Using an MDM to grant the Kolide Agent Full Disk Access

Getting Started
Home / Getting Started / Using an MDM to grant the Kolide Agent Full Disk Access

Using an MDM to grant the Kolide Agent Full Disk Access

The Kolide Agent needs Full Disk Access (FDA) in order to assist with user-to-device association, identify evidence of plain text credentials, and to better inspect the system to understand the security of the device. If your organization uses MDM to manage its Macs, we have prepared a custom configuration profile that you can distribute that will grant the Kolide agent the correct permissions.

While you should consult your MDM provider’s documentation on how to correctly add the SystemPolicyAllFiles permissions for an app, this information should help you craft a profile.

Profile Versions:
As a heads up, which version of the profile you need depends on what version of the Kolide Agent you originally installed. This is because the FDA permission is inherited from what the macOS launchd starts, and not what the agent has updated to.

If you need assistance with these changes, please reach out to Support.

Agent Versions 0.13 and later (Includes 1.0)

This covers all agents since version 0.13, first released in December 2022. Be aware that if you’re using an MDM to distribute packages, you may have an older version being installed.

Key Information:

  • Identifier Type - bundleID
  • Identifier - com.kolide.agent
  • CodeRequirement - 'identifier "com.kolide.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X98UFR7HA3'

Example Profile:

<key>Services</key>
<dict>
    <key>SystemPolicyAllFiles</key>
    <array>
        <dict>
            <key>Allowed</key>
            <true />
            <key>CodeRequirement</key>
            <string>identifier "com.kolide.agent" and anchor apple generic and
            certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */
            and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */
            and certificate leaf[subject.OU] = X98UFR7HA3</string>
            <key>Comment</key>
            <string>Allow kolide access to device and user level files</string>
            <key>Identifier</key>
            <string>com.kolide.agent</string>
            <key>IdentifierType</key>
            <string>bundleID</string>
        </dict>
    </array>
</dict>

Agent Versions 0.12 and below

Key Information:

  • Identifier Type - path
  • Identifier - /usr/local/kolide-k2/bin/launcher
  • CodeRequirement - identifier launcher and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = YZ3EM74M78

Example Profile:

<key>Services</key>
<dict>
    <key>SystemPolicyAllFiles</key>
    <array>
        <dict>
            <key>Allowed</key>
            <true />
            <key>CodeRequirement</key>
            <string>identifier launcher and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = YZ3EM74M78</string>
            <key>Comment</key>
            <string>Allow kolide access to device and user level files</string>
            <key>Identifier</key>
            <string>/usr/local/kolide-k2/bin/launcher</string>
            <key>IdentifierType</key>
            <string>path</string>
        </dict>
    </array>
</dict>