Question about uploading TeamViewer Host to MacOS via MDM Intune

RBPPHDeploy · 2024-10-09T09:05:50+00:00

There was an error rendering this rich post.

Hello, be there! | Cześć Wszystkim !

EN: I have a question and a request for help. I currently use the Intune MDM tool to deploy MacOS laptops and push the TeamViewer Host application on them for remote assistance in case of user issues. The problem is that I cannot create a custom configuration that will allow me to automatically select the option below without any intervention from the end user. Because asking the end user to do this i

PL:Mam pytanie i prośbę o pomoc. Obecnie używam narzędzia MDM Intune do wdrażania laptopów z MacOS i na nich mam wypychana aplikację TeamViewer Host do pomocy zdalnej w razie problemów użytkownika. Problem jest taki, że nie potrafię stworzyć konfiguracji niestandardowej, która pozwoli mi automatycznie bez ingerencji użytkownika końcowego zaznaczyć opcję jak poniżej. Ponieważ prośba użytkownika końcowego o wykonanie tej czynności jest problematyczna i wymaga podania hasła administratora komputera. Bardzo dziękuję za wasze podpowiedzi.

Find more posts tagged with

Microsoft Intune

TeamViewerHost

Accepted answers

All comments

MoreCoffee

@RBPPHDeploy Apple unfortunately does not provide a way to give Screen Recording consent through MDM.
Screen Recording consent needs to be given manually on each Mac.

Apple does provide a setting to let non-admin users give Screen Recording consent, so you can delegate this task to end users and enable them to give consent themselves. This can be done through the ScreenCapture Privacy Preferences Policy Control (PPPC) payload with Authorization set to AllowStandardUserToSetSystemService.

You can find an example on Apple's website: https://support.apple.com/guide/deployment/privacy-preferences-policy-control-custom-dep9ddb7e0b5/1/web/1.0#dep0ab57a6be
Note that the example currently seems to have a copy & paste error: There are two ScreenCapture sections in the example. You will only need one.

RBPPHDeploy

@MoreCoffee Thanks for the tip. I tried to change one of the options you suggested, unfortunately I have an error when implementing this configuration, it looks like I have it built incorrectly. Can you tell me where my mistake is? The configuration looks like this

MoreCoffee

@RBPPHDeploy What error are you getting and where?

The code signing requirements and bundle identifier look ok. I'm not sure what "Allowed" and "Static Code" do to the resulting config. There seems to be a "minus" button to the right of those – are they removable?

RBPPHDeploy

It seems to have worked after I removed these options :) Many thanks for your help