOS 10.15: You must apply a hotfix to the DLP Agent 15.1 MP2 or 15.5 MP2
• macOS 11: You must be on DLP 15.7 MP2 or higher.

In addition to the hotfixes, DLP Agent support for macOS 10.15 and 11 also requires "Full Disk Access" for the Agent to work correctly. Full Disk Access is part of Apple's security framework for macOS, and the feature enables an application to scan all the files on an endpoint system. 

While individual users can allow or deny access for specific applications like the DLP Agent, you can bypass end-user prompts for allowing disk access by deploying an MDM device profile to users in your organization. The profile can configure security settings on endpoint systems that also have the DLP Agent. 

Update the MDM configuration values for the DLP Agent for macOS. To update MDM configuration values, use a third-party mobile device management (MDM) solution or Profile Manager, part of the macOS Server app.

Refer to the following information for values to update in the MDM profile:

The attached file (DLP-Agent_macOS10.15_MDM.rtf) provides the MDM configuration values in a version formatted as a plist file. You can copy the plist content into the MDM file you create. 

For more details, see the Configuration Profile Reference for Apple developers, especially the section "Privacy Preferences Policy Control Payload." 

References

MDM profiles may need the following details:
Symantec Team ID: 9PTGMPNXZ2 (in all versions earlier than those listed below)

Broadcom Team ID: Y2CCP3S9W7 (as of 15.7.0103 or 15.5.0213)