![]() However, it's all subject to change without notice when a Mac is supervised, you should expect that new things could be installed by your company at any time.Īlso, look in System Preferences > Security and Privacy > Privacy to see which apps have access to which privileges. That will give you a pretty good idea of what's going on, assuming your company is not going to extreme measures to hide anything. No big surprise there I can also see it in /Applications. Which tells me that Sophos Anti-Virus is installed. For example, on my device I see this: - _extension.endpoint_securityĮnabled active teamID bundleID (version) name You'll likely see things like antivirus, VPNs, and security products in the extensions list. You can then research those specific products to see what they do. Ls -la /Library/LaunchAgents /Library/LaunchDaemons ~/Library/LaunchAgents In other words: it is safe to assume that your company has the ability to install arbitrary packages and run arbitrary scripts with root privileges.Ī good starting point to look further would be to run these commands in Terminal: systemextensionsctl list Some MDM solutions include a client binary that could also have lots of functionality built in, in addition to what the MDM protocol supports directly. Those applications could then do anything imaginable (which you will not necessarily be able to see). More importantly, it allows the company to push out applications. It does allow the organization to push configuration profiles to lock down and preconfigure some settings (which you would be able to see in System Preferences). It doesn't expose access to your files, usage patterns, or Apple ID. ![]() Jamf, Mosyle, Kandji, whatever), but that still won't tell you much about what your company's actually installing, unless you discover that they are using something stupid that doesn't have any features beyond the bare minimum.Īpple's MDM protocol by itself respects your privacy pretty well. You could go into System Preferences > Profiles to perhaps get an idea of which MDM solution is being used (e.g. The profiles command you posted doesn't really say anything except that the device is, indeed, managed with some MDM solution. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |